SB2026070615 - openEuler 24.03 LTS SP1 update for kernel
Published: July 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2026-23346)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the ioremap_prot() function when handling memory protection settings from user mappings. A local user can trigger access to a specially crafted user memory region to cause a kernel memory access violation, leading to a system crash.
The issue specifically affects arm64 systems where user page protection flags are incorrectly processed during physical memory access, resulting in an unreadable memory access from kernel space.
2) Out-of-bounds write (CVE-ID: CVE-2026-23377)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the ice driver's XDP RxQ configuration when handling XDP buffer size parameters. A local user can trigger a negative tailroom condition by using the XDP_ADJUST_TAIL_GROW_MULTI_BUFF xskxceiver test with a large packet size and offset to cause a kernel panic.
The issue arises specifically from incorrect assumptions about buffer size in the frag_size field, leading to memory corruption during XDP processing.
3) Race condition (CVE-ID: CVE-2026-31466)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in softleaf_to_folio() and softleaf_to_page() when handling migration entries during concurrent folio splitting and zap_nonpresent_ptes() processing. A local user can trigger the race to cause a denial of service.
The issue can result in VM_WARN_ON_ONCE() being triggered, and on systems before commit 93976a20345b it can manifest as a BUG_ON().
4) Race condition (CVE-ID: CVE-2026-31508)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in the openvswitch port teardown code when unregistering a netdevice. A local user can trigger netdevice unregistration to cause a denial of service.
The issue can occur on PREEMPT_RT kernels if the device is freed before unregistration completes.
5) Integer overflow (CVE-ID: CVE-2026-43323)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an integer overflow in the CFS scheduler when handling repeated yield operations across runnable tasks. A local user can trigger repeated yield activity to cause a denial of service.
Systems with multiple cgroups may be more exposed because scheduler tick updates may not reach every cgroup in a timely manner.
6) Race condition (CVE-ID: CVE-2026-43448)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in nvme_poll_irqdisable() when handling concurrent device disable and IRQ polling operations. A local user can trigger the race to cause a denial of service.
The issue can lead to an unbalanced IRQ enable warning in the kernel.
Remediation
Install update from vendor's website.