{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don't call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding 'reconfig_mutex', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n'reconfig_mutex'.\n\nHowever, hold 'reconfig_mutex' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b (\"md: refactor\nidle/frozen_sync_thread() to fix deadlock\").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did.(CVE-2024-35808)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix user address masking non-canonical speculation issue\n\nIt turns out that AMD has a \"Meltdown Lite(tm)\" issue with non-canonical\naccesses in kernel space. And so using just the high bit to decide\nwhether an access is in user space or kernel space ends up with the good\nold \"leak speculative data\" if you have the right gadget using the\nresult:\n\n CVE-2020-12965 “Transient Execution of Non-Canonical Accesses“\n\nNow, the kernel surrounds the access with a STAC/CLAC pair, and those\ninstructions end up serializing execution on older Zen architectures,\nwhich closes the speculation window.\n\nBut that was true only up until Zen 5, which renames the AC bit [1].\nThat improves performance of STAC/CLAC a lot, but also means that the\nspeculation window is now open.\n\nNote that this affects not just the new address masking, but also the\nregular valid_user_address() check used by access_ok(), and the asm\nversion of the sign bit check in the get_user() helpers.\n\nIt does not affect put_user() or clear_user() variants, since there's no\nspeculative result to be used in a gadget for those operations.(CVE-2024-50102)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.(CVE-2025-38062)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix data race in show_numa_info()\n\nThe following data-race was found in show_numa_info():\n\n==================================================================\nBUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show\n\nread to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0:\n show_numa_info mm/vmalloc.c:4936 [inline]\n vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nwrite to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1:\n show_numa_info mm/vmalloc.c:4934 [inline]\n vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nvalue changed: 0x0000008f -> 0x00000000\n==================================================================\n\nAccording to this report,there is a read/write data-race because\nm->private is accessible to multiple CPUs. To fix this, instead of\nallocating the heap in proc_vmalloc_init() and passing the heap address to\nm->private, vmalloc_info_show() should allocate the heap.(CVE-2025-38383)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer's GEM buffer objects prevents\nthis from happening. The framebuffer's cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag(CVE-2025-38449)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions &indio_dev->dev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don't seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1](CVE-2025-38531)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150(CVE-2025-38678)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().(CVE-2025-38685)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix rcu_read_unlock() deadloop due to IRQ work\n\nDuring rcu_read_unlock_special(), if this happens during irq_exit(), we\ncan lockup if an IPI is issued. This is because the IPI itself triggers\nthe irq_exit() path causing a recursive lock up.\n\nThis is precisely what Xiongfeng found when invoking a BPF program on\nthe trace_tick_stop() tracepoint As shown in the trace below. Fix by\nmanaging the irq_work state correctly.\n\nirq_exit()\n __irq_exit_rcu()\n /* in_hardirq() returns false after this */\n preempt_count_sub(HARDIRQ_OFFSET)\n tick_irq_exit()\n tick_nohz_irq_exit()\n\t tick_nohz_stop_sched_tick()\n\t trace_tick_stop() /* a bpf prog is hooked on this trace point */\n\t\t __bpf_trace_tick_stop()\n\t\t bpf_trace_run2()\n\t\t\t rcu_read_unlock_special()\n /* will send a IPI to itself */\n\t\t\t irq_work_queue_on(&rdp->defer_qs_iw, rdp->cpu);\n\nA simple reproducer can also be obtained by doing the following in\ntick_irq_exit(). It will hang on boot without the patch:\n\n static inline void tick_irq_exit(void)\n {\n +\trcu_read_lock();\n +\tWRITE_ONCE(current->rcu_read_unlock_special.b.need_qs, true);\n +\trcu_read_unlock();\n +\n\n[neeraj: Apply Frederic's suggested fix for PREEMPT_RT](CVE-2025-39744)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm: slub: avoid wake up kswapd in set_track_prepare\n\nset_track_prepare() can incur lock recursion.\nThe issue is that it is called from hrtimer_start_range_ns\nholding the per_cpu(hrtimer_bases)[n].lock, but when enabled\nCONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare,\nand try to hold the per_cpu(hrtimer_bases)[n].lock.\n\nAvoid deadlock caused by implicitly waking up kswapd by passing in\nallocation flags, which do not contain __GFP_KSWAPD_RECLAIM in the\ndebug_objects_fill_pool() case. Inside stack depot they are processed by\ngfp_nested_mask().\nSince ___slab_alloc() has preemption disabled, we mask out\n__GFP_DIRECT_RECLAIM from the flags there.\n\nThe oops looks something like:\n\nBUG: spinlock recursion on CPU#3, swapper/3/0\n lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3\nHardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT)\nCall trace:\nspin_bug+0x0\n_raw_spin_lock_irqsave+0x80\nhrtimer_try_to_cancel+0x94\ntask_contending+0x10c\nenqueue_dl_entity+0x2a4\ndl_server_start+0x74\nenqueue_task_fair+0x568\nenqueue_task+0xac\ndo_activate_task+0x14c\nttwu_do_activate+0xcc\ntry_to_wake_up+0x6c8\ndefault_wake_function+0x20\nautoremove_wake_function+0x1c\n__wake_up+0xac\nwakeup_kswapd+0x19c\nwake_all_kswapds+0x78\n__alloc_pages_slowpath+0x1ac\n__alloc_pages_noprof+0x298\nstack_depot_save_flags+0x6b0\nstack_depot_save+0x14\nset_track_prepare+0x5c\n___slab_alloc+0xccc\n__kmalloc_cache_noprof+0x470\n__set_page_owner+0x2bc\npost_alloc_hook[jt]+0x1b8\nprep_new_page+0x28\nget_page_from_freelist+0x1edc\n__alloc_pages_noprof+0x13c\nalloc_slab_page+0x244\nallocate_slab+0x7c\n___slab_alloc+0x8e8\nkmem_cache_alloc_noprof+0x450\ndebug_objects_fill_pool+0x22c\ndebug_object_activate+0x40\nenqueue_hrtimer[jt]+0xdc\nhrtimer_start_range_ns+0x5f8\n...(CVE-2025-39843)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()\n\nkasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and\nalways allocate memory using the hardcoded GFP_KERNEL flag. This makes\nthem inconsistent with vmalloc(), which was recently extended to support\nGFP_NOFS and GFP_NOIO allocations.\n\nPage table allocations performed during shadow population also ignore the\nexternal gfp_mask. To preserve the intended semantics of GFP_NOFS and\nGFP_NOIO, wrap the apply_to_page_range() calls into the appropriate\nmemalloc scope.\n\nxfs calls vmalloc with GFP_NOFS, so this bug could lead to deadlock.\n\nThere was a report here\nhttps://lkml.kernel.org/r/(CVE-2025-39910)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.\n\nsyzbot reported the splat below. [0]\n\nThe repro does the following:\n\n 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes)\n 2. Attach the prog to a SOCKMAP\n 3. Add a socket to the SOCKMAP\n 4. Activate fault injection\n 5. Send data less than cork_bytes\n\nAt 5., the data is carried over to the next sendmsg() as it is\nsmaller than the cork_bytes specified by bpf_msg_cork_bytes().\n\nThen, tcp_bpf_send_verdict() tries to allocate psock->cork to hold\nthe data, but this fails silently due to fault injection + __GFP_NOWARN.\n\nIf the allocation fails, we need to revert the sk->sk_forward_alloc\nchange done by sk_msg_alloc().\n\nLet's call sk_msg_free() when tcp_bpf_send_verdict fails to allocate\npsock->cork.\n\nThe \"*copied\" also needs to be updated such that a proper error can\nbe returned to the caller, sendmsg. It fails to allocate psock->cork.\nNothing has been corked so far, so this patch simply sets \"*copied\"\nto 0.\n\n[0]:\nWARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983\nModules linked in:\nCPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156\nCode: 0f 0b 90 e9 62 fe ff ff e8 7a db b5 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c db b5 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e db b5 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc\nRSP: 0018:ffffc90000a08b48 EFLAGS: 00010246\nRAX: ffffffff8a09d0b2 RBX: dffffc0000000000 RCX: ffff888024a23c80\nRDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000\nRBP: 0000000000000fff R08: ffff88807e07c627 R09: 1ffff1100fc0f8c4\nR10: dffffc0000000000 R11: ffffed100fc0f8c5 R12: ffff88807e07c380\nR13: dffffc0000000000 R14: ffff88807e07c60c R15: 1ffff1100fc0f872\nFS: 00005555604c4500(0000) GS:ffff888125af1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555604df5c8 CR3: 0000000032b06000 CR4: 00000000003526f0\nCall Trace:\n \n __sk_destruct+0x86/0x660 net/core/sock.c:2339\n rcu_do_batch kernel/rcu/tree.c:2605 [inline]\n rcu_core+0xca8/0x1770 kernel/rcu/tree.c:2861\n handle_softirqs+0x286/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052\n (CVE-2025-39913)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmscape: Add conditional IBPB mitigation\n\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\nmitigations already protect kernel/KVM from a malicious guest. Userspace\ncan additionally be protected by flushing the branch predictors after a\nVMexit.\n\nSince it is the userspace that consumes the poisoned branch predictors,\nconditionally issue an IBPB after a VMexit and before returning to\nuserspace. Workloads that frequently switch between hypervisor and\nuserspace will incur the most overhead from the new IBPB.\n\nThis new IBPB is not integrated with the existing IBPB sites. For\ninstance, a task can use the existing speculation control prctl() to\nget an IBPB at context switch time. With this implementation, the\nIBPB is doubled up: one at context switch and another before running\nuserspace.\n\nThe intent is to integrate and optimize these cases post-embargo.\n\n[ dhansen: elaborate on suboptimal IBPB solution ](CVE-2025-40300)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-20.03-LTS-SP4/openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1337", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" }, { "summary":"CVE-2024-35808", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35808&packageName=kernel" }, { "summary":"CVE-2024-50102", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50102&packageName=kernel" }, { "summary":"CVE-2025-38062", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38062&packageName=kernel" }, { "summary":"CVE-2025-38383", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38383&packageName=kernel" }, { "summary":"CVE-2025-38449", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38449&packageName=kernel" }, { "summary":"CVE-2025-38531", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38531&packageName=kernel" }, { "summary":"CVE-2025-38678", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38678&packageName=kernel" }, { "summary":"CVE-2025-38685", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38685&packageName=kernel" }, { "summary":"CVE-2025-39744", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39744&packageName=kernel" }, { "summary":"CVE-2025-39843", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39843&packageName=kernel" }, { "summary":"CVE-2025-39910", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39910&packageName=kernel" }, { "summary":"CVE-2025-39913", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39913&packageName=kernel" }, { "summary":"CVE-2025-40300", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-40300&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35808" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50102" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38062" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38383" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38449" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38531" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38678" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38685" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39744" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39843" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39910" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39913" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40300" }, { "summary":"openEuler-SA-2026-1337 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1337.json" } ], "title":"An update for kernel is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2026-02-14T15:28:29+08:00", "revision_history":[ { "date":"2026-02-14T15:28:29+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-02-14T15:28:29+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-02-14T15:28:29+08:00", "id":"openEuler-SA-2026-1337", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bpftool-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"bpftool-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"bpftool-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-source-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-source-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-source-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"python3-perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"python3-perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"python3-perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "name":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm" }, "name":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bpftool-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"bpftool-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"bpftool-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-source-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-source-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-source-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"python3-perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"python3-perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"python3-perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "name":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm" }, "name":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"kernel-6.6.0-139.0.0.120.oe2403.src.rpm", "name":"kernel-6.6.0-139.0.0.120.oe2403.src.rpm" }, "name":"kernel-6.6.0-139.0.0.120.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bpftool-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "name":"bpftool-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "name":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-source-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-source-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "name":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "name":"perf-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "name":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"python3-perf-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "name":"python3-perf-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "name":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bpftool-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "name":"bpftool-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "name":"bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-source-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-source-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "name":"kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "name":"perf-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "name":"perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"python3-perf-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "name":"python3-perf-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "name":"python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"kernel-6.6.0-139.0.0.120.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src", "name":"kernel-6.6.0-139.0.0.120.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-35808", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don't call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding 'reconfig_mutex', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n'reconfig_mutex'.\n\nHowever, hold 'reconfig_mutex' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b (\"md: refactor\nidle/frozen_sync_thread() to fix deadlock\").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-35808" }, { "cve":"CVE-2024-50102", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix user address masking non-canonical speculation issue\n\nIt turns out that AMD has a \"Meltdown Lite(tm)\" issue with non-canonical\naccesses in kernel space. And so using just the high bit to decide\nwhether an access is in user space or kernel space ends up with the good\nold \"leak speculative data\" if you have the right gadget using the\nresult:\n\n CVE-2020-12965 “Transient Execution of Non-Canonical Accesses“\n\nNow, the kernel surrounds the access with a STAC/CLAC pair, and those\ninstructions end up serializing execution on older Zen architectures,\nwhich closes the speculation window.\n\nBut that was true only up until Zen 5, which renames the AC bit [1].\nThat improves performance of STAC/CLAC a lot, but also means that the\nspeculation window is now open.\n\nNote that this affects not just the new address masking, but also the\nregular valid_user_address() check used by access_ok(), and the asm\nversion of the sign bit check in the get_user() helpers.\n\nIt does not affect put_user() or clear_user() variants, since there's no\nspeculative result to be used in a gadget for those operations.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50102" }, { "cve":"CVE-2025-38062", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-38062" }, { "cve":"CVE-2025-38383", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix data race in show_numa_info()\n\nThe following data-race was found in show_numa_info():\n\n==================================================================\nBUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show\n\nread to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0:\n show_numa_info mm/vmalloc.c:4936 [inline]\n vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nwrite to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1:\n show_numa_info mm/vmalloc.c:4934 [inline]\n vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016\n seq_read_iter+0x373/0xb40 fs/seq_file.c:230\n proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299\n....\n\nvalue changed: 0x0000008f -> 0x00000000\n==================================================================\n\nAccording to this report,there is a read/write data-race because\nm->private is accessible to multiple CPUs. To fix this, instead of\nallocating the heap in proc_vmalloc_init() and passing the heap address to\nm->private, vmalloc_info_show() should allocate the heap.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-38383" }, { "cve":"CVE-2025-38449", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer's GEM buffer objects prevents\nthis from happening. The framebuffer's cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-38449" }, { "cve":"CVE-2025-38531", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions &indio_dev->dev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don't seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-38531" }, { "cve":"CVE-2025-38678", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-38678" }, { "cve":"CVE-2025-38685", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-38685" }, { "cve":"CVE-2025-39744", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix rcu_read_unlock() deadloop due to IRQ work\n\nDuring rcu_read_unlock_special(), if this happens during irq_exit(), we\ncan lockup if an IPI is issued. This is because the IPI itself triggers\nthe irq_exit() path causing a recursive lock up.\n\nThis is precisely what Xiongfeng found when invoking a BPF program on\nthe trace_tick_stop() tracepoint As shown in the trace below. Fix by\nmanaging the irq_work state correctly.\n\nirq_exit()\n __irq_exit_rcu()\n /* in_hardirq() returns false after this */\n preempt_count_sub(HARDIRQ_OFFSET)\n tick_irq_exit()\n tick_nohz_irq_exit()\n\t tick_nohz_stop_sched_tick()\n\t trace_tick_stop() /* a bpf prog is hooked on this trace point */\n\t\t __bpf_trace_tick_stop()\n\t\t bpf_trace_run2()\n\t\t\t rcu_read_unlock_special()\n /* will send a IPI to itself */\n\t\t\t irq_work_queue_on(&rdp->defer_qs_iw, rdp->cpu);\n\nA simple reproducer can also be obtained by doing the following in\ntick_irq_exit(). It will hang on boot without the patch:\n\n static inline void tick_irq_exit(void)\n {\n +\trcu_read_lock();\n +\tWRITE_ONCE(current->rcu_read_unlock_special.b.need_qs, true);\n +\trcu_read_unlock();\n +\n\n[neeraj: Apply Frederic's suggested fix for PREEMPT_RT]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-39744" }, { "cve":"CVE-2025-39843", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: slub: avoid wake up kswapd in set_track_prepare\n\nset_track_prepare() can incur lock recursion.\nThe issue is that it is called from hrtimer_start_range_ns\nholding the per_cpu(hrtimer_bases)[n].lock, but when enabled\nCONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare,\nand try to hold the per_cpu(hrtimer_bases)[n].lock.\n\nAvoid deadlock caused by implicitly waking up kswapd by passing in\nallocation flags, which do not contain __GFP_KSWAPD_RECLAIM in the\ndebug_objects_fill_pool() case. Inside stack depot they are processed by\ngfp_nested_mask().\nSince ___slab_alloc() has preemption disabled, we mask out\n__GFP_DIRECT_RECLAIM from the flags there.\n\nThe oops looks something like:\n\nBUG: spinlock recursion on CPU#3, swapper/3/0\n lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3\nHardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT)\nCall trace:\nspin_bug+0x0\n_raw_spin_lock_irqsave+0x80\nhrtimer_try_to_cancel+0x94\ntask_contending+0x10c\nenqueue_dl_entity+0x2a4\ndl_server_start+0x74\nenqueue_task_fair+0x568\nenqueue_task+0xac\ndo_activate_task+0x14c\nttwu_do_activate+0xcc\ntry_to_wake_up+0x6c8\ndefault_wake_function+0x20\nautoremove_wake_function+0x1c\n__wake_up+0xac\nwakeup_kswapd+0x19c\nwake_all_kswapds+0x78\n__alloc_pages_slowpath+0x1ac\n__alloc_pages_noprof+0x298\nstack_depot_save_flags+0x6b0\nstack_depot_save+0x14\nset_track_prepare+0x5c\n___slab_alloc+0xccc\n__kmalloc_cache_noprof+0x470\n__set_page_owner+0x2bc\npost_alloc_hook[jt]+0x1b8\nprep_new_page+0x28\nget_page_from_freelist+0x1edc\n__alloc_pages_noprof+0x13c\nalloc_slab_page+0x244\nallocate_slab+0x7c\n___slab_alloc+0x8e8\nkmem_cache_alloc_noprof+0x450\ndebug_objects_fill_pool+0x22c\ndebug_object_activate+0x40\nenqueue_hrtimer[jt]+0xdc\nhrtimer_start_range_ns+0x5f8\n...", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-39843" }, { "cve":"CVE-2025-39910", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()\n\nkasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and\nalways allocate memory using the hardcoded GFP_KERNEL flag. This makes\nthem inconsistent with vmalloc(), which was recently extended to support\nGFP_NOFS and GFP_NOIO allocations.\n\nPage table allocations performed during shadow population also ignore the\nexternal gfp_mask. To preserve the intended semantics of GFP_NOFS and\nGFP_NOIO, wrap the apply_to_page_range() calls into the appropriate\nmemalloc scope.\n\nxfs calls vmalloc with GFP_NOFS, so this bug could lead to deadlock.\n\nThere was a report here\nhttps://lkml.kernel.org/r/", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-39910" }, { "cve":"CVE-2025-39913", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.\n\nsyzbot reported the splat below. [0]\n\nThe repro does the following:\n\n 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes)\n 2. Attach the prog to a SOCKMAP\n 3. Add a socket to the SOCKMAP\n 4. Activate fault injection\n 5. Send data less than cork_bytes\n\nAt 5., the data is carried over to the next sendmsg() as it is\nsmaller than the cork_bytes specified by bpf_msg_cork_bytes().\n\nThen, tcp_bpf_send_verdict() tries to allocate psock->cork to hold\nthe data, but this fails silently due to fault injection + __GFP_NOWARN.\n\nIf the allocation fails, we need to revert the sk->sk_forward_alloc\nchange done by sk_msg_alloc().\n\nLet's call sk_msg_free() when tcp_bpf_send_verdict fails to allocate\npsock->cork.\n\nThe \"*copied\" also needs to be updated such that a proper error can\nbe returned to the caller, sendmsg. It fails to allocate psock->cork.\nNothing has been corked so far, so this patch simply sets \"*copied\"\nto 0.\n\n[0]:\nWARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983\nModules linked in:\nCPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156\nCode: 0f 0b 90 e9 62 fe ff ff e8 7a db b5 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c db b5 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e db b5 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc\nRSP: 0018:ffffc90000a08b48 EFLAGS: 00010246\nRAX: ffffffff8a09d0b2 RBX: dffffc0000000000 RCX: ffff888024a23c80\nRDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000\nRBP: 0000000000000fff R08: ffff88807e07c627 R09: 1ffff1100fc0f8c4\nR10: dffffc0000000000 R11: ffffed100fc0f8c5 R12: ffff88807e07c380\nR13: dffffc0000000000 R14: ffff88807e07c60c R15: 1ffff1100fc0f872\nFS: 00005555604c4500(0000) GS:ffff888125af1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555604df5c8 CR3: 0000000032b06000 CR4: 00000000003526f0\nCall Trace:\n \n __sk_destruct+0x86/0x660 net/core/sock.c:2339\n rcu_do_batch kernel/rcu/tree.c:2605 [inline]\n rcu_core+0xca8/0x1770 kernel/rcu/tree.c:2861\n handle_softirqs+0x286/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052\n ", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-39913" }, { "cve":"CVE-2025-40300", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmscape: Add conditional IBPB mitigation\n\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\nmitigations already protect kernel/KVM from a malicious guest. Userspace\ncan additionally be protected by flushing the branch predictors after a\nVMexit.\n\nSince it is the userspace that consumes the poisoned branch predictors,\nconditionally issue an IBPB after a VMexit and before returning to\nuserspace. Workloads that frequently switch between hypervisor and\nuserspace will incur the most overhead from the new IBPB.\n\nThis new IBPB is not integrated with the existing IBPB sites. For\ninstance, a task can use the existing speculation control prctl() to\nget an IBPB at context switch time. With this implementation, the\nIBPB is doubled up: one at context switch and another before running\nuserspace.\n\nThe intent is to integrate and optimize these cases post-embargo.\n\n[ dhansen: elaborate on suboptimal IBPB solution ]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1337" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.aarch64", "openEuler-24.03-LTS:bpftool-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-debugsource-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-headers-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-source-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-tools-devel-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-139.0.0.120.oe2403.x86_64", "openEuler-24.03-LTS:kernel-6.6.0-139.0.0.120.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-40300" } ] }