OESA-2025-1447

There is a logic error when removing rt5645 device as the function rt5645i2cremove() first cancel the &rt5645->jackdetectwork and delete the &rt5645->btnchecktimer latter. However, since the timer handler rt5645btncheckcallback() will re-queue the jackdetect_work, this cleanup order is buggy.

That is, once the deltimersync in rt5645i2cremove is concurrently run with the rt5645btncheckcallback, the canceled jackdetect_work will be rescheduled again, leading to possible use-after-free.

This patch fix the issue by placing the deltimersync function before the canceldelayedwork_sync.(CVE-2022-49493)

In the Linux kernel, the following vulnerability has been resolved:

ALSA: jack: Access input_dev under mutex

It is possible when using ASoC that inputdev is unregistered while calling sndjackreport, which causes NULL pointer dereference. In order to prevent this serialize access to inputdev using mutex lock.(CVE-2022-49538)

In the Linux kernel, the following vulnerability has been resolved:

io_uring: prevent opcode speculation

sqe->opcode is used for different tables, make sure we santitise it against speculations.(CVE-2025-21863)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.90-2504.4.0.0325.oe2003sp4

Ecosystem specific

{
    "src": [
        "kernel-4.19.90-2504.4.0.0325.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "bpftool-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-debugsource-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-devel-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-source-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-tools-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "perf-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "python2-perf-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "python3-perf-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "bpftool-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-debugsource-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-devel-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-source-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-tools-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "perf-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "python2-perf-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "python3-perf-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2504.4.0.0325.oe2003sp4.aarch64.rpm"
    ]
}