Main Vulnerability Database SB2026040335

SB2026040335 - openEuler 24.03 LTS SP2 update for kernel

Published: April 3, 2026

Security Bulletin ID SB2026040335

Severity

Low

Patch available

YES

Number of vulnerabilities 38

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 38 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2025-68214)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __try_to_del_timer_sync() function in kernel/time/timer.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2025-68817)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_tree_disconnect() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.

3) Out-of-bounds read (CVE-ID: CVE-2025-71077)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.

4) Infinite loop (CVE-ID: CVE-2025-71134)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the buddy_merge_likely(), __free_one_page() and pageblock_unisolate_and_move_free_pages() functions in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.

5) Improper locking (CVE-ID: CVE-2025-71152)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dsa_port_parse_of(), dev_find_class(), dsa_switch_release_ports() and dsa_switch_shutdown() functions in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2025-71154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.

7) Double free (CVE-ID: CVE-2025-71238)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the qla2x00_update_optrom() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.

8) Buffer overflow (CVE-ID: CVE-2026-22978)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the compat_private_call() function in net/wireless/wext-priv.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2026-22980)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/nfsd/state.h. A local user can escalate privileges on the system.

10) Input validation error (CVE-ID: CVE-2026-22990)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the osdmap_apply_incremental() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2026-22992)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mon_handle_auth_done() function in net/ceph/mon_client.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2026-23060)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.

13) Integer underflow (CVE-ID: CVE-2026-23069)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the virtio_transport_get_credit(), virtio_transport_seqpacket_has_data(), virtio_transport_stream_has_space() and virtio_transport_space_update() functions in net/vmw_vsock/virtio_transport_common.c. A local user can execute arbitrary code.

14) Improper locking (CVE-ID: CVE-2026-23071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the regmap_lock_hwlock_irq() function in drivers/base/regmap/regmap.c. A local user can perform a denial of service (DoS) attack.

15) Use-after-free (CVE-ID: CVE-2026-23086)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_seqpacket_dequeue(), virtio_transport_seqpacket_enqueue() and virtio_transport_has_space() functions in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

16) Out-of-bounds read (CVE-ID: CVE-2026-23099)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_enslave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

17) Improper locking (CVE-ID: CVE-2026-23103)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipvlan_port_create(), ipvlan_uninit(), ipvlan_open(), ipvlan_stop(), ipvlan_link_new(), ipvlan_link_delete(), ipvlan_add_addr(), ipvlan_del_addr(), ipvlan_add_addr6(), ipvlan_addr6_validator_event() and ipvlan_addr4_validator_event() functions in drivers/net/ipvlan/ipvlan_main.c. A local user can perform a denial of service (DoS) attack.

18) Input validation error (CVE-ID: CVE-2026-23105)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qfq_rm_from_agg() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.

19) Use-after-free (CVE-ID: CVE-2026-23111)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nft_map_catchall_activate() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

20) Race condition within a thread (CVE-ID: CVE-2026-23120)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the l2tp_tunnel_del_work() function in net/l2tp/l2tp_core.c. A local user can corrupt data.

21) Improper locking (CVE-ID: CVE-2026-23124)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ndisc_router_discovery() function in net/ipv6/ndisc.c. A local user can perform a denial of service (DoS) attack.

22) Improper locking (CVE-ID: CVE-2026-23126)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/net/netdevsim/netdevsim.h. A local user can perform a denial of service (DoS) attack.

23) Buffer overflow (CVE-ID: CVE-2026-23133)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the _ath10k_ce_free_pipe() and _ath10k_ce_free_pipe_64() functions in drivers/net/wireless/ath/ath10k/ce.c. A local user can perform a denial of service (DoS) attack.

24) Infinite loop (CVE-ID: CVE-2026-23136)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the osd_fault() function in net/ceph/osd_client.c. A local user can perform a denial of service (DoS) attack.

25) Memory leak (CVE-ID: CVE-2026-23137)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the attach_node_and_children() and unittest_data_add() functions in drivers/of/unittest.c. A local user can perform a denial of service (DoS) attack.

26) Incorrect calculation (CVE-ID: CVE-2026-23139)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __nf_conncount_add() function in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.

27) Memory leak (CVE-ID: CVE-2026-23145)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ext4_xattr_inode_update_ref() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.

28) Input validation error (CVE-ID: CVE-2026-23154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tcp6_gso_segment() function in net/ipv6/tcpv6_offload.c. A local user can perform a denial of service (DoS) attack.

29) Use of uninitialized resource (CVE-ID: CVE-2026-23156)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the efivar_entry_get() function in fs/efivarfs/vars.c. A local user can perform a denial of service (DoS) attack.

30) Improper locking (CVE-ID: CVE-2026-23169)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __reset_counters() function in net/mptcp/pm_kernel.c. A local user can perform a denial of service (DoS) attack.

31) NULL pointer dereference (CVE-ID: CVE-2026-23173)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_del_fdb_peer_flow() and mlx5e_tc_num_filters() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.

32) Use-after-free (CVE-ID: CVE-2026-23191)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.

33) Memory leak (CVE-ID: CVE-2026-23198)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the irqfd_shutdown(), irqfd_wakeup() and kvm_irqfd_deassign() functions in virt/kvm/eventfd.c. A local user can perform a denial of service (DoS) attack.

34) Out-of-bounds read (CVE-ID: CVE-2026-23204)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the u32_classify() function in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.

35) Out-of-bounds read (CVE-ID: CVE-2026-23208)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the prepare_playback_urb() function in sound/usb/pcm.c. A local user can perform a denial of service (DoS) attack.

36) Input validation error (CVE-ID: CVE-2026-23212)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/net/bonding.h. A local user can perform a denial of service (DoS) attack.

37) Use-after-free (CVE-ID: CVE-2026-23221)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can escalate privileges on the system.

38) Input validation error (CVE-ID: CVE-2026-23230)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/smb/client/cached_dir.h. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1833

Vulnerable Software

openEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-145.0.0.141
python3-perf: before 6.6.0-145.0.0.141
perf-debuginfo: before 6.6.0-145.0.0.141
perf: before 6.6.0-145.0.0.141
kernel-tools-devel: before 6.6.0-145.0.0.141
kernel-tools-debuginfo: before 6.6.0-145.0.0.141
kernel-tools: before 6.6.0-145.0.0.141
kernel-source: before 6.6.0-145.0.0.141
kernel-headers: before 6.6.0-145.0.0.141
kernel-extra-modules: before 6.6.0-145.0.0.141
kernel-devel: before 6.6.0-145.0.0.141
kernel-debugsource: before 6.6.0-145.0.0.141
kernel-debuginfo: before 6.6.0-145.0.0.141
bpftool-debuginfo: before 6.6.0-145.0.0.141
bpftool: before 6.6.0-145.0.0.141
kernel: before 6.6.0-145.0.0.141

SB2026040335 - openEuler 24.03 LTS SP2 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human