{"schema_version":"1.7.2","id":"OESA-2025-1319","modified":"2025-03-21T13:18:37Z","published":"2025-03-21T13:18:37Z","upstream":["CVE-2024-58058","CVE-2025-21662"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u0026gt;zroot.znode = NULL, then dumping tnc tree will access\nc-\u0026gt;zroot.znode which cause null pointer dereference.(CVE-2024-58058)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix variable not being completed when function returns\n\nWhen cmd_alloc_index(), fails cmd_work_handler() needs\nto complete ent-\u0026gt;slotted before returning early.\nOtherwise the task which issued the command may hang:\n\n   mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry\n   INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.\n         Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1\n   \u0026quot;echo 0 \u0026gt; /proc/sys/kernel/hung_task_timeout_secs\u0026quot; disables this message.\n   kworker/13:2    D    0 4055883      2 0x00000228\n   Workqueue: events mlx5e_tx_dim_work [mlx5_core]\n   Call trace:\n      __switch_to+0xe8/0x150\n      __schedule+0x2a8/0x9b8\n      schedule+0x2c/0x88\n      schedule_timeout+0x204/0x478\n      wait_for_common+0x154/0x250\n      wait_for_completion+0x28/0x38\n      cmd_exec+0x7a0/0xa00 [mlx5_core]\n      mlx5_cmd_exec+0x54/0x80 [mlx5_core]\n      mlx5_core_modify_cq+0x6c/0x80 [mlx5_core]\n      mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core]\n      mlx5e_tx_dim_work+0x54/0x68 [mlx5_core]\n      process_one_work+0x1b0/0x448\n      worker_thread+0x54/0x468\n      kthread+0x134/0x138\n      ret_from_fork+0x10/0x18(CVE-2025-21662)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-254.0.0.158.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","bpftool-debuginfo-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-debuginfo-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-debugsource-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-devel-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-headers-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-source-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-tools-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-tools-debuginfo-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","kernel-tools-devel-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","perf-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","perf-debuginfo-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","python3-perf-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm","python3-perf-debuginfo-5.10.0-254.0.0.158.oe2203sp4.aarch64.rpm"],"src":["kernel-5.10.0-254.0.0.158.oe2203sp4.src.rpm"],"x86_64":["bpftool-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","bpftool-debuginfo-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-debuginfo-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-debugsource-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-devel-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-headers-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-source-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-tools-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-tools-debuginfo-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","kernel-tools-devel-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","perf-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","perf-debuginfo-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","python3-perf-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm","python3-perf-debuginfo-5.10.0-254.0.0.158.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1319"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-58058"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21662"}],"database_specific":{"severity":"Medium"}}