{"schema_version":"1.7.2","id":"OESA-2025-2768","modified":"2025-11-28T12:53:12Z","published":"2025-11-28T12:53:12Z","upstream":["CVE-2023-53695","CVE-2023-7324","CVE-2025-39964"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nudf: Detect system inodes linked into directory hierarchy\n\nWhen UDF filesystem is corrupted, hidden system inodes can be linked\ninto directory hierarchy which is an avenue for further serious\ncorruption of the filesystem and kernel confusion as noticed by syzbot\nfuzzed images. Refuse to access system inodes linked into directory\nhierarchy and vice versa.(CVE-2023-53695)\n\nIn the Linux kernel, a boundary check vulnerability exists in the SCSI SES (SCSI Enclosure Services) component. The vulnerability involves improper boundary checking of the addl_desc_ptr pointer in the ses_enclosure_data_process() function, which may lead to out-of-bounds accesses.(CVE-2023-7324)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Disallow concurrent writes in af_alg_sendmsg\n\nIssuing two writes to the same af_alg socket is bogus as the\ndata will be interleaved in an unpredictable fashion.  Furthermore,\nconcurrent writes may create inconsistencies in the internal\nsocket state.\n\nDisallow this by adding a new ctx->write field that indiciates\nexclusive ownership for writing.(CVE-2025-39964)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2511.4.0.0353.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","perf-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2511.4.0.0353.oe2003sp4.src.rpm"],"x86_64":["bpftool-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-tools-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","perf-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2511.4.0.0353.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2768"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53695"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-7324"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39964"}],"database_specific":{"severity":"Medium"}}