{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()\n\nI found a null pointer reference in arch_prepare_kprobe():\n\n # echo 'p cmdline_proc_show' > kprobe_events\n # echo 'p cmdline_proc_show+16' >> kprobe_events\n Kernel attempted to read user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on read at 0x00000000\n Faulting instruction address: 0xc000000000050bfc\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\n Modules linked in:\n CPU: 0 PID: 122 Comm: sh Not tainted 6.0.0-rc3-00007-gdcf8e5633e2e #10\n NIP: c000000000050bfc LR: c000000000050bec CTR: 0000000000005bdc\n REGS: c0000000348475b0 TRAP: 0300 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)\n MSR: 9000000000009033 CR: 88002444 XER: 20040006\n CFAR: c00000000022d100 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 0\n ...\n NIP arch_prepare_kprobe+0x10c/0x2d0\n LR arch_prepare_kprobe+0xfc/0x2d0\n Call Trace:\n 0xc0000000012f77a0 (unreliable)\n register_kprobe+0x3c0/0x7a0\n __register_trace_kprobe+0x140/0x1a0\n __trace_kprobe_create+0x794/0x1040\n trace_probe_create+0xc4/0xe0\n create_or_delete_trace_kprobe+0x2c/0x80\n trace_parse_run_command+0xf0/0x210\n probes_write+0x20/0x40\n vfs_write+0xfc/0x450\n ksys_write+0x84/0x140\n system_call_exception+0x17c/0x3a0\n system_call_vectored_common+0xe8/0x278\n --- interrupt: 3000 at 0x7fffa5682de0\n NIP: 00007fffa5682de0 LR: 0000000000000000 CTR: 0000000000000000\n REGS: c000000034847e80 TRAP: 3000 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)\n MSR: 900000000280f033 CR: 44002408 XER: 00000000\n\nThe address being probed has some special:\n\n cmdline_proc_show: Probe based on ftrace\n cmdline_proc_show+16: Probe for the next instruction at the ftrace location\n\nThe ftrace-based kprobe does not generate kprobe::ainsn::insn, it gets\nset to NULL. In arch_prepare_kprobe() it will check for:\n\n ...\n prev = get_kprobe(p->addr - 1);\n preempt_enable_no_resched();\n if (prev && ppc_inst_prefixed(ppc_inst_read(prev->ainsn.insn))) {\n ...\n\nIf prev is based on ftrace, 'ppc_inst_read(prev->ainsn.insn)' will occur\nwith a null pointer reference. At this point prev->addr will not be a\nprefixed instruction, so the check can be skipped.\n\nCheck if prev is ftrace-based kprobe before reading 'prev->ainsn.insn'\nto fix this problem.\n\n[mpe: Trim oops](CVE-2022-50635)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nerofs: validate the extent length for uncompressed pclusters\n\nsyzkaller reported a KASAN use-after-free:\nhttps://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2\n\nThe referenced fuzzed image actually has two issues:\n - m_pa == 0 as a non-inlined pcluster;\n - The logical length is longer than its physical length.\n\nThe first issue has already been addressed. This patch addresses\nthe second issue by checking the extent length validity.(CVE-2022-50746)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric's ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket's sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket's TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n (CVE-2023-53781)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: fix slab-use-after-free in decode_session6\n\nWhen ipv6_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ipv6_vti device sends IPv6 packets.\n\nThe stack information is as follows:\nBUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890\nRead of size 1 at addr ffff88802e08edc2 by task swapper/0/0\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0-next-20230707-00001-g84e2cad7f979 #410\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0xd9/0x150\nprint_address_description.constprop.0+0x2c/0x3c0\nkasan_report+0x11d/0x130\ndecode_session6+0x103f/0x1890\n__xfrm_decode_session+0x54/0xb0\nvti6_tnl_xmit+0x3e6/0x1ee0\ndev_hard_start_xmit+0x187/0x700\nsch_direct_xmit+0x1a3/0xc30\n__qdisc_run+0x510/0x17a0\n__dev_queue_xmit+0x2215/0x3b10\nneigh_connected_output+0x3c2/0x550\nip6_finish_output2+0x55a/0x1550\nip6_finish_output+0x6b9/0x1270\nip6_output+0x1f1/0x540\nndisc_send_skb+0xa63/0x1890\nndisc_send_rs+0x132/0x6f0\naddrconf_rs_timer+0x3f1/0x870\ncall_timer_fn+0x1a0/0x580\nexpire_timers+0x29b/0x4b0\nrun_timer_softirq+0x326/0x910\n__do_softirq+0x1d4/0x905\nirq_exit_rcu+0xb7/0x120\nsysvec_apic_timer_interrupt+0x97/0xc0\n\nAllocated by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\n__kasan_slab_alloc+0x7f/0x90\nkmem_cache_alloc_node+0x1cd/0x410\nkmalloc_reserve+0x165/0x270\n__alloc_skb+0x129/0x330\nnetlink_sendmsg+0x9b1/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\nkasan_save_free_info+0x2b/0x40\n____kasan_slab_free+0x160/0x1c0\nslab_free_freelist_hook+0x11b/0x220\nkmem_cache_free+0xf0/0x490\nskb_free_head+0x17f/0x1b0\nskb_release_data+0x59c/0x850\nconsume_skb+0xd2/0x170\nnetlink_unicast+0x54f/0x7f0\nnetlink_sendmsg+0x926/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nThe buggy address belongs to the object at ffff88802e08ed00\nwhich belongs to the cache skbuff_small_head of size 640\nThe buggy address is located 194 bytes inside of\nfreed 640-byte region [ffff88802e08ed00, ffff88802e08ef80)\n\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)->nhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.(CVE-2023-53821)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on direct node in truncate_dnode()\n\nsyzbot reports below bug:\n\nBUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\nRead of size 4 at addr ffff88802a25c000 by task syz-executor148/5000\n\nCPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351\n print_report mm/kasan/report.c:462 [inline]\n kasan_report+0x11c/0x130 mm/kasan/report.c:572\n f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\n truncate_dnode+0x229/0x2e0 fs/f2fs/node.c:944\n f2fs_truncate_inode_blocks+0x64b/0xde0 fs/f2fs/node.c:1154\n f2fs_do_truncate_blocks+0x4ac/0xf30 fs/f2fs/file.c:721\n f2fs_truncate_blocks+0x7b/0x300 fs/f2fs/file.c:749\n f2fs_truncate.part.0+0x4a5/0x630 fs/f2fs/file.c:799\n f2fs_truncate include/linux/fs.h:825 [inline]\n f2fs_setattr+0x1738/0x2090 fs/f2fs/file.c:1006\n notify_change+0xb2c/0x1180 fs/attr.c:483\n do_truncate+0x143/0x200 fs/open.c:66\n handle_truncate fs/namei.c:3295 [inline]\n do_open fs/namei.c:3640 [inline]\n path_openat+0x2083/0x2750 fs/namei.c:3791\n do_filp_open+0x1ba/0x410 fs/namei.c:3818\n do_sys_openat2+0x16d/0x4c0 fs/open.c:1356\n do_sys_open fs/open.c:1372 [inline]\n __do_sys_creat fs/open.c:1448 [inline]\n __se_sys_creat fs/open.c:1442 [inline]\n __x64_sys_creat+0xcd/0x120 fs/open.c:1442\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is, inodeA references inodeB via inodeB's ino, once inodeA\nis truncated, it calls truncate_dnode() to truncate data blocks in inodeB's\nnode page, it traverse mapping data from node->i.i_addr[0] to\nnode->i.i_addr[ADDRS_PER_BLOCK() - 1], result in out-of-boundary access.\n\nThis patch fixes to add sanity check on dnode page in truncate_dnode(),\nso that, it can help to avoid triggering such issue, and once it encounters\nsuch issue, it will record newly introduced ERROR_INVALID_NODE_REFERENCE\nerror into superblock, later fsck can detect such issue and try repairing.\n\nAlso, it removes f2fs_truncate_data_blocks() for cleanup due to the\nfunction has only one caller, and uses f2fs_truncate_data_blocks_range()\ninstead.(CVE-2023-53846)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: correct grp validation in ext4_mb_good_group\n\nGroup corruption check will access memory of grp and will trigger kernel\ncrash if grp is NULL. So do NULL check before corruption check.(CVE-2023-53861)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don't collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc'ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn->cdev->dbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware's return value to the maximum\nnumber of legal elements the firmware should return.(CVE-2025-39949)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.(CVE-2025-39969)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check 'greater or equal' to prevent OOB dereference.(CVE-2025-39970)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: reject negative file sizes in squashfs_read_inode()\n\nSyskaller reports a \"WARNING in ovl_copy_up_file\" in overlayfs.\n\nThis warning is ultimately caused because the underlying Squashfs file\nsystem returns a file with a negative file size.\n\nThis commit checks for a negative file size and returns EINVAL.\n\n[(CVE-2025-40200)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure XFD state on signal delivery\n\nSean reported [1] the following splat when running KVM tests:\n\n WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70\n Call Trace:\n \n fpu__clear_user_states+0x9c/0x100\n arch_do_signal_or_restart+0x142/0x210\n exit_to_user_mode_loop+0x55/0x100\n do_syscall_64+0x205/0x2c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nChao further identified [2] a reproducible scenario involving signal\ndelivery: a non-AMX task is preempted by an AMX-enabled task which\nmodifies the XFD MSR.\n\nWhen the non-AMX task resumes and reloads XSTATE with init values,\na warning is triggered due to a mismatch between fpstate::xfd and the\nCPU's current XFD state. fpu__clear_user_states() does not currently\nre-synchronize the XFD state after such preemption.\n\nInvoke xfd_update_state() which detects and corrects the mismatch if\nthere is a dynamic feature.\n\nThis also benefits the sigreturn path, as fpu__restore_sig() may call\nfpu__clear_user_states() when the sigframe is inaccessible.\n\n[ dhansen: minor changelog munging ](CVE-2025-68171)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nisdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()\n\nIn hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when\nsetup_instance() fails with an error code. Fix that by freeing the urb\nbefore freeing the hw structure. Also change the error paths to use the\ngoto ladder style.\n\nCompile tested only. Issue found using a prototype static analysis tool.(CVE-2025-68734)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Clear cmds after chip reset\n\nCommit aefed3e5548f (\"scsi: qla2xxx: target: Fix offline port handling\nand host reset handling\") caused two problems:\n\n1. Commands sent to FW, after chip reset got stuck and never freed as FW\n is not going to respond to them anymore.\n\n2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a\n (\"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\")\n attempted to fix this, but introduced another bug under different\n circumstances when two different CPUs were racing to call\n qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in\n dma_unmap_sg_attrs().\n\nSo revert \"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\" and\npartially revert \"scsi: qla2xxx: target: Fix offline port handling and\nhost reset handling\" at __qla2x00_abort_all_cmds.(CVE-2025-68745)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1075", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" }, { "summary":"CVE-2022-50635", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-50635&packageName=kernel" }, { "summary":"CVE-2022-50746", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-50746&packageName=kernel" }, { "summary":"CVE-2023-53781", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-53781&packageName=kernel" }, { "summary":"CVE-2023-53821", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-53821&packageName=kernel" }, { "summary":"CVE-2023-53846", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-53846&packageName=kernel" }, { "summary":"CVE-2023-53861", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-53861&packageName=kernel" }, { "summary":"CVE-2025-39949", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39949&packageName=kernel" }, { "summary":"CVE-2025-39969", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39969&packageName=kernel" }, { "summary":"CVE-2025-39970", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39970&packageName=kernel" }, { "summary":"CVE-2025-40200", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-40200&packageName=kernel" }, { "summary":"CVE-2025-68171", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-68171&packageName=kernel" }, { "summary":"CVE-2025-68734", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-68734&packageName=kernel" }, { "summary":"CVE-2025-68745", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-68745&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50635" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50746" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53781" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53821" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53846" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53861" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39949" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39969" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39970" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40200" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68171" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68734" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68745" }, { "summary":"openEuler-SA-2026-1075 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1075.json" } ], "title":"An update for kernel is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-01-22T09:57:50+08:00", "revision_history":[ { "date":"2026-01-22T09:57:50+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-01-22T09:57:50+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-01-22T09:57:50+08:00", "id":"openEuler-SA-2026-1075", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "name":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-5.10.0-298.0.0.200.oe2203sp3.src.rpm", "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.src.rpm" }, "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "name":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"perf-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "name":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-5.10.0-298.0.0.200.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"perf-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "name":"python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-50635", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()\n\nI found a null pointer reference in arch_prepare_kprobe():\n\n # echo 'p cmdline_proc_show' > kprobe_events\n # echo 'p cmdline_proc_show+16' >> kprobe_events\n Kernel attempted to read user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on read at 0x00000000\n Faulting instruction address: 0xc000000000050bfc\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\n Modules linked in:\n CPU: 0 PID: 122 Comm: sh Not tainted 6.0.0-rc3-00007-gdcf8e5633e2e #10\n NIP: c000000000050bfc LR: c000000000050bec CTR: 0000000000005bdc\n REGS: c0000000348475b0 TRAP: 0300 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)\n MSR: 9000000000009033 CR: 88002444 XER: 20040006\n CFAR: c00000000022d100 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 0\n ...\n NIP arch_prepare_kprobe+0x10c/0x2d0\n LR arch_prepare_kprobe+0xfc/0x2d0\n Call Trace:\n 0xc0000000012f77a0 (unreliable)\n register_kprobe+0x3c0/0x7a0\n __register_trace_kprobe+0x140/0x1a0\n __trace_kprobe_create+0x794/0x1040\n trace_probe_create+0xc4/0xe0\n create_or_delete_trace_kprobe+0x2c/0x80\n trace_parse_run_command+0xf0/0x210\n probes_write+0x20/0x40\n vfs_write+0xfc/0x450\n ksys_write+0x84/0x140\n system_call_exception+0x17c/0x3a0\n system_call_vectored_common+0xe8/0x278\n --- interrupt: 3000 at 0x7fffa5682de0\n NIP: 00007fffa5682de0 LR: 0000000000000000 CTR: 0000000000000000\n REGS: c000000034847e80 TRAP: 3000 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)\n MSR: 900000000280f033 CR: 44002408 XER: 00000000\n\nThe address being probed has some special:\n\n cmdline_proc_show: Probe based on ftrace\n cmdline_proc_show+16: Probe for the next instruction at the ftrace location\n\nThe ftrace-based kprobe does not generate kprobe::ainsn::insn, it gets\nset to NULL. In arch_prepare_kprobe() it will check for:\n\n ...\n prev = get_kprobe(p->addr - 1);\n preempt_enable_no_resched();\n if (prev && ppc_inst_prefixed(ppc_inst_read(prev->ainsn.insn))) {\n ...\n\nIf prev is based on ftrace, 'ppc_inst_read(prev->ainsn.insn)' will occur\nwith a null pointer reference. At this point prev->addr will not be a\nprefixed instruction, so the check can be skipped.\n\nCheck if prev is ftrace-based kprobe before reading 'prev->ainsn.insn'\nto fix this problem.\n\n[mpe: Trim oops]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-50635" }, { "cve":"CVE-2022-50746", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: validate the extent length for uncompressed pclusters\n\nsyzkaller reported a KASAN use-after-free:\nhttps://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2\n\nThe referenced fuzzed image actually has two issues:\n - m_pa == 0 as a non-inlined pcluster;\n - The logical length is longer than its physical length.\n\nThe first issue has already been addressed. This patch addresses\nthe second issue by checking the extent length validity.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2022-50746" }, { "cve":"CVE-2023-53781", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric's ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket's sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket's TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n ", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-53781" }, { "cve":"CVE-2023-53821", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: fix slab-use-after-free in decode_session6\n\nWhen ipv6_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ipv6_vti device sends IPv6 packets.\n\nThe stack information is as follows:\nBUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890\nRead of size 1 at addr ffff88802e08edc2 by task swapper/0/0\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0-next-20230707-00001-g84e2cad7f979 #410\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0xd9/0x150\nprint_address_description.constprop.0+0x2c/0x3c0\nkasan_report+0x11d/0x130\ndecode_session6+0x103f/0x1890\n__xfrm_decode_session+0x54/0xb0\nvti6_tnl_xmit+0x3e6/0x1ee0\ndev_hard_start_xmit+0x187/0x700\nsch_direct_xmit+0x1a3/0xc30\n__qdisc_run+0x510/0x17a0\n__dev_queue_xmit+0x2215/0x3b10\nneigh_connected_output+0x3c2/0x550\nip6_finish_output2+0x55a/0x1550\nip6_finish_output+0x6b9/0x1270\nip6_output+0x1f1/0x540\nndisc_send_skb+0xa63/0x1890\nndisc_send_rs+0x132/0x6f0\naddrconf_rs_timer+0x3f1/0x870\ncall_timer_fn+0x1a0/0x580\nexpire_timers+0x29b/0x4b0\nrun_timer_softirq+0x326/0x910\n__do_softirq+0x1d4/0x905\nirq_exit_rcu+0xb7/0x120\nsysvec_apic_timer_interrupt+0x97/0xc0\n\nAllocated by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\n__kasan_slab_alloc+0x7f/0x90\nkmem_cache_alloc_node+0x1cd/0x410\nkmalloc_reserve+0x165/0x270\n__alloc_skb+0x129/0x330\nnetlink_sendmsg+0x9b1/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\nkasan_save_free_info+0x2b/0x40\n____kasan_slab_free+0x160/0x1c0\nslab_free_freelist_hook+0x11b/0x220\nkmem_cache_free+0xf0/0x490\nskb_free_head+0x17f/0x1b0\nskb_release_data+0x59c/0x850\nconsume_skb+0xd2/0x170\nnetlink_unicast+0x54f/0x7f0\nnetlink_sendmsg+0x926/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nThe buggy address belongs to the object at ffff88802e08ed00\nwhich belongs to the cache skbuff_small_head of size 640\nThe buggy address is located 194 bytes inside of\nfreed 640-byte region [ffff88802e08ed00, ffff88802e08ef80)\n\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)->nhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-53821" }, { "cve":"CVE-2023-53846", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on direct node in truncate_dnode()\n\nsyzbot reports below bug:\n\nBUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\nRead of size 4 at addr ffff88802a25c000 by task syz-executor148/5000\n\nCPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351\n print_report mm/kasan/report.c:462 [inline]\n kasan_report+0x11c/0x130 mm/kasan/report.c:572\n f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\n truncate_dnode+0x229/0x2e0 fs/f2fs/node.c:944\n f2fs_truncate_inode_blocks+0x64b/0xde0 fs/f2fs/node.c:1154\n f2fs_do_truncate_blocks+0x4ac/0xf30 fs/f2fs/file.c:721\n f2fs_truncate_blocks+0x7b/0x300 fs/f2fs/file.c:749\n f2fs_truncate.part.0+0x4a5/0x630 fs/f2fs/file.c:799\n f2fs_truncate include/linux/fs.h:825 [inline]\n f2fs_setattr+0x1738/0x2090 fs/f2fs/file.c:1006\n notify_change+0xb2c/0x1180 fs/attr.c:483\n do_truncate+0x143/0x200 fs/open.c:66\n handle_truncate fs/namei.c:3295 [inline]\n do_open fs/namei.c:3640 [inline]\n path_openat+0x2083/0x2750 fs/namei.c:3791\n do_filp_open+0x1ba/0x410 fs/namei.c:3818\n do_sys_openat2+0x16d/0x4c0 fs/open.c:1356\n do_sys_open fs/open.c:1372 [inline]\n __do_sys_creat fs/open.c:1448 [inline]\n __se_sys_creat fs/open.c:1442 [inline]\n __x64_sys_creat+0xcd/0x120 fs/open.c:1442\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is, inodeA references inodeB via inodeB's ino, once inodeA\nis truncated, it calls truncate_dnode() to truncate data blocks in inodeB's\nnode page, it traverse mapping data from node->i.i_addr[0] to\nnode->i.i_addr[ADDRS_PER_BLOCK() - 1], result in out-of-boundary access.\n\nThis patch fixes to add sanity check on dnode page in truncate_dnode(),\nso that, it can help to avoid triggering such issue, and once it encounters\nsuch issue, it will record newly introduced ERROR_INVALID_NODE_REFERENCE\nerror into superblock, later fsck can detect such issue and try repairing.\n\nAlso, it removes f2fs_truncate_data_blocks() for cleanup due to the\nfunction has only one caller, and uses f2fs_truncate_data_blocks_range()\ninstead.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-53846" }, { "cve":"CVE-2023-53861", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: correct grp validation in ext4_mb_good_group\n\nGroup corruption check will access memory of grp and will trigger kernel\ncrash if grp is NULL. So do NULL check before corruption check.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-53861" }, { "cve":"CVE-2025-39949", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don't collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc'ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn->cdev->dbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware's return value to the maximum\nnumber of legal elements the firmware should return.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-39949" }, { "cve":"CVE-2025-39969", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-39969" }, { "cve":"CVE-2025-39970", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check 'greater or equal' to prevent OOB dereference.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-39970" }, { "cve":"CVE-2025-40200", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: reject negative file sizes in squashfs_read_inode()\n\nSyskaller reports a \"WARNING in ovl_copy_up_file\" in overlayfs.\n\nThis warning is ultimately caused because the underlying Squashfs file\nsystem returns a file with a negative file size.\n\nThis commit checks for a negative file size and returns EINVAL.\n\n[", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.4, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-40200" }, { "cve":"CVE-2025-68171", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure XFD state on signal delivery\n\nSean reported [1] the following splat when running KVM tests:\n\n WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70\n Call Trace:\n \n fpu__clear_user_states+0x9c/0x100\n arch_do_signal_or_restart+0x142/0x210\n exit_to_user_mode_loop+0x55/0x100\n do_syscall_64+0x205/0x2c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nChao further identified [2] a reproducible scenario involving signal\ndelivery: a non-AMX task is preempted by an AMX-enabled task which\nmodifies the XFD MSR.\n\nWhen the non-AMX task resumes and reloads XSTATE with init values,\na warning is triggered due to a mismatch between fpstate::xfd and the\nCPU's current XFD state. fpu__clear_user_states() does not currently\nre-synchronize the XFD state after such preemption.\n\nInvoke xfd_update_state() which detects and corrects the mismatch if\nthere is a dynamic feature.\n\nThis also benefits the sigreturn path, as fpu__restore_sig() may call\nfpu__clear_user_states() when the sigframe is inaccessible.\n\n[ dhansen: minor changelog munging ]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-68171" }, { "cve":"CVE-2025-68734", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()\n\nIn hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when\nsetup_instance() fails with an error code. Fix that by freeing the urb\nbefore freeing the hw structure. Also change the error paths to use the\ngoto ladder style.\n\nCompile tested only. Issue found using a prototype static analysis tool.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-68734" }, { "cve":"CVE-2025-68745", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Clear cmds after chip reset\n\nCommit aefed3e5548f (\"scsi: qla2xxx: target: Fix offline port handling\nand host reset handling\") caused two problems:\n\n1. Commands sent to FW, after chip reset got stuck and never freed as FW\n is not going to respond to them anymore.\n\n2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a\n (\"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\")\n attempted to fix this, but introduced another bug under different\n circumstances when two different CPUs were racing to call\n qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in\n dma_unmap_sg_attrs().\n\nSo revert \"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\" and\npartially revert \"scsi: qla2xxx: target: Fix offline port handling and\nhost reset handling\" at __qla2x00_abort_all_cmds.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-298.0.0.200.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-298.0.0.200.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-68745" } ] }