OESA-2025-1596

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1596
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1596.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1596
Upstream
Published
2025-06-06T14:04:03Z
Modified
2025-08-12T05:38:10.456637Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel, the following vulnerability has been resolved:

mmc: sdhci-pci: Fix possible memory leak caused by missing pcidevput()

pcigetdevice() will increase the reference count for the returned pcidev. We need to use pcidevput() to decrease the reference count before amdprobe() returns. There is no problem for the 'smbusdev == NULL' branch because pcidev_put() can also handle the NULL input parameter case.(CVE-2022-49787)

In the Linux kernel, the following vulnerability has been resolved:

media: dw2102: Fix null-ptr-deref in dw2102i2ctransfer()

In dw2102i2ctransfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102i2ctransfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash.

Similar commit: commit 950e252cb469 ("[media] dw2102: limit messages to buffer size")(CVE-2023-53146)

In the Linux kernel, the following vulnerability has been resolved:

fs/jfs: Prevent integer overflow in AG size calculation

The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB aggregates on 32-bit systems), this 32-bit shift operation causes undefined behavior and improper AG sizing.

On 32-bit architectures: - Left-shifting 1 by 32+ bits results in 0 due to integer overflow - This creates invalid AG sizes (0 or garbage values) in sbi->bmap->db_agsize - Subsequent block allocations would reference invalid AG structures - Could lead to: - Filesystem corruption during extend operations - Kernel crashes due to invalid memory accesses - Security vulnerabilities via malformed on-disk structures

Fix by casting to s64 before shifting: bmp->db_agsize = (s64)1 << l2agsize;

This ensures 64-bit arithmetic even on 32-bit architectures. The cast matches the data type of db_agsize (s64) and follows similar patterns in JFS block calculation code.

Found by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2025-37858)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.90-2506.1.0.0330.oe2003sp4

Ecosystem specific 

{
    "x86_64": [
        "bpftool-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-debugsource-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-devel-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-source-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-tools-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "perf-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "perf-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "python2-perf-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "python3-perf-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2506.1.0.0330.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "bpftool-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-debugsource-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-devel-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-source-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-tools-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "perf-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "perf-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "python2-perf-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "python3-perf-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2506.1.0.0330.oe2003sp4.aarch64.rpm"
    ]
}