An update for kernel is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2768 Final 1.0 1.0 2025-11-28 Initial 2025-11-28 2025-11-28 openEuler SA Tool V1.0 2025-11-28 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP4 The Linux Kernel, the operating system core itself. Security Fix(es): In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the filesystem and kernel confusion as noticed by syzbot fuzzed images. Refuse to access system inodes linked into directory hierarchy and vice versa.(CVE-2023-53695) In the Linux kernel, a boundary check vulnerability exists in the SCSI SES (SCSI Enclosure Services) component. The vulnerability involves improper boundary checking of the addl_desc_ptr pointer in the ses_enclosure_data_process() function, which may lead to out-of-bounds accesses.(CVE-2023-7324) In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.(CVE-2025-39964) An update for kernel is now available for openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium kernel https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2768 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-53695 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-7324 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39964 https://nvd.nist.gov/vuln/detail/CVE-2023-53695 https://nvd.nist.gov/vuln/detail/CVE-2023-7324 https://nvd.nist.gov/vuln/detail/CVE-2025-39964 openEuler-20.03-LTS-SP4 bpftool-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm bpftool-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-debugsource-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-devel-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-source-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-tools-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-tools-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm kernel-tools-devel-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm perf-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm python2-perf-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm python2-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm python3-perf-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm python3-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm bpftool-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm bpftool-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-debugsource-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-devel-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-source-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-tools-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-tools-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-tools-devel-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm perf-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm python2-perf-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm python2-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm python3-perf-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm python3-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm kernel-4.19.90-2511.4.0.0353.oe2003sp4.src.rpm In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the filesystem and kernel confusion as noticed by syzbot fuzzed images. Refuse to access system inodes linked into directory hierarchy and vice versa. 2025-11-28 CVE-2023-53695 openEuler-20.03-LTS-SP4 Medium 4.0 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L kernel security update 2025-11-28 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2768 In the Linux kernel, a boundary check vulnerability exists in the SCSI SES (SCSI Enclosure Services) component. The vulnerability involves improper boundary checking of the addl_desc_ptr pointer in the ses_enclosure_data_process() function, which may lead to out-of-bounds accesses. 2025-11-28 CVE-2023-7324 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2025-11-28 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2768 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing. 2025-11-28 CVE-2025-39964 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2025-11-28 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2768