Main Vulnerability Database SB2026031533

SB2026031533 - openEuler 24.03 LTS SP2 update for kernel

Published: March 15, 2026

Security Bulletin ID SB2026031533

Severity

Low

Patch available

YES

Number of vulnerabilities 73

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 73 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2024-57974)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the compute_score() and __udp6_lib_lookup() functions in net/ipv6/udp.c, within the udp_ehashfn() and __udp4_lib_lookup() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

2) Resource management error (CVE-ID: CVE-2025-22090)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the copy_page_range() function in mm/memory.c, within the vm_area_dup() function in kernel/fork.c, within the get_pat_info() and untrack_pfn() functions in arch/x86/mm/pat/memtype.c. A local user can perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2025-38491)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2025-38627)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lzo_decompress_pages(), lz4_decompress_pages(), zstd_init_decompress_ctx(), zstd_decompress_pages(), f2fs_release_decomp_mem(), f2fs_end_read_compressed_page(), allow_memalloc_for_decomp(), f2fs_prepare_decomp_mem(), f2fs_alloc_dic(), f2fs_free_dic() and f2fs_put_dic() functions in fs/f2fs/compress.c. A local user can escalate privileges on the system.

5) Input validation error (CVE-ID: CVE-2025-38660)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the parse_longname() function in fs/ceph/crypto.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2025-39764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ctnetlink_expect_event(), ctnetlink_exp_dump_table(), ctnetlink_exp_ct_dump_table(), ctnetlink_dump_exp_ct() and ctnetlink_get_expect() functions in net/netfilter/nf_conntrack_netlink.c. A local user can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2025-39902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the object_err() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.

8) Memory leak (CVE-ID: CVE-2025-39948)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drivers/net/ethernet/intel/ice/ice_txrx.h. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2025-40323)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/linux/fbcon.h. A local user can escalate privileges on the system.

10) Improper locking (CVE-ID: CVE-2025-40329)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_sched_entity_error() and drm_sched_entity_kill_jobs_cb() functions in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2025-68192)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

12) Improper locking (CVE-ID: CVE-2025-68194)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the send_packet(), usb_rx_callback_intf0() and usb_rx_callback_intf1() functions in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.

13) Memory leak (CVE-ID: CVE-2025-68204)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the scmi_pd_power_off() and scmi_pm_domain_probe() functions in drivers/firmware/arm_scmi/scmi_pm_domain.c. A local user can perform a denial of service (DoS) attack.

14) NULL pointer dereference (CVE-ID: CVE-2025-68209)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/mlx5/cq.h. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2025-68211)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the should_skip_rmap_item() and scan_get_next_rmap_item() functions in mm/ksm.c. A local user can perform a denial of service (DoS) attack.

16) Infinite loop (CVE-ID: CVE-2025-68231)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the check_element() and poison_element() functions in mm/mempool.c. A local user can perform a denial of service (DoS) attack.

17) Integer overflow (CVE-ID: CVE-2025-68237)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the mtdchar_write_ioctl() and mtdchar_read_ioctl() functions in drivers/mtd/mtdchar.c. A local user can execute arbitrary code.

18) Use-after-free (CVE-ID: CVE-2025-68282)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/linux/usb/gadget.h. A local user can escalate privileges on the system.

19) NULL pointer dereference (CVE-ID: CVE-2025-68293)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the split_huge_page_to_list_to_order() function in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

20) Input validation error (CVE-ID: CVE-2025-68313)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.

21) Improper locking (CVE-ID: CVE-2025-68768)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip_expire() function in net/ipv4/ip_fragment.c. A local user can perform a denial of service (DoS) attack.

22) Out-of-bounds read (CVE-ID: CVE-2025-68785)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the validate_and_copy_set_tun() and __ovs_nla_copy_actions() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.

23) Out-of-bounds read (CVE-ID: CVE-2025-68819)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dtv5100_i2c_msg() function in drivers/media/usb/dvb-usb/dtv5100.c. A local user can perform a denial of service (DoS) attack.

24) Use-after-free (CVE-ID: CVE-2025-68822)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alps_disconnect() function in drivers/input/mouse/alps.c. A local user can escalate privileges on the system.

25) Improper locking (CVE-ID: CVE-2025-71065)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_save_errors() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

26) Buffer overflow (CVE-ID: CVE-2025-71068)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the svc_rdma_copy_inline_range() function in net/sunrpc/xprtrdma/svc_rdma_rw.c. A local user can perform a denial of service (DoS) attack.

27) NULL pointer dereference (CVE-ID: CVE-2025-71083)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ttm_bo_vm_access() function in drivers/gpu/drm/ttm/ttm_bo_vm.c. A local user can perform a denial of service (DoS) attack.

28) Improper resource shutdown or release (CVE-ID: CVE-2025-71084)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the destroy_mc() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.

29) Improper error handling (CVE-ID: CVE-2025-71091)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __team_queue_override_enabled_check() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.

30) NULL pointer dereference (CVE-ID: CVE-2025-71096)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ib_nl_handle_ip_res_resp() function in drivers/infiniband/core/addr.c. A local user can perform a denial of service (DoS) attack.

31) Memory leak (CVE-ID: CVE-2025-71097)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fib_table_flush() function in net/ipv4/fib_trie.c. A local user can perform a denial of service (DoS) attack.

32) NULL pointer dereference (CVE-ID: CVE-2025-71118)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ns_walk_namespace() function in drivers/acpi/acpica/nswalk.c. A local user can perform a denial of service (DoS) attack.

33) NULL pointer dereference (CVE-ID: CVE-2025-71120)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.

34) Resource management error (CVE-ID: CVE-2025-71129)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/loongarch/net/bpf_jit.h. A local user can perform a denial of service (DoS) attack.

35) Improper error handling (CVE-ID: CVE-2025-71141)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the drivers/gpu/drm/tilcdc/tilcdc_drv.h. A local user can perform a denial of service (DoS) attack.

36) Memory leak (CVE-ID: CVE-2025-71186)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the stm32_dmamux_route_allocate() function in drivers/dma/stm32-dmamux.c. A local user can perform a denial of service (DoS) attack.

37) Input validation error (CVE-ID: CVE-2025-71220)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the create_smb2_pipe() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

38) Use-after-free (CVE-ID: CVE-2025-71221)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mmp_pdma_residue() function in drivers/dma/mmp_pdma.c. A local user can escalate privileges on the system.

39) Memory leak (CVE-ID: CVE-2025-71223)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smb2_open() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

40) Use-after-free (CVE-ID: CVE-2025-71225)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid_disks_store() function in drivers/md/md.c. A local user can escalate privileges on the system.

41) Improper locking (CVE-ID: CVE-2025-71232)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qla_fab_async_scan() function in drivers/scsi/qla2xxx/qla_gs.c. A local user can perform a denial of service (DoS) attack.

42) Use-after-free (CVE-ID: CVE-2025-71235)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qla2x00_wait_for_hba_ready() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

43) Use-after-free (CVE-ID: CVE-2025-71236)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qla_fab_async_scan() function in drivers/scsi/qla2xxx/qla_gs.c. A local user can escalate privileges on the system.

44) Memory leak (CVE-ID: CVE-2026-22977)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sock_enable_timestamp() and sock_recv_errqueue() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.

45) Memory leak (CVE-ID: CVE-2026-22979)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the skb_segment_list() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.

46) Out-of-bounds read (CVE-ID: CVE-2026-22984)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the process_auth_done() function in net/ceph/messenger_v2.c. A local user can perform a denial of service (DoS) attack.

47) Use-after-free (CVE-ID: CVE-2026-22991)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_choose_arg_map() function in net/ceph/osdmap.c. A local user can escalate privileges on the system.

48) Use-after-free (CVE-ID: CVE-2026-22999)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qfq_change_class() function in net/sched/sch_qfq.c. A local user can escalate privileges on the system.

49) Use of uninitialized resource (CVE-ID: CVE-2026-23003)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.

50) Use-after-free (CVE-ID: CVE-2026-23010)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inet6_addr_del() function in net/ipv6/addrconf.c. A local user can escalate privileges on the system.

51) Improper error handling (CVE-ID: CVE-2026-23011)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ipgre_header() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.

52) Memory leak (CVE-ID: CVE-2026-23021)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the update_eth_regs_async() function in drivers/net/usb/pegasus.c. A local user can perform a denial of service (DoS) attack.

53) Improper locking (CVE-ID: CVE-2026-23025)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __pcp_trylock_noop(), rmqueue_bulk(), decay_pcp_high(), drain_zone_pages(), drain_pages_zone() and zone_pcp_update_cacheinfo() functions in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.

54) Memory leak (CVE-ID: CVE-2026-23032)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nullb_add_fault_config() and nullb_group_drop_item() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

55) Memory leak (CVE-ID: CVE-2026-23038)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs4_ff_alloc_deviceid_node() function in fs/nfs/flexfilelayout/flexfilelayoutdev.c. A local user can perform a denial of service (DoS) attack.

56) Input validation error (CVE-ID: CVE-2026-23047)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the calc_target() function in net/ceph/osd_client.c. A local user can perform a denial of service (DoS) attack.

57) Improper locking (CVE-ID: CVE-2026-23050)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/nfs/pnfs.h. A local user can perform a denial of service (DoS) attack.

58) Buffer overflow (CVE-ID: CVE-2026-23054)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the netvsc_set_rxfh() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

59) Buffer overflow (CVE-ID: CVE-2026-23059)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla27xx_copy_multiple_pkt() and qla27xx_copy_fpin_pkt() functions in drivers/scsi/qla2xxx/qla_isr.c. A local user can escalate privileges on the system.

60) NULL pointer dereference (CVE-ID: CVE-2026-23084)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the be_cmd_get_perm_mac() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.

61) Resource management error (CVE-ID: CVE-2026-23085)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_mapd_cmd(), its_build_vmapp_cmd() and its_setup_baser() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

62) Input validation error (CVE-ID: CVE-2026-23094)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the isolate_strategy_show() and isolate_strategy_store() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.

63) Improper locking (CVE-ID: CVE-2026-23097)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the unmap_and_move_huge_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.

64) Race condition (CVE-ID: CVE-2026-23110)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the scsi_dec_host_busy() function in drivers/scsi/scsi_lib.c. A local user can escalate privileges on the system.

65) Input validation error (CVE-ID: CVE-2026-23112)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nvmet_tcp_free_cmd_buffers() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

66) NULL pointer dereference (CVE-ID: CVE-2026-23163)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_gmc_filter_faults_remove() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c. A local user can perform a denial of service (DoS) attack.

67) Improper locking (CVE-ID: CVE-2026-23179)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvmet_tcp_listen_data_ready() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

68) Memory leak (CVE-ID: CVE-2026-23190)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the acp_pdm_dma_close() function in sound/soc/amd/renoir/acp3x-pdm-dma.c. A local user can perform a denial of service (DoS) attack.

69) Use-after-free (CVE-ID: CVE-2026-23193)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iscsit_dec_session_usage_count() function in drivers/target/iscsi/iscsi_target_util.c. A local user can escalate privileges on the system.

70) Memory leak (CVE-ID: CVE-2026-23205)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smb2_open_file() function in fs/smb/client/smb2file.c. A local user can perform a denial of service (DoS) attack.

71) Use-after-free (CVE-ID: CVE-2026-23216)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iscsit_dec_conn_usage_count() function in drivers/target/iscsi/iscsi_target_util.c. A local user can escalate privileges on the system.

72) Infinite loop (CVE-ID: CVE-2026-23220)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __process_request() function in fs/smb/server/server.c. A local user can perform a denial of service (DoS) attack.

73) Memory leak (CVE-ID: CVE-2026-23228)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ksmbd_tcp_new_connection() function in fs/smb/server/transport_tcp.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1567

Vulnerable Software

openEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-142.0.0.137
python3-perf: before 6.6.0-142.0.0.137
perf-debuginfo: before 6.6.0-142.0.0.137
perf: before 6.6.0-142.0.0.137
kernel-tools-devel: before 6.6.0-142.0.0.137
kernel-tools-debuginfo: before 6.6.0-142.0.0.137
kernel-tools: before 6.6.0-142.0.0.137
kernel-source: before 6.6.0-142.0.0.137
kernel-headers: before 6.6.0-142.0.0.137
kernel-extra-modules: before 6.6.0-142.0.0.137
kernel-devel: before 6.6.0-142.0.0.137
kernel-debugsource: before 6.6.0-142.0.0.137
kernel-debuginfo: before 6.6.0-142.0.0.137
bpftool-debuginfo: before 6.6.0-142.0.0.137
bpftool: before 6.6.0-142.0.0.137
kernel: before 6.6.0-142.0.0.137

SB2026031533 - openEuler 24.03 LTS SP2 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human