SB2026040336 - openEuler 24.03 LTS update for kernel
Published: April 3, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 37 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-68817)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_tree_disconnect() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
2) Out-of-bounds read (CVE-ID: CVE-2025-71077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/tpm.h. A local user can perform a denial of service (DoS) attack.
3) Infinite loop (CVE-ID: CVE-2025-71134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the buddy_merge_likely(), __free_one_page() and pageblock_unisolate_and_move_free_pages() functions in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.
4) Improper locking (CVE-ID: CVE-2025-71152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dsa_port_parse_of(), dev_find_class(), dsa_switch_release_ports() and dsa_switch_shutdown() functions in net/dsa/dsa.c. A local user can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2025-71154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the async_set_registers() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.
6) Double free (CVE-ID: CVE-2025-71238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the qla2x00_update_optrom() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.
7) Buffer overflow (CVE-ID: CVE-2026-22978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the compat_private_call() function in net/wireless/wext-priv.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2026-22980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/nfsd/state.h. A local user can escalate privileges on the system.
9) Input validation error (CVE-ID: CVE-2026-22990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the osdmap_apply_incremental() function in net/ceph/osdmap.c. A local user can perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2026-22992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mon_handle_auth_done() function in net/ceph/mon_client.c. A local user can perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
12) Integer underflow (CVE-ID: CVE-2026-23069)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the virtio_transport_get_credit(), virtio_transport_seqpacket_has_data(), virtio_transport_stream_has_space() and virtio_transport_space_update() functions in net/vmw_vsock/virtio_transport_common.c. A local user can execute arbitrary code.
13) Improper locking (CVE-ID: CVE-2026-23071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the regmap_lock_hwlock_irq() function in drivers/base/regmap/regmap.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2026-23086)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_seqpacket_dequeue(), virtio_transport_seqpacket_enqueue() and virtio_transport_has_space() functions in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
15) Out-of-bounds read (CVE-ID: CVE-2026-23099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_enslave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2026-23103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_port_create(), ipvlan_uninit(), ipvlan_open(), ipvlan_stop(), ipvlan_link_new(), ipvlan_link_delete(), ipvlan_add_addr(), ipvlan_del_addr(), ipvlan_add_addr6(), ipvlan_addr6_validator_event() and ipvlan_addr4_validator_event() functions in drivers/net/ipvlan/ipvlan_main.c. A local user can perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2026-23105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qfq_rm_from_agg() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2026-23111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_map_catchall_activate() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
19) Race condition within a thread (CVE-ID: CVE-2026-23120)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the l2tp_tunnel_del_work() function in net/l2tp/l2tp_core.c. A local user can corrupt data.
20) Improper locking (CVE-ID: CVE-2026-23124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ndisc_router_discovery() function in net/ipv6/ndisc.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2026-23126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/net/netdevsim/netdevsim.h. A local user can perform a denial of service (DoS) attack.
22) Buffer overflow (CVE-ID: CVE-2026-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the _ath10k_ce_free_pipe() and _ath10k_ce_free_pipe_64() functions in drivers/net/wireless/ath/ath10k/ce.c. A local user can perform a denial of service (DoS) attack.
23) Infinite loop (CVE-ID: CVE-2026-23136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the osd_fault() function in net/ceph/osd_client.c. A local user can perform a denial of service (DoS) attack.
24) Memory leak (CVE-ID: CVE-2026-23137)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the attach_node_and_children() and unittest_data_add() functions in drivers/of/unittest.c. A local user can perform a denial of service (DoS) attack.
25) Incorrect calculation (CVE-ID: CVE-2026-23139)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __nf_conncount_add() function in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.
26) Memory leak (CVE-ID: CVE-2026-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_inode_update_ref() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
27) Input validation error (CVE-ID: CVE-2026-23154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tcp6_gso_segment() function in net/ipv6/tcpv6_offload.c. A local user can perform a denial of service (DoS) attack.
28) Use of uninitialized resource (CVE-ID: CVE-2026-23156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the efivar_entry_get() function in fs/efivarfs/vars.c. A local user can perform a denial of service (DoS) attack.
29) Improper locking (CVE-ID: CVE-2026-23169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __reset_counters() function in net/mptcp/pm_kernel.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2026-23173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_del_fdb_peer_flow() and mlx5e_tc_num_filters() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2026-23191)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.
32) Memory leak (CVE-ID: CVE-2026-23198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the irqfd_shutdown(), irqfd_wakeup() and kvm_irqfd_deassign() functions in virt/kvm/eventfd.c. A local user can perform a denial of service (DoS) attack.
33) Out-of-bounds read (CVE-ID: CVE-2026-23204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the u32_classify() function in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.
34) Out-of-bounds read (CVE-ID: CVE-2026-23208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the prepare_playback_urb() function in sound/usb/pcm.c. A local user can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2026-23212)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/net/bonding.h. A local user can perform a denial of service (DoS) attack.
36) Use-after-free (CVE-ID: CVE-2026-23221)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can escalate privileges on the system.
37) Input validation error (CVE-ID: CVE-2026-23230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/smb/client/cached_dir.h. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.