{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive/spapr: correct bitmap allocation size\n\nkasan detects access beyond the end of the xibm->bitmap allocation:\n\nBUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140\nRead of size 8 at addr c00000001d1d0118 by task swapper/0/1\n\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28\nCall Trace:\n[c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable)\n[c00000001d98f7b0] [c00000000068faac] print_report+0x37c/0x710\n[c00000001d98f880] [c0000000006902c0] kasan_report+0x110/0x354\n[c00000001d98f950] [c000000000692324] __asan_load8+0xa4/0xe0\n[c00000001d98f970] [c0000000011c6ed0] _find_first_zero_bit+0x40/0x140\n[c00000001d98f9b0] [c0000000000dbfbc] xive_spapr_get_ipi+0xcc/0x260\n[c00000001d98fa70] [c0000000000d6d28] xive_setup_cpu_ipi+0x1e8/0x450\n[c00000001d98fb30] [c000000004032a20] pSeries_smp_probe+0x5c/0x118\n[c00000001d98fb60] [c000000004018b44] smp_prepare_cpus+0x944/0x9ac\n[c00000001d98fc90] [c000000004009f9c] kernel_init_freeable+0x2d4/0x640\n[c00000001d98fd90] [c0000000000131e8] kernel_init+0x28/0x1d0\n[c00000001d98fe10] [c00000000000cd54] ret_from_kernel_thread+0x5c/0x64\n\nAllocated by task 0:\n kasan_save_stack+0x34/0x70\n __kasan_kmalloc+0xb4/0xf0\n __kmalloc+0x268/0x540\n xive_spapr_init+0x4d0/0x77c\n pseries_init_irq+0x40/0x27c\n init_IRQ+0x44/0x84\n start_kernel+0x2a4/0x538\n start_here_common+0x1c/0x20\n\nThe buggy address belongs to the object at c00000001d1d0118\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n 8-byte region [c00000001d1d0118, c00000001d1d0120)\n\nThe buggy address belongs to the physical page:\npage:c00c000000074740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc00000001d1d0558 pfn:0x1d1d\nflags: 0x7ffff000000200(slab|node=0|zone=0|lastcpupid=0x7ffff)\nraw: 007ffff000000200 c00000001d0003c8 c00000001d0003c8 c00000001d010480\nraw: c00000001d1d0558 0000000001e1000a 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n c00000001d1d0000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0080: fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc\n>c00000001d1d0100: fc fc fc 02 fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n c00000001d1d0180: fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0200: fc fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc\n\nThis happens because the allocation uses the wrong unit (bits) when it\nshould pass (BITS_TO_LONGS(count) * sizeof(long)) or equivalent. With small\nnumbers of bits, the allocated object can be smaller than sizeof(long),\nwhich results in invalid accesses.\n\nUse bitmap_zalloc() to allocate and initialize the irq bitmap, paired with\nbitmap_free() for consistency.(CVE-2022-49623)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: at76c50x: fix use after free access in at76_disconnect\n\nThe memory pointed to by priv is freed at the end of at76_delete_device\nfunction (using ieee80211_free_hw). But the code then accesses the udev\nfield of the freed object to put the USB device. This may also lead to a\nmemory leak of the usb device. Fix this by using udev from interface.(CVE-2025-37796)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all ->qlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().(CVE-2025-37798)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: qfq: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard's report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc's enqueue callback reentrant.\nIn the case of qfq, there won't be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nThis patch checks whether the class was already added to the agg->active\nlist (cl_is_active) before doing the addition to cater for the reentrant\ncase.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/(CVE-2025-37913)\n\nA vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 (Operating System).CWE is classifying the issue as CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 6.1.147, 6.6.100, 6.12.40 or 6.15.8 eliminates this vulnerability. Applying the patch d3ed1d84a84538a39b3eb2055d6a97a936c108f2/fcda39a9c5b834346088c14b1374336b079466c1/a262370f385e53ff7470efdcdaf40468e5756717/a47d9d9895bad9ce0e840a39836f19ca0b2a343a/4f15ee98304b96e164ff2340e1dfd6181c3f42aa is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38495)\n\nA vulnerability classified as problematic was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 (Operating System).The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.As an impact it is known to affect confidentiality.Upgrading to version 6.1.147, 6.6.100, 6.12.40 or 6.15.8 eliminates this vulnerability. Applying the patch ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7/955e8835855fed8e87f7d8c8075564a1746c1b4c/e0f3c0867d7d231c70984f05c97752caacd0daba/43ddd82e6a91913cea1c078e782afd8de60c3a53/66acb1586737a22dd7b78abc63213b1bcaa100e4 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38529)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2058", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2058" }, { "summary":"CVE-2022-49623", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-49623&packageName=kernel" }, { "summary":"CVE-2025-37796", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-37796&packageName=kernel" }, { "summary":"CVE-2025-37798", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-37798&packageName=kernel" }, { "summary":"CVE-2025-37913", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-37913&packageName=kernel" }, { "summary":"CVE-2025-38495", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38495&packageName=kernel" }, { "summary":"CVE-2025-38529", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-38529&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49623" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37796" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37798" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37913" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38495" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38529" }, { "summary":"openEuler-SA-2025-2058 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2058.json" } ], "title":"An update for kernel is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2025-08-22T19:39:43+08:00", "revision_history":[ { "date":"2025-08-22T19:39:43+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-08-22T19:39:43+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-08-22T19:39:43+08:00", "id":"openEuler-SA-2025-2058", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-5.10.0-278.0.0.180.oe2203sp3.src.rpm", "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.src.rpm" }, "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "name":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "name":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-5.10.0-278.0.0.180.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"perf-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "name":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"perf-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "name":"python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-49623", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive/spapr: correct bitmap allocation size\n\nkasan detects access beyond the end of the xibm->bitmap allocation:\n\nBUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140\nRead of size 8 at addr c00000001d1d0118 by task swapper/0/1\n\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28\nCall Trace:\n[c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable)\n[c00000001d98f7b0] [c00000000068faac] print_report+0x37c/0x710\n[c00000001d98f880] [c0000000006902c0] kasan_report+0x110/0x354\n[c00000001d98f950] [c000000000692324] __asan_load8+0xa4/0xe0\n[c00000001d98f970] [c0000000011c6ed0] _find_first_zero_bit+0x40/0x140\n[c00000001d98f9b0] [c0000000000dbfbc] xive_spapr_get_ipi+0xcc/0x260\n[c00000001d98fa70] [c0000000000d6d28] xive_setup_cpu_ipi+0x1e8/0x450\n[c00000001d98fb30] [c000000004032a20] pSeries_smp_probe+0x5c/0x118\n[c00000001d98fb60] [c000000004018b44] smp_prepare_cpus+0x944/0x9ac\n[c00000001d98fc90] [c000000004009f9c] kernel_init_freeable+0x2d4/0x640\n[c00000001d98fd90] [c0000000000131e8] kernel_init+0x28/0x1d0\n[c00000001d98fe10] [c00000000000cd54] ret_from_kernel_thread+0x5c/0x64\n\nAllocated by task 0:\n kasan_save_stack+0x34/0x70\n __kasan_kmalloc+0xb4/0xf0\n __kmalloc+0x268/0x540\n xive_spapr_init+0x4d0/0x77c\n pseries_init_irq+0x40/0x27c\n init_IRQ+0x44/0x84\n start_kernel+0x2a4/0x538\n start_here_common+0x1c/0x20\n\nThe buggy address belongs to the object at c00000001d1d0118\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n 8-byte region [c00000001d1d0118, c00000001d1d0120)\n\nThe buggy address belongs to the physical page:\npage:c00c000000074740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc00000001d1d0558 pfn:0x1d1d\nflags: 0x7ffff000000200(slab|node=0|zone=0|lastcpupid=0x7ffff)\nraw: 007ffff000000200 c00000001d0003c8 c00000001d0003c8 c00000001d010480\nraw: c00000001d1d0558 0000000001e1000a 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n c00000001d1d0000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0080: fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc\n>c00000001d1d0100: fc fc fc 02 fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n c00000001d1d0180: fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0200: fc fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc\n\nThis happens because the allocation uses the wrong unit (bits) when it\nshould pass (BITS_TO_LONGS(count) * sizeof(long)) or equivalent. With small\nnumbers of bits, the allocated object can be smaller than sizeof(long),\nwhich results in invalid accesses.\n\nUse bitmap_zalloc() to allocate and initialize the irq bitmap, paired with\nbitmap_free() for consistency.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2058" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-49623" }, { "cve":"CVE-2025-37796", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: at76c50x: fix use after free access in at76_disconnect\n\nThe memory pointed to by priv is freed at the end of at76_delete_device\nfunction (using ieee80211_free_hw). But the code then accesses the udev\nfield of the freed object to put the USB device. This may also lead to a\nmemory leak of the usb device. Fix this by using udev from interface.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2058" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.0, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-37796" }, { "cve":"CVE-2025-37798", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all ->qlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2058" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-37798" }, { "cve":"CVE-2025-37913", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: qfq: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard's report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc's enqueue callback reentrant.\nIn the case of qfq, there won't be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nThis patch checks whether the class was already added to the agg->active\nlist (cl_is_active) before doing the addition to cater for the reentrant\ncase.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2058" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.0, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-37913" }, { "cve":"CVE-2025-38495", "notes":[ { "text":"A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 (Operating System).CWE is classifying the issue as CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 6.1.147, 6.6.100, 6.12.40 or 6.15.8 eliminates this vulnerability. Applying the patch d3ed1d84a84538a39b3eb2055d6a97a936c108f2/fcda39a9c5b834346088c14b1374336b079466c1/a262370f385e53ff7470efdcdaf40468e5756717/a47d9d9895bad9ce0e840a39836f19ca0b2a343a/4f15ee98304b96e164ff2340e1dfd6181c3f42aa is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2058" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-38495" }, { "cve":"CVE-2025-38529", "notes":[ { "text":"A vulnerability classified as problematic was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 (Operating System).The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.As an impact it is known to affect confidentiality.Upgrading to version 6.1.147, 6.6.100, 6.12.40 or 6.15.8 eliminates this vulnerability. Applying the patch ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7/955e8835855fed8e87f7d8c8075564a1746c1b4c/e0f3c0867d7d231c70984f05c97752caacd0daba/43ddd82e6a91913cea1c078e782afd8de60c3a53/66acb1586737a22dd7b78abc63213b1bcaa100e4 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2058" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.src", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:kernel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-debugsource-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-headers-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-source-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:kernel-tools-devel-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-5.10.0-278.0.0.180.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:python3-perf-debuginfo-5.10.0-278.0.0.180.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-38529" } ] }