{"schema_version":"1.7.2","id":"OESA-2025-1447","modified":"2025-04-25T14:05:03Z","published":"2025-04-25T14:05:03Z","upstream":["CVE-2022-49493","CVE-2022-49538","CVE-2025-21863"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix errorenous cleanup order\n\nThere is a logic error when removing rt5645 device as the function\nrt5645_i2c_remove() first cancel the \u0026amp;rt5645-\u0026gt;jack_detect_work and\ndelete the \u0026amp;rt5645-\u0026gt;btn_check_timer latter. However, since the timer\nhandler rt5645_btn_check_callback() will re-queue the jack_detect_work,\nthis cleanup order is buggy.\n\nThat is, once the del_timer_sync in rt5645_i2c_remove is concurrently\nrun with the rt5645_btn_check_callback, the canceled jack_detect_work\nwill be rescheduled again, leading to possible use-after-free.\n\nThis patch fix the issue by placing the del_timer_sync function before\nthe cancel_delayed_work_sync.(CVE-2022-49493)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nALSA: jack: Access input_dev under mutex\n\nIt is possible when using ASoC that input_dev is unregistered while\ncalling snd_jack_report, which causes NULL pointer dereference.\nIn order to prevent this serialize access to input_dev using mutex lock.(CVE-2022-49538)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u0026gt;opcode is used for different tables, make sure we santitise it\nagainst speculations.(CVE-2025-21863)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2504.4.0.0325.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","perf-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2504.4.0.0325.oe2003sp4.src.rpm"],"x86_64":["bpftool-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-tools-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","perf-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1447"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49493"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49538"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21863"}],"database_specific":{"severity":"High"}}