{"schema_version":"1.7.2","id":"OESA-2025-1871","modified":"2025-07-18T14:51:07Z","published":"2025-07-18T14:51:07Z","upstream":["CVE-2025-38000","CVE-2025-38229","CVE-2025-38285","CVE-2025-38320","CVE-2025-38346"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nLinux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States.\n There is a security vulnerability in Linux kernel, which originates from a qlen count error in sch_hfsc, which may cause inconsistent queue statistics.(CVE-2025-38000)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f(CVE-2025-38229)\n\nA vulnerability has been found in Linux Kernel up to 6.15.2 (Operating System) and classified as critical.The CWE definition for the vulnerability is CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.94, 6.12.34, 6.15.3 or 6.16-rc1 eliminates this vulnerability. Applying the patch 44ebe361abb322d2afd77930fa767a99f271c4d1/147ea936fc6fa8fe0c93f0df918803a5375ca535/ee90be48edb3dac612e0b7f5332482a9e8be2696/e167414beabb1e941fe563a96becc98627d5bdf6/6d8f39875a10a194051c3eaefebc7ac06a34aaf3/c98cdf6795a36bca163ebb40411fef1687b9eb13/18e8cbbae79cb35bdce8a01c889827b9799c762e/3880cdbed1c4607e378f58fa924c5d6df900d1d3 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38285)\n\nA vulnerability was found in Linux Kernel up to 6.16-rc2 (Operating System). It has been declared as problematic.The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.As an impact it is known to affect confidentiality.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.95, 6.12.35, 6.15.4 or 6.16-rc3 eliminates this vulnerability. Applying the patch 64773b3ea09235168a549a195cba43bb867c4a17/67abac27d806e8f9d4226ec1528540cf73af673a/92750bfe7b0d8dbcaf578c091a65eda1c5f9ad38/01f91d415a8375d85e0c7d3615cd4a168308bb7c/21da6d3561f373898349ca7167c9811c020da695/22f935bc86bdfbde04009f05eee191d220cd8c89/422e565b7889ebfd9c8705a3fc786642afe61fca/39dfc971e42d886e7df01371cd1bef505076d84c is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-20926).(CVE-2025-38320)\n\nA vulnerability was found in Linux Kernel up to 6.15.3 (Operating System). It has been declared as critical.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.95, 6.12.35, 6.15.4 or 6.16-rc1 eliminates this vulnerability. Applying the patch d064c68781c19f378af1ae741d9132d35d24b2bb/8690cd3258455bbae64f809e1d3ee0f043661c71/6805582abb720681dd1c87ff677f155dcf4e86c9/03a162933c4a03b9f1a84f7d8482903c7e1e11bb/83a692a9792aa86249d68a8ac0b9d55ecdd255fa/8e89c17dc8970c5f71a3a991f5724d4c8de42d8c/f78a786ad9a5443a29eef4dae60cde85b7375129/f914b52c379c12288b7623bb814d0508dbe7481d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38346)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2507.3.0.0336.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","perf-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2507.3.0.0336.oe2003sp4.src.rpm"],"x86_64":["bpftool-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-tools-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","perf-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","perf-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2507.3.0.0336.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1871"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38000"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38229"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38285"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38320"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38346"}],"database_specific":{"severity":"High"}}