{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"High"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"kernel security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for kernel is now available for openEuler-22.03-LTS-SP4",
"category":"general",
"title":"Summary"
},
{
"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I'm seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can't explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I've\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps->dev refcount can't reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.\n\n pps_core: source serial1 got cdev (251:1)\n <...>\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1(CVE-2024-57979)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.(CVE-2025-39902)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.(CVE-2025-39967)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.(CVE-2026-23054)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add recursion protection in kernel stack trace recording\n\nA bug was reported about an infinite recursion caused by tracing the rcu\nevents with the kernel stack trace trigger enabled. The stack trace code\ncalled back into RCU which then called the stack trace again.\n\nExpand the ftrace recursion protection to add a set of bits to protect\nevents from recursion. Each bit represents the context that the event is\nin (normal, softirq, interrupt and NMI).\n\nHave the stack trace code use the interrupt context to protect against\nrecursion.\n\nNote, the bug showed an issue in both the RCU code as well as the tracing\nstacktrace code. This only handles the tracing stack trace side of the\nbug. The RCU fix will be handled separately.(CVE-2026-23138)\n\nIn the Linux kernel, a race condition vulnerability exists in the PCM trigger callback of ALSA driver. The driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF (Use-After-Free) when a program attempts to trigger frequently while opening/closing the tied stream.(CVE-2026-23191)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix error recovery in macvlan_common_newlink()\n\nvalis provided a nice repro to crash the kernel:\n\nip link add p1 type veth peer p2\nip link set address 00:00:00:00:00:20 dev p1\nip link set up dev p1\nip link set up dev p2\n\nip link add mv0 link p2 type macvlan mode source\nip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20\n\nping -c1 -I p1 1.2.3.4\n\nHe also gave a very detailed analysis:\n\n\n\nThe issue is triggered when a new macvlan link is created with\nMACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or\nMACVLAN_MACADDR_SET) parameter, lower device already has a macvlan\nport and register_netdevice() called from macvlan_common_newlink()\nfails (e.g. because of the invalid link name).\n\nIn this case macvlan_hash_add_source is called from\nmacvlan_change_sources() / macvlan_common_newlink():\n\nThis adds a reference to vlan to the port's vlan_source_hash using\nmacvlan_source_entry.\n\nvlan is a pointer to the priv data of the link that is being created.\n\nWhen register_netdevice() fails, the error is returned from\nmacvlan_newlink() to rtnl_newlink_create():\n\n if (ops->newlink)\n err = ops->newlink(dev, ¶ms, extack);\n else\n err = register_netdevice(dev);\n if (err < 0) {\n free_netdev(dev);\n goto out;\n }\n\nand free_netdev() is called, causing a kvfree() on the struct\nnet_device that is still referenced in the source entry attached to\nthe lower device's macvlan port.\n\nNow all packets sent on the macvlan port with a matching source mac\naddress will trigger a use-after-free in macvlan_forward_source().\n\n
\n\nWith all that, my fix is to make sure we call macvlan_flush_sources()\nregardless of @create value whenever \"goto destroy_macvlan_port;\"\npath is taken.\n\nMany thanks to valis for following up on this issue.(CVE-2026-23209)",
"category":"general",
"title":"Description"
},
{
"text":"An update for kernel is now available for openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"High",
"category":"general",
"title":"Severity"
},
{
"text":"kernel",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2026-1569",
"category":"self",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
},
{
"summary":"CVE-2024-57979",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57979&packageName=kernel"
},
{
"summary":"CVE-2025-39902",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39902&packageName=kernel"
},
{
"summary":"CVE-2025-39967",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39967&packageName=kernel"
},
{
"summary":"CVE-2026-23054",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23054&packageName=kernel"
},
{
"summary":"CVE-2026-23138",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23138&packageName=kernel"
},
{
"summary":"CVE-2026-23191",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23191&packageName=kernel"
},
{
"summary":"CVE-2026-23209",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23209&packageName=kernel"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57979"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39902"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39967"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23054"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23138"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23191"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23209"
},
{
"summary":"openEuler-SA-2026-1569 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1569.json"
}
],
"title":"An update for kernel is now available for openEuler-22.03-LTS-SP4",
"tracking":{
"initial_release_date":"2026-03-15T13:56:20+08:00",
"revision_history":[
{
"date":"2026-03-15T13:56:20+08:00",
"summary":"Initial",
"number":"1.0.0"
}
],
"generator":{
"date":"2026-03-15T13:56:20+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2026-03-15T13:56:20+08:00",
"id":"openEuler-SA-2026-1569",
"version":"1.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"openEuler-22.03-LTS-SP4",
"name":"openEuler-22.03-LTS-SP4"
},
"name":"openEuler-22.03-LTS-SP4",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"bpftool-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"bpftool-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"name":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm"
},
"name":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"bpftool-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"bpftool-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"name":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm"
},
"name":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"kernel-5.10.0-304.0.0.207.oe2203sp4.src.rpm",
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.src.rpm"
},
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.src.rpm",
"category":"product_version"
}
],
"category":"architecture"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"bpftool-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"perf-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"name":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"bpftool-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-headers-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-source-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-tools-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"perf-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"python3-perf-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"name":"python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"kernel-5.10.0-304.0.0.207.oe2203sp4.src.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-304.0.0.207.oe2203sp4.src",
"name":"kernel-5.10.0-304.0.0.207.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2024-57979",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I'm seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can't explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I've\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps->dev refcount can't reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.\n\n pps_core: source serial1 got cdev (251:1)\n <...>\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:bpftool-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-304.0.0.207.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:kernel-5.10.0-304.0.0.207.oe2203sp4.src"
]
},
"remediations":[
{
"product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"},
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.8,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-57979"
},
{
"cve":"CVE-2025-39902",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
},
"remediations":[
{
"product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"},
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2025-39902"
},
{
"cve":"CVE-2025-39967",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
},
"remediations":[
{
"product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"},
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.8,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2025-39967"
},
{
"cve":"CVE-2026-23054",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
},
"remediations":[
{
"product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"},
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2026-23054"
},
{
"cve":"CVE-2026-23138",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add recursion protection in kernel stack trace recording\n\nA bug was reported about an infinite recursion caused by tracing the rcu\nevents with the kernel stack trace trigger enabled. The stack trace code\ncalled back into RCU which then called the stack trace again.\n\nExpand the ftrace recursion protection to add a set of bits to protect\nevents from recursion. Each bit represents the context that the event is\nin (normal, softirq, interrupt and NMI).\n\nHave the stack trace code use the interrupt context to protect against\nrecursion.\n\nNote, the bug showed an issue in both the RCU code as well as the tracing\nstacktrace code. This only handles the tracing stack trace side of the\nbug. The RCU fix will be handled separately.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
},
"remediations":[
{
"product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"},
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2026-23138"
},
{
"cve":"CVE-2026-23191",
"notes":[
{
"text":"In the Linux kernel, a race condition vulnerability exists in the PCM trigger callback of ALSA driver. The driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF (Use-After-Free) when a program attempts to trigger frequently while opening/closing the tied stream.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
},
"remediations":[
{
"product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"},
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version":"3.1"
},
"products":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2026-23191"
},
{
"cve":"CVE-2026-23209",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix error recovery in macvlan_common_newlink()\n\nvalis provided a nice repro to crash the kernel:\n\nip link add p1 type veth peer p2\nip link set address 00:00:00:00:00:20 dev p1\nip link set up dev p1\nip link set up dev p2\n\nip link add mv0 link p2 type macvlan mode source\nip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20\n\nping -c1 -I p1 1.2.3.4\n\nHe also gave a very detailed analysis:\n\n\n\nThe issue is triggered when a new macvlan link is created with\nMACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or\nMACVLAN_MACADDR_SET) parameter, lower device already has a macvlan\nport and register_netdevice() called from macvlan_common_newlink()\nfails (e.g. because of the invalid link name).\n\nIn this case macvlan_hash_add_source is called from\nmacvlan_change_sources() / macvlan_common_newlink():\n\nThis adds a reference to vlan to the port's vlan_source_hash using\nmacvlan_source_entry.\n\nvlan is a pointer to the priv data of the link that is being created.\n\nWhen register_netdevice() fails, the error is returned from\nmacvlan_newlink() to rtnl_newlink_create():\n\n if (ops->newlink)\n err = ops->newlink(dev, ¶ms, extack);\n else\n err = register_netdevice(dev);\n if (err < 0) {\n free_netdev(dev);\n goto out;\n }\n\nand free_netdev() is called, causing a kvfree() on the struct\nnet_device that is still referenced in the source entry attached to\nthe lower device's macvlan port.\n\nNow all packets sent on the macvlan port with a matching source mac\naddress will trigger a use-after-free in macvlan_forward_source().\n\n
\n\nWith all that, my fix is to make sure we call macvlan_flush_sources()\nregardless of @create value whenever \"goto destroy_macvlan_port;\"\npath is taken.\n\nMany thanks to valis for following up on this issue.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
},
"remediations":[
{
"product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"},
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1569"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":{"$ref":"$.vulnerabilities[0].product_status.fixed"}
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2026-23209"
}
]
}