OESA-2025-2853

Add a check to prevent out-of-bounds access if ltreedepth has an invalid value, which may occur when reading from a corrupted mounted disk [1].(CVE-2025-22079)

In the Linux kernel, the following vulnerability has been resolved:

mfd: ene-kb3930: Fix a potential NULL pointer dereference

The offgpios could be NULL. Add missing check in the kb3930probe(). This is similar to the issue fixed in commit b1ba8bcb2d1f ("backlight: hx8357: Fix potential NULL pointer dereference").

This was detected by our static analysis tool.(CVE-2025-23146)

In the Linux kernel, the following vulnerability has been resolved:

jbd2: remove wrong sb->s_sequence check

Journal emptiness is not determined by sb->ssequence == 0 but rather by sb->sstart == 0 (which is set a few lines above). Furthermore 0 is a valid transaction ID so the check can spuriously trigger. Remove the invalid WARN_ON.(CVE-2025-37839)

In the Linux kernel, bitputcsaligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot.(CVE-2025-40322)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.0-295.0.0.198.oe2203sp4

Ecosystem specific

{
    "x86_64": [
        "bpftool-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "bpftool-debuginfo-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-debuginfo-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-debugsource-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-devel-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-headers-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-source-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-tools-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-tools-debuginfo-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "kernel-tools-devel-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "perf-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "perf-debuginfo-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "python3-perf-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm",
        "python3-perf-debuginfo-5.10.0-295.0.0.198.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "kernel-5.10.0-295.0.0.198.oe2203sp4.src.rpm"
    ],
    "aarch64": [
        "bpftool-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "bpftool-debuginfo-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-debuginfo-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-debugsource-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-devel-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-headers-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-source-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-tools-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-tools-debuginfo-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "kernel-tools-devel-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "perf-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "perf-debuginfo-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "python3-perf-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm",
        "python3-perf-debuginfo-5.10.0-295.0.0.198.oe2203sp4.aarch64.rpm"
    ]
}