{"schema_version":"1.7.2","id":"OESA-2025-2314","modified":"2025-09-19T13:13:25Z","published":"2025-09-19T13:13:25Z","upstream":["CVE-2025-38693","CVE-2025-38710"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")(CVE-2025-38693)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Validate i_depth for exhash directories\n\nA fuzzer test introduced corruption that ends up with a depth of 0 in\ndir_e_read(), causing an undefined shift by 32 at:\n\n  index = hash >> (32 - dip->i_depth);\n\nAs calculated in an open-coded way in dir_make_exhash(), the minimum\ndepth for an exhash directory is ilog2(sdp->sd_hash_ptrs) and 0 is\ninvalid as sdp->sd_hash_ptrs is fixed as sdp->bsize / 16 at mount time.\n\nSo we can avoid the undefined behaviour by checking for depth values\nlower than the minimum in gfs2_dinode_in(). Values greater than the\nmaximum are already being checked for there.\n\nAlso switch the calculation in dir_make_exhash() to use ilog2() to\nclarify how the depth is calculated.\n\nTested with the syzkaller repro.c and xfstests '-g quick'.(CVE-2025-38710)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-282.0.0.185.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","bpftool-debuginfo-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-debuginfo-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-debugsource-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-devel-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-headers-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-source-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-tools-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-tools-debuginfo-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","kernel-tools-devel-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","perf-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","perf-debuginfo-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","python3-perf-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm","python3-perf-debuginfo-5.10.0-282.0.0.185.oe2203sp4.aarch64.rpm"],"src":["kernel-5.10.0-282.0.0.185.oe2203sp4.src.rpm"],"x86_64":["bpftool-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","bpftool-debuginfo-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-debuginfo-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-debugsource-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-devel-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-headers-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-source-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-tools-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-tools-debuginfo-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","kernel-tools-devel-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","perf-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","perf-debuginfo-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","python3-perf-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm","python3-perf-debuginfo-5.10.0-282.0.0.185.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2314"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38693"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38710"}],"database_specific":{"severity":"High"}}