{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.(CVE-2025-39833)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Add support for Van Gogh SoC\n\nThe ROG Xbox Ally (non-X) SoC features a similar architecture to the\nSteam Deck. While the Steam Deck supports S3 (s2idle causes a crash),\nthis support was dropped by the Xbox Ally which only S0ix suspend.\n\nSince the handler is missing here, this causes the device to not suspend\nand the AMD GPU driver to crash while trying to resume afterwards due to\na power hang.(CVE-2025-68334)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nteam: Move team device type change at the end of team_port_add\n\nAttempting to add a port device that is already up will expectedly fail,\nbut not before modifying the team device header_ops.\n\nIn the case of the syzbot reproducer the gre0 device is\nalready in state UP when it attempts to add it as a\nport device of team0, this fails but before that\nheader_ops->create of team0 is changed from eth_header to ipgre_header\nin the call to team_dev_type_check_change.\n\nLater when we end up in ipgre_header() struct ip_tunnel* points to nonsense\nas the private data of the device still holds a struct team.\n\nExample sequence of iproute2 commands to reproduce the hang/BUG():\nip link add dev team0 type team\nip link add dev gre0 type gre\nip link set dev gre0 up\nip link set dev gre0 master team0\nip link set dev team0 up\nping -I team0 1.1.1.1\n\nMove team_dev_type_check_change down where all other checks have passed\nas it changes the dev type with no way to restore it in case\none of the checks that follow it fail.\n\nAlso make sure to preserve the origial mtu assignment:\n - If port_dev is not the same type as dev, dev takes mtu from port_dev\n - If port_dev is the same type as dev, port_dev takes mtu from dev\n\nThis is done by adding a conditional before the call to dev_set_mtu\nto prevent it from assigning port_dev->mtu = dev->mtu and instead\nletting team_dev_type_check_change assign dev->mtu = port_dev->mtu.\nThe conditional is needed because the patch moves the call to\nteam_dev_type_check_change past dev_set_mtu.\n\nTesting:\n - team device driver in-tree selftests\n - Add/remove various devices as slaves of team device\n - syzbot(CVE-2025-68340)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix neighbour use-after-free\n\nWe sometimes observe use-after-free when dereferencing a neighbour [1].\nThe problem seems to be that the driver stores a pointer to the\nneighbour, but without holding a reference on it. A reference is only\ntaken when the neighbour is used by a nexthop.\n\nFix by simplifying the reference counting scheme. Always take a\nreference when storing a neighbour pointer in a neighbour entry. Avoid\ntaking a referencing when the neighbour is used by a nexthop as the\nneighbour entry associated with the nexthop already holds a reference.\n\nTested by running the test that uncovered the problem over 300 times.\nWithout this patch the problem was reproduced after a handful of\niterations.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x2d4/0x310\nRead of size 8 at addr ffff88817f8e3420 by task ip/3929\n\nCPU: 3 UID: 0 PID: 3929 Comm: ip Not tainted 6.18.0-rc4-virtme-g36b21a067510 #3 PREEMPT(full)\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nCall Trace:\n \n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6e/0x300\n print_report+0xfc/0x1fb\n kasan_report+0xe4/0x110\n mlxsw_sp_neigh_entry_update+0x2d4/0x310\n mlxsw_sp_router_rif_gone_sync+0x35f/0x510\n mlxsw_sp_rif_destroy+0x1ea/0x730\n mlxsw_sp_inetaddr_port_vlan_event+0xa1/0x1b0\n __mlxsw_sp_inetaddr_lag_event+0xcc/0x130\n __mlxsw_sp_inetaddr_event+0xf5/0x3c0\n mlxsw_sp_router_netdevice_event+0x1015/0x1580\n notifier_call_chain+0xcc/0x150\n call_netdevice_notifiers_info+0x7e/0x100\n __netdev_upper_dev_unlink+0x10b/0x210\n netdev_upper_dev_unlink+0x79/0xa0\n vrf_del_slave+0x18/0x50\n do_set_master+0x146/0x7d0\n do_setlink.isra.0+0x9a0/0x2880\n rtnl_newlink+0x637/0xb20\n rtnetlink_rcv_msg+0x6fe/0xb90\n netlink_rcv_skb+0x123/0x380\n netlink_unicast+0x4a3/0x770\n netlink_sendmsg+0x75b/0xc90\n __sock_sendmsg+0xbe/0x160\n ____sys_sendmsg+0x5b2/0x7d0\n ___sys_sendmsg+0xfd/0x180\n __sys_sendmsg+0x124/0x1c0\n do_syscall_64+0xbb/0xfd0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[...]\n\nAllocated by task 109:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x2c1/0x790\n neigh_alloc+0x6af/0x8f0\n ___neigh_create+0x63/0xe90\n mlxsw_sp_nexthop_neigh_init+0x430/0x7e0\n mlxsw_sp_nexthop_type_init+0x212/0x960\n mlxsw_sp_nexthop6_group_info_init.constprop.0+0x81f/0x1280\n mlxsw_sp_nexthop6_group_get+0x392/0x6a0\n mlxsw_sp_fib6_entry_create+0x46a/0xfd0\n mlxsw_sp_router_fib6_replace+0x1ed/0x5f0\n mlxsw_sp_router_fib6_event_work+0x10a/0x2a0\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20\n\nFreed by task 154:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x43/0x70\n kmem_cache_free_bulk.part.0+0x1eb/0x5e0\n kvfree_rcu_bulk+0x1f2/0x260\n kfree_rcu_work+0x130/0x1b0\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20\n\nLast potentially related work creation:\n kasan_save_stack+0x30/0x50\n kasan_record_aux_stack+0x8c/0xa0\n kvfree_call_rcu+0x93/0x5b0\n mlxsw_sp_router_neigh_event_work+0x67d/0x860\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20(CVE-2025-68801)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: bound check rq_pages index in inline path\n\nsvc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without\nverifying rc_curpage stays within the allocated page array. Add guards\nbefore the first use and after advancing to a new page.(CVE-2025-71068)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix off-by-one issues in iavf_config_rss_reg()\n\nThere are off-by-one bugs when configuring RSS hash key and lookup\ntable, causing out-of-bounds reads to memory [1] and out-of-bounds\nwrites to device registers.\n\nBefore commit 43a3d9ba34c9 (\"i40evf: Allow PF driver to configure RSS\"),\nthe loop upper bounds were:\n i <= I40E_VFQF_{HKEY,HLUT}_MAX_INDEX\nwhich is safe since the value is the last valid index.\n\nThat commit changed the bounds to:\n i <= adapter->rss_{key,lut}_size / 4\nwhere `rss_{key,lut}_size / 4` is the number of dwords, so the last\nvalid index is `(rss_{key,lut}_size / 4) - 1`. Therefore, using `<=`\naccesses one element past the end.\n\nFix the issues by using `<` instead of `<=`, ensuring we do not exceed\nthe bounds.\n\n[1] KASAN splat about rss_key_size off-by-one\n BUG: KASAN: slab-out-of-bounds in iavf_config_rss+0x619/0x800\n Read of size 4 at addr ffff888102c50134 by task kworker/u8:6/63\n\n CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:6 Not tainted 6.18.0-rc2-enjuk-tnguy-00378-g3005f5b77652-dirty #156 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Workqueue: iavf iavf_watchdog_task\n Call Trace:\n \n dump_stack_lvl+0x6f/0xb0\n print_report+0x170/0x4f3\n kasan_report+0xe1/0x1a0\n iavf_config_rss+0x619/0x800\n iavf_watchdog_task+0x2be7/0x3230\n process_one_work+0x7fd/0x1420\n worker_thread+0x4d1/0xd40\n kthread+0x344/0x660\n ret_from_fork+0x249/0x320\n ret_from_fork_asm+0x1a/0x30\n \n\n Allocated by task 63:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x246/0x6f0\n iavf_watchdog_task+0x28fc/0x3230\n process_one_work+0x7fd/0x1420\n worker_thread+0x4d1/0xd40\n kthread+0x344/0x660\n ret_from_fork+0x249/0x320\n ret_from_fork_asm+0x1a/0x30\n\n The buggy address belongs to the object at ffff888102c50100\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes to the right of\n allocated 52-byte region [ffff888102c50100, ffff888102c50134)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c50\n flags: 0x200000000000000(node=0|zone=2)\n page_type: f5(slab)\n raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888102c50000: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc\n ffff888102c50080: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc\n >ffff888102c50100: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc\n ^\n ffff888102c50180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc\n ffff888102c50200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc(CVE-2025-71087)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer\n\nInitialize the eb.vma array with values of 0 when the eb structure is\nfirst set up. In particular, this sets the eb->vma[i].vma pointers to\nNULL, simplifying cleanup and getting rid of the bug described below.\n\nDuring the execution of eb_lookup_vmas(), the eb->vma array is\nsuccessively filled up with struct eb_vma objects. This process includes\ncalling eb_add_vma(), which might fail; however, even in the event of\nfailure, eb->vma[i].vma is set for the currently processed buffer.\n\nIf eb_add_vma() fails, eb_lookup_vmas() returns with an error, which\nprompts a call to eb_release_vmas() to clean up the mess. Since\neb_lookup_vmas() might fail during processing any (possibly not first)\nbuffer, eb_release_vmas() checks whether a buffer's vma is NULL to know\nat what point did the lookup function fail.\n\nIn eb_lookup_vmas(), eb->vma[i].vma is set to NULL if either the helper\nfunction eb_lookup_vma() or eb_validate_vma() fails. eb->vma[i+1].vma is\nset to NULL in case i915_gem_object_userptr_submit_init() fails; the\ncurrent one needs to be cleaned up by eb_release_vmas() at this point,\nso the next one is set. If eb_add_vma() fails, neither the current nor\nthe next vma is set to NULL, which is a source of a NULL deref bug\ndescribed in the issue linked in the Closes tag.\n\nWhen entering eb_lookup_vmas(), the vma pointers are set to the slab\npoison value, instead of NULL. This doesn't matter for the actual\nlookup, since it gets overwritten anyway, however the eb_release_vmas()\nfunction only recognizes NULL as the stopping value, hence the pointers\nare being set to NULL as they go in case of intermediate failure. This\npatch changes the approach to filling them all with NULL at the start\ninstead, rather than handling that manually during failure.\n\n(cherry picked from commit 08889b706d4f0b8d2352b7ca29c2d8df4d0787cd)(CVE-2025-71130)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: properly keep track of conduit reference\n\nProblem description\n-------------------\n\nDSA has a mumbo-jumbo of reference handling of the conduit net device\nand its kobject which, sadly, is just wrong and doesn't make sense.\n\nThere are two distinct problems.\n\n1. The OF path, which uses of_find_net_device_by_node(), never releases\n the elevated refcount on the conduit's kobject. Nominally, the OF and\n non-OF paths should result in objects having identical reference\n counts taken, and it is already suspicious that\n dsa_dev_to_net_device() has a put_device() call which is missing in\n dsa_port_parse_of(), but we can actually even verify that an issue\n exists. With CONFIG_DEBUG_KOBJECT_RELEASE=y, if we run this command\n \"before\" and \"after\" applying this patch:\n\n(unbind the conduit driver for net device eno2)\necho 0000:00:00.2 > /sys/bus/pci/drivers/fsl_enetc/unbind\n\nwe see these lines in the output diff which appear only with the patch\napplied:\n\nkobject: 'eno2' (ffff002009a3a6b8): kobject_release, parent 0000000000000000 (delayed 1000)\nkobject: '109' (ffff0020099d59a0): kobject_release, parent 0000000000000000 (delayed 1000)\n\n2. After we find the conduit interface one way (OF) or another (non-OF),\n it can get unregistered at any time, and DSA remains with a long-lived,\n but in this case stale, cpu_dp->conduit pointer. Holding the net\n device's underlying kobject isn't actually of much help, it just\n prevents it from being freed (but we never need that kobject\n directly). What helps us to prevent the net device from being\n unregistered is the parallel netdev reference mechanism (dev_hold()\n and dev_put()).\n\nActually we actually use that netdev tracker mechanism implicitly on\nuser ports since commit 2f1e8ea726e9 (\"net: dsa: link interfaces with\nthe DSA master to get rid of lockdep warnings\"), via netdev_upper_dev_link().\nBut time still passes at DSA switch probe time between the initial\nof_find_net_device_by_node() code and the user port creation time, time\nduring which the conduit could unregister itself and DSA wouldn't know\nabout it.\n\nSo we have to run of_find_net_device_by_node() under rtnl_lock() to\nprevent that from happening, and release the lock only with the netdev\ntracker having acquired the reference.\n\nDo we need to keep the reference until dsa_unregister_switch() /\ndsa_switch_shutdown()?\n1: Maybe yes. A switch device will still be registered even if all user\n ports failed to probe, see commit 86f8b1c01a0a (\"net: dsa: Do not\n make user port errors fatal\"), and the cpu_dp->conduit pointers\n remain valid. I haven't audited all call paths to see whether they\n will actually use the conduit in lack of any user port, but if they\n do, it seems safer to not rely on user ports for that reference.\n2. Definitely yes. We support changing the conduit which a user port is\n associated to, and we can get into a situation where we've moved all\n user ports away from a conduit, thus no longer hold any reference to\n it via the net device tracker. But we shouldn't let it go nonetheless\n - see the next change in relation to dsa_tree_find_first_conduit()\n and LAG conduits which disappear.\n We have to be prepared to return to the physical conduit, so the CPU\n port must explicitly keep another reference to it. This is also to\n say: the user ports and their CPU ports may not always keep a\n reference to the same conduit net device, and both are needed.\n\nAs for the conduit's kobject for the /sys/class/net/ entry, we don't\ncare about it, we can release it as soon as we hold the net device\nobject itself.\n\nHistory and blame attribution\n-----------------------------\n\nThe code has been refactored so many times, it is very difficult to\nfollow and properly attribute a blame, but I'll try to make a short\nhistory which I hope to be correct.\n\nWe have two distinct probing paths:\n- one for OF, introduced in 2016 i\n---truncated---(CVE-2025-71152)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock in wait_current_trans() due to ignored transaction type\n\nWhen wait_current_trans() is called during start_transaction(), it\ncurrently waits for a blocked transaction without considering whether\nthe given transaction type actually needs to wait for that particular\ntransaction state. The btrfs_blocked_trans_types[] array already defines\nwhich transaction types should wait for which transaction states, but\nthis check was missing in wait_current_trans().\n\nThis can lead to a deadlock scenario involving two transactions and\npending ordered extents:\n\n 1. Transaction A is in TRANS_STATE_COMMIT_DOING state\n\n 2. A worker processing an ordered extent calls start_transaction()\n with TRANS_JOIN\n\n 3. join_transaction() returns -EBUSY because Transaction A is in\n TRANS_STATE_COMMIT_DOING\n\n 4. Transaction A moves to TRANS_STATE_UNBLOCKED and completes\n\n 5. A new Transaction B is created (TRANS_STATE_RUNNING)\n\n 6. The ordered extent from step 2 is added to Transaction B's\n pending ordered extents\n\n 7. Transaction B immediately starts commit by another task and\n enters TRANS_STATE_COMMIT_START\n\n 8. The worker finally reaches wait_current_trans(), sees Transaction B\n in TRANS_STATE_COMMIT_START (a blocked state), and waits\n unconditionally\n\n 9. However, TRANS_JOIN should NOT wait for TRANS_STATE_COMMIT_START\n according to btrfs_blocked_trans_types[]\n\n 10. Transaction B is waiting for pending ordered extents to complete\n\n 11. Deadlock: Transaction B waits for ordered extent, ordered extent\n waits for Transaction B\n\nThis can be illustrated by the following call stacks:\n CPU0 CPU1\n btrfs_finish_ordered_io()\n start_transaction(TRANS_JOIN)\n join_transaction()\n # -EBUSY (Transaction A is\n # TRANS_STATE_COMMIT_DOING)\n # Transaction A completes\n # Transaction B created\n # ordered extent added to\n # Transaction B's pending list\n btrfs_commit_transaction()\n # Transaction B enters\n # TRANS_STATE_COMMIT_START\n # waiting for pending ordered\n # extents\n wait_current_trans()\n # waits for Transaction B\n # (should not wait!)\n\nTask bstore_kv_sync in btrfs_commit_transaction waiting for ordered\nextents:\n\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n btrfs_sync_file+0x342/0x4d0 [btrfs]\n __x64_sys_fdatasync+0x4b/0x80\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTask kworker in wait_current_trans waiting for transaction commit:\n\n Workqueue: btrfs-syno_nocow btrfs_work_helper [btrfs]\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n wait_current_trans+0xb0/0x110 [btrfs]\n start_transaction+0x346/0x5b0 [btrfs]\n btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n btrfs_work_helper+0xe8/0x350 [btrfs]\n process_one_work+0x1d3/0x3c0\n worker_thread+0x4d/0x3e0\n kthread+0x12d/0x150\n ret_from_fork+0x1f/0x30\n\nFix this by passing the transaction type to wait_current_trans() and\nchecking btrfs_blocked_trans_types[cur_trans->state] against the given\ntype before deciding to wait. This ensures that transaction types which\nare allowed to join during certain blocked states will not unnecessarily\nwait and cause deadlocks.(CVE-2025-71194)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix possible UAF in macvlan_forward_source()\n\nAdd RCU protection on (struct macvlan_source_entry)->vlan.\n\nWhenever macvlan_hash_del_source() is called, we must clear\nentry->vlan pointer before RCU grace period starts.\n\nThis allows macvlan_forward_source() to skip over\nentries queued for freeing.\n\nNote that macvlan_dev are already RCU protected, as they\nare embedded in a standard netdev (netdev_priv(ndev)).\n\nhttps: //lore.kernel.org/netdev/(CVE-2026-23001)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_gre: make ipgre_header() robust\n\nAnalog to commit db5b4e39c4e6 (\"ip6_gre: make ip6gre_header() robust\")\n\nOver the years, syzbot found many ways to crash the kernel\nin ipgre_header() [1].\n\nThis involves team or bonding drivers ability to dynamically\nchange their dev->needed_headroom and/or dev->hard_header_len\n\nIn this particular crash mld_newpack() allocated an skb\nwith a too small reserve/headroom, and by the time mld_sendpack()\nwas called, syzbot managed to attach an ipgre device.\n\n[1]\nskbuff: skb_under_panic: text:ffffffff89ea3cb7 len:2030915468 put:2030915372 head:ffff888058b43000 data:ffff887fdfa6e194 tail:0x120 end:0x6c0 dev:team0\n kernel BUG at net/core/skbuff.c:213 !\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 1 UID: 0 PID: 1322 Comm: kworker/1:9 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025\nWorkqueue: mld mld_ifc_work\n RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:213\nCall Trace:\n \n skb_under_panic net/core/skbuff.c:223 [inline]\n skb_push+0xc3/0xe0 net/core/skbuff.c:2641\n ipgre_header+0x67/0x290 net/ipv4/ip_gre.c:897\n dev_hard_header include/linux/netdevice.h:3436 [inline]\n neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618\n NF_HOOK_COND include/linux/netfilter.h:307 [inline]\n ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247\n NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318\n mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855\n mld_send_cr net/ipv6/mcast.c:2154 [inline]\n mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246(CVE-2026-23011)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: prevent pcp corruption with SMP=n\n\nThe kernel test robot has reported:\n\n BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28\n lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0\n CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470\n Call Trace:\n \n __dump_stack (lib/dump_stack.c:95)\n dump_stack_lvl (lib/dump_stack.c:123)\n dump_stack (lib/dump_stack.c:130)\n spin_dump (kernel/locking/spinlock_debug.c:71)\n do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?)\n _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138)\n __free_frozen_pages (mm/page_alloc.c:2973)\n ___free_pages (mm/page_alloc.c:5295)\n __free_pages (mm/page_alloc.c:5334)\n tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290)\n ? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289)\n ? rcu_core (kernel/rcu/tree.c:?)\n rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861)\n rcu_core_si (kernel/rcu/tree.c:2879)\n handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623)\n __irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725)\n irq_exit_rcu (kernel/softirq.c:741)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052)\n \n \n RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)\n free_pcppages_bulk (mm/page_alloc.c:1494)\n drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632)\n __drain_all_pages (mm/page_alloc.c:2731)\n drain_all_pages (mm/page_alloc.c:2747)\n kcompactd (mm/compaction.c:3115)\n kthread (kernel/kthread.c:465)\n ? __cfi_kcompactd (mm/compaction.c:3166)\n ? __cfi_kthread (kernel/kthread.c:412)\n ret_from_fork (arch/x86/kernel/process.c:164)\n ? __cfi_kthread (kernel/kthread.c:412)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:255)\n \n\nMatthew has analyzed the report and identified that in drain_page_zone()\nwe are in a section protected by spin_lock(&pcp->lock) and then get an\ninterrupt that attempts spin_trylock() on the same lock. The code is\ndesigned to work this way without disabling IRQs and occasionally fail the\ntrylock with a fallback. However, the SMP=n spinlock implementation\nassumes spin_trylock() will always succeed, and thus it's normally a\nno-op. Here the enabled lock debugging catches the problem, but otherwise\nit could cause a corruption of the pcp structure.\n\nThe problem has been introduced by commit 574907741599 (\"mm/page_alloc:\nleave IRQs enabled for per-cpu page allocations\"). The pcp locking scheme\nrecognizes the need for disabling IRQs to prevent nesting spin_trylock()\nsections on SMP=n, but the need to prevent the nesting in spin_lock() has\nnot been recognized. Fix it by introducing local wrappers that change the\nspin_lock() to spin_lock_iqsave() with SMP=n and use them in all places\nthat do spin_lock(&pcp->lock).\n\n[(CVE-2026-23025)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.(CVE-2026-23054)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Enforce that teql can only be used as root qdisc\n\nDesign intent of teql is that it is only supposed to be used as root qdisc.\nWe need to check for that constraint.\n\nAlthough not important, I will describe the scenario that unearthed this\nissue for the curious.\n\nGangMin Kim <(CVE-2026-23074)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix hugetlb_pmd_shared()\n\nPatch series \"mm/hugetlb: fixes for PMD table sharing (incl. using\nmmu_gather)\", v3.\n\nOne functional fix, one performance regression fix, and two related\ncomment fixes.\n\nI cleaned up my prototype I recently shared [1] for the performance fix,\ndeferring most of the cleanups I had in the prototype to a later point. \nWhile doing that I identified the other things.\n\nThe goal of this patch set is to be backported to stable trees \"fairly\"\neasily. At least patch #1 and #4.\n\nPatch #1 fixes hugetlb_pmd_shared() not detecting any sharing\nPatch #2 + #3 are simple comment fixes that patch #4 interacts with.\nPatch #4 is a fix for the reported performance regression due to excessive\nIPI broadcasts during fork()+exit().\n\nThe last patch is all about TLB flushes, IPIs and mmu_gather.\nRead: complicated\n\nThere are plenty of cleanups in the future to be had + one reasonable\noptimization on x86. But that's all out of scope for this series.\n\nRuntime tested, with a focus on fixing the performance regression using\nthe original reproducer [2] on x86.\n\n\nThis patch (of 4):\n\nWe switched from (wrongly) using the page count to an independent shared\ncount. Now, shared page tables have a refcount of 1 (excluding\nspeculative references) and instead use ptdesc->pt_share_count to identify\nsharing.\n\nWe didn't convert hugetlb_pmd_shared(), so right now, we would never\ndetect a shared PMD table as such, because sharing/unsharing no longer\ntouches the refcount of a PMD table.\n\nPage migration, like mbind() or migrate_pages() would allow for migrating\nfolios mapped into such shared PMD tables, even though the folios are not\nexclusive. In smaps we would account them as \"private\" although they are\n\"shared\", and we would be wrongly setting the PM_MMAP_EXCLUSIVE in the\npagemap interface.\n\nFix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared().(CVE-2026-23100)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add recursion protection in kernel stack trace recording\n\nA bug was reported about an infinite recursion caused by tracing the rcu\nevents with the kernel stack trace trigger enabled. The stack trace code\ncalled back into RCU which then called the stack trace again.\n\nExpand the ftrace recursion protection to add a set of bits to protect\nevents from recursion. Each bit represents the context that the event is\nin (normal, softirq, interrupt and NMI).\n\nHave the stack trace code use the interrupt context to protect against\nrecursion.\n\nNote, the bug showed an issue in both the RCU code as well as the tracing\nstacktrace code. This only handles the tracing stack trace side of the\nbug. The RCU fix will be handled separately.(CVE-2026-23138)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset.(CVE-2026-23247)\n\nIn the Linux kernel, a vulnerability exists in the AppArmor module's unpack_pdb function. The vulnerability occurs due to failure to validate that DFA start states are within bounds, which can lead to out-of-bound reads. An attacker can exploit this vulnerability through specially crafted policy files, potentially leading to information disclosure or system crashes.(CVE-2026-23269)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set->nelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set->nelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.(CVE-2026-23272)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: validate USB endpoints\n\nThe kaweth driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints.(CVE-2026-23312)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs\n\nWhen shrinking the number of real tx queues,\nnetif_set_real_num_tx_queues() calls qdisc_reset_all_tx_gt() to flush\nqdiscs for queues which will no longer be used.\n\nqdisc_reset_all_tx_gt() currently serializes qdisc_reset() with\nqdisc_lock(). However, for lockless qdiscs, the dequeue path is\nserialized by qdisc_run_begin/end() using qdisc->seqlock instead, so\nqdisc_reset() can run concurrently with __qdisc_run() and free skbs\nwhile they are still being dequeued, leading to UAF.\n\nThis can easily be reproduced on e.g. virtio-net by imposing heavy\ntraffic while frequently changing the number of queue pairs:\n\n iperf3 -ub0 -c $peer -t 0 &\n while :; do\n ethtool -L eth0 combined 1\n ethtool -L eth0 combined 2\n done\n\nWith KASAN enabled, this leads to reports like:\n\n BUG: KASAN: slab-use-after-free in __qdisc_run+0x133f/0x1760\n ...\n Call Trace:\n \n ...\n __qdisc_run+0x133f/0x1760\n __dev_queue_xmit+0x248f/0x3550\n ip_finish_output2+0xa42/0x2110\n ip_output+0x1a7/0x410\n ip_send_skb+0x2e6/0x480\n udp_send_skb+0xb0a/0x1590\n udp_sendmsg+0x13c9/0x1fc0\n ...\n \n\n Allocated by task 1270 on cpu 5 at 44.558414s:\n ...\n alloc_skb_with_frags+0x84/0x7c0\n sock_alloc_send_pskb+0x69a/0x830\n __ip_append_data+0x1b86/0x48c0\n ip_make_skb+0x1e8/0x2b0\n udp_sendmsg+0x13a6/0x1fc0\n ...\n\n Freed by task 1306 on cpu 3 at 44.558445s:\n ...\n kmem_cache_free+0x117/0x5e0\n pfifo_fast_reset+0x14d/0x580\n qdisc_reset+0x9e/0x5f0\n netif_set_real_num_tx_queues+0x303/0x840\n virtnet_set_channels+0x1bf/0x260 [virtio_net]\n ethnl_set_channels+0x684/0xae0\n ethnl_default_set_doit+0x31a/0x890\n ...\n\nSerialize qdisc_reset_all_tx_gt() against the lockless dequeue path by\ntaking qdisc->seqlock for TCQ_F_NOLOCK qdiscs, matching the\nserialization model already used by dev_reset_queue().\n\nAdditionally clear QDISC_STATE_NON_EMPTY after reset so the qdisc state\nreflects an empty queue, avoiding needless re-scheduling.(CVE-2026-23340)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ife: Fix metalist update behavior\n\nWhenever an ife action replace changes the metalist, instead of\nreplacing the old data on the metalist, the current ife code is appending\nthe new metadata. Aside from being innapropriate behavior, this may lead\nto an unbounded addition of metadata to the metalist which might cause an\nout of bounds error when running the encode op:\n\n[ 138.423369][ C1] ==================================================================\n[ 138.424317][ C1] BUG: KASAN: slab-out-of-bounds in ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.424906][ C1] Write of size 4 at addr ffff8880077f4ffe by task ife_out_out_bou/255\n[ 138.425778][ C1] CPU: 1 UID: 0 PID: 255 Comm: ife_out_out_bou Not tainted 7.0.0-rc1-00169-gfbdfa8da05b6 #624 PREEMPT(full)\n[ 138.425795][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 138.425800][ C1] Call Trace:\n[ 138.425804][ C1] \n[ 138.425808][ C1] dump_stack_lvl (lib/dump_stack.c:122)\n[ 138.425828][ C1] print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n[ 138.425839][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425844][ C1] ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:95 (discriminator 1) ./include/linux/rcupdate.h:975 (discriminator 1) ./include/linux/mmzone.h:2207 (discriminator 1) arch/x86/mm/physaddr.c:54 (discriminator 1))\n[ 138.425853][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425859][ C1] kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:597)\n[ 138.425868][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425878][ C1] kasan_check_range (mm/kasan/generic.c:186 (discriminator 1) mm/kasan/generic.c:200 (discriminator 1))\n[ 138.425884][ C1] __asan_memset (mm/kasan/shadow.c:84 (discriminator 2))\n[ 138.425889][ C1] ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425893][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:171)\n[ 138.425898][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425903][ C1] ife_encode_meta_u16 (net/sched/act_ife.c:57)\n[ 138.425910][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114)\n[ 138.425916][ C1] ? __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 3))\n[ 138.425921][ C1] ? __pfx_ife_encode_meta_u16 (net/sched/act_ife.c:45)\n[ 138.425927][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425931][ C1] tcf_ife_act (net/sched/act_ife.c:847 net/sched/act_ife.c:879)\n\nTo solve this issue, fix the replace behavior by adding the metalist to\nthe ife rcu data structure.(CVE-2026-23378)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.(CVE-2026-23389)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix side-effect bug in match_char() macro usage\n\nThe match_char() macro evaluates its character parameter multiple\ntimes when traversing differential encoding chains. When invoked\nwith *str++, the string pointer advances on each iteration of the\ninner do-while loop, causing the DFA to check different characters\nat each iteration and therefore skip input characters.\nThis results in out-of-bounds reads when the pointer advances past\nthe input buffer boundary.\n\n[ 94.984676] ==================================================================\n[ 94.985301] BUG: KASAN: slab-out-of-bounds in aa_dfa_match+0x5ae/0x760\n[ 94.985655] Read of size 1 at addr ffff888100342000 by task file/976\n\n[ 94.986319] CPU: 7 UID: 1000 PID: 976 Comm: file Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)\n[ 94.986322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 94.986329] Call Trace:\n[ 94.986341] \n[ 94.986347] dump_stack_lvl+0x5e/0x80\n[ 94.986374] print_report+0xc8/0x270\n[ 94.986384] ? aa_dfa_match+0x5ae/0x760\n[ 94.986388] kasan_report+0x118/0x150\n[ 94.986401] ? aa_dfa_match+0x5ae/0x760\n[ 94.986405] aa_dfa_match+0x5ae/0x760\n[ 94.986408] __aa_path_perm+0x131/0x400\n[ 94.986418] aa_path_perm+0x219/0x2f0\n[ 94.986424] apparmor_file_open+0x345/0x570\n[ 94.986431] security_file_open+0x5c/0x140\n[ 94.986442] do_dentry_open+0x2f6/0x1120\n[ 94.986450] vfs_open+0x38/0x2b0\n[ 94.986453] ? may_open+0x1e2/0x2b0\n[ 94.986466] path_openat+0x231b/0x2b30\n[ 94.986469] ? __x64_sys_openat+0xf8/0x130\n[ 94.986477] do_file_open+0x19d/0x360\n[ 94.986487] do_sys_openat2+0x98/0x100\n[ 94.986491] __x64_sys_openat+0xf8/0x130\n[ 94.986499] do_syscall_64+0x8e/0x660\n[ 94.986515] ? count_memcg_events+0x15f/0x3c0\n[ 94.986526] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986540] ? handle_mm_fault+0x1639/0x1ef0\n[ 94.986551] ? vma_start_read+0xf0/0x320\n[ 94.986558] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986561] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986563] ? fpregs_assert_state_consistent+0x50/0xe0\n[ 94.986572] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986574] ? arch_exit_to_user_mode_prepare+0x9/0xb0\n[ 94.986587] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986588] ? irqentry_exit+0x3c/0x590\n[ 94.986595] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 94.986597] RIP: 0033:0x7fda4a79c3ea\n\nFix by extracting the character value before invoking match_char,\nensuring single evaluation per outer loop.(CVE-2026-23406)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix missing bounds check on DEFAULT table in verify_dfa()\n\nThe verify_dfa() function only checks DEFAULT_TABLE bounds when the state\nis not differentially encoded.\n\nWhen the verification loop traverses the differential encoding chain,\nit reads k = DEFAULT_TABLE[j] and uses k as an array index without\nvalidation. A malformed DFA with DEFAULT_TABLE[j] >= state_count,\ntherefore, causes both out-of-bounds reads and writes.\n\n[ 57.179855] ==================================================================\n[ 57.180549] BUG: KASAN: slab-out-of-bounds in verify_dfa+0x59a/0x660\n[ 57.180904] Read of size 4 at addr ffff888100eadec4 by task su/993\n\n[ 57.181554] CPU: 1 UID: 0 PID: 993 Comm: su Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)\n[ 57.181558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 57.181563] Call Trace:\n[ 57.181572] \n[ 57.181577] dump_stack_lvl+0x5e/0x80\n[ 57.181596] print_report+0xc8/0x270\n[ 57.181605] ? verify_dfa+0x59a/0x660\n[ 57.181608] kasan_report+0x118/0x150\n[ 57.181620] ? verify_dfa+0x59a/0x660\n[ 57.181623] verify_dfa+0x59a/0x660\n[ 57.181627] aa_dfa_unpack+0x1610/0x1740\n[ 57.181629] ? __kmalloc_cache_noprof+0x1d0/0x470\n[ 57.181640] unpack_pdb+0x86d/0x46b0\n[ 57.181647] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181653] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181656] ? aa_unpack_nameX+0x1a8/0x300\n[ 57.181659] aa_unpack+0x20b0/0x4c30\n[ 57.181662] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181664] ? stack_depot_save_flags+0x33/0x700\n[ 57.181681] ? kasan_save_track+0x4f/0x80\n[ 57.181683] ? kasan_save_track+0x3e/0x80\n[ 57.181686] ? __kasan_kmalloc+0x93/0xb0\n[ 57.181688] ? __kvmalloc_node_noprof+0x44a/0x780\n[ 57.181693] ? aa_simple_write_to_buffer+0x54/0x130\n[ 57.181697] ? policy_update+0x154/0x330\n[ 57.181704] aa_replace_profiles+0x15a/0x1dd0\n[ 57.181707] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181710] ? __kvmalloc_node_noprof+0x44a/0x780\n[ 57.181712] ? aa_loaddata_alloc+0x77/0x140\n[ 57.181715] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181717] ? _copy_from_user+0x2a/0x70\n[ 57.181730] policy_update+0x17a/0x330\n[ 57.181733] profile_replace+0x153/0x1a0\n[ 57.181735] ? rw_verify_area+0x93/0x2d0\n[ 57.181740] vfs_write+0x235/0xab0\n[ 57.181745] ksys_write+0xb0/0x170\n[ 57.181748] do_syscall_64+0x8e/0x660\n[ 57.181762] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 57.181765] RIP: 0033:0x7f6192792eb2\n\nRemove the MATCH_FLAG_DIFF_ENCODE condition to validate all DEFAULT_TABLE\nentries unconditionally.(CVE-2026-23407)\n\nA race condition vulnerability exists in the AppArmor security module of the Linux kernel, leading to a use-after-free issue. This vulnerability can be triggered when an attacker simultaneously opens rawdata files and removes an associated AppArmor profile. Since rawdata inodes are not refcounted, there is a time window during profile removal where the i_private pointer may reference freed memory, causing the system to access freed memory regions. This can result in program crashes, unexpected value usage, or arbitrary code execution, threatening the confidentiality, integrity, and availability of the system.(CVE-2026-23410)\n\nA vulnerability exists in the AppArmor security module of the Linux kernel when handling the i_private field of the inode structure. AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can and does live beyond that point and it is possible that some of the fs callback functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. This vulnerability could allow a local attacker to bypass AppArmor's access control policies through a specially crafted request, leading to privilege escalation and impacting system confidentiality, integrity, and availability.(CVE-2026-23411)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nudp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n\n\nWhen CONFIG_IPV6 is disabled, the udp_sock_create6() function returns 0\n(success) without actually creating a socket. Callers such as\nfou_create() then proceed to dereference the uninitialized socket\npointer, resulting in a NULL pointer dereference.\n\nThe captured NULL deref crash:\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n RIP: 0010:fou_nl_add_doit (net/ipv4/fou_core.c:590 net/ipv4/fou_core.c:764)\n [...]\n Call Trace:\n \n genl_family_rcv_msg_doit.constprop.0 (net/netlink/genetlink.c:1114)\n genl_rcv_msg (net/netlink/genetlink.c:1194 net/netlink/genetlink.c:1209)\n [...]\n netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n genl_rcv (net/netlink/genetlink.c:1219)\n netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\n netlink_sendmsg (net/netlink/af_netlink.c:1894)\n __sock_sendmsg (net/socket.c:727 (discriminator 1) net/socket.c:742 (discriminator 1))\n __sys_sendto (./include/linux/file.h:62 (discriminator 1) ./include/linux/file.h:83 (discriminator 1) net/socket.c:2183 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2213 (discriminator 1) net/socket.c:2209 (discriminator 1) net/socket.c:2209 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (net/arch/x86/entry/entry_64.S:130)\n\nThis patch makes udp_sock_create6 return -EPFNOSUPPORT instead, so\ncallers correctly take their error paths. There is only one caller of\nthe vulnerable function and only privileged users can trigger it.(CVE-2026-23439)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race condition during IPSec ESN update\n\nIn IPSec full offload mode, the device reports an ESN (Extended\nSequence Number) wrap event to the driver. The driver validates this\nevent by querying the IPSec ASO and checking that the esn_event_arm\nfield is 0x0, which indicates an event has occurred. After handling\nthe event, the driver must re-arm the context by setting esn_event_arm\nback to 0x1.\n\nA race condition exists in this handling path. After validating the\nevent, the driver calls mlx5_accel_esp_modify_xfrm() to update the\nkernel's xfrm state. This function temporarily releases and\nre-acquires the xfrm state lock.\n\nSo, need to acknowledge the event first by setting esn_event_arm to\n0x1. This prevents the driver from reprocessing the same ESN update if\nthe hardware sends events for other reason. Since the next ESN update\nonly occurs after nearly 2^31 packets are received, there's no risk of\nmissing an update, as it will happen long after this handling has\nfinished.\n\nProcessing the event twice causes the ESN high-order bits (esn_msb) to\nbe incremented incorrectly. The driver then programs the hardware with\nthis invalid ESN state, which leads to anti-replay failures and a\ncomplete halt of IPSec traffic.\n\nFix this by re-arming the ESN event immediately after it is validated,\nbefore calling mlx5_accel_esp_modify_xfrm(). This ensures that any\nspurious, duplicate events are correctly ignored, closing the race\nwindow.(CVE-2026-23440)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent concurrent access to IPSec ASO context\n\nThe query or updating IPSec offload object is through Access ASO WQE.\nThe driver uses a single mlx5e_ipsec_aso struct for each PF, which\ncontains a shared DMA-mapped context for all ASO operations.\n\nA race condition exists because the ASO spinlock is released before\nthe hardware has finished processing WQE. If a second operation is\ninitiated immediately after, it overwrites the shared context in the\nDMA area.\n\nWhen the first operation's completion is processed later, it reads\nthis corrupted context, leading to unexpected behavior and incorrect\nresults.\n\nThis commit fixes the race by introducing a private context within\neach IPSec offload object. The shared ASO context is now copied to\nthis private context while the ASO spinlock is held. Subsequent\nprocessing uses this saved, per-object context, ensuring its integrity\nis maintained.(CVE-2026-23441)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure\n\nieee80211_tx_prepare_skb() has three error paths, but only two of them\nfree the skb. The first error path (ieee80211_tx_prepare() returning\nTX_DROP) does not free it, while invoke_tx_handlers() failure and the\nfragmentation check both do.\n\nAdd kfree_skb() to the first error path so all three are consistent,\nand remove the now-redundant frees in callers (ath9k, mt76,\nmac80211_hwsim) to avoid double-free.\n\nDocument the skb ownership guarantee in the function's kdoc.(CVE-2026-23444)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check\n\ncdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE\nentries fit within the skb. The first check correctly accounts for\nndpoffset:\n\n if ((ndpoffset + sizeof(struct usb_cdc_ncm_ndp16)) > skb_in->len)\n\nbut the second check omits it:\n\n if ((sizeof(struct usb_cdc_ncm_ndp16) +\n ret * (sizeof(struct usb_cdc_ncm_dpe16))) > skb_in->len)\n\nThis validates the DPE array size against the total skb length as if\nthe NDP were at offset 0, rather than at ndpoffset. When the NDP is\nplaced near the end of the NTB (large wNdpIndex), the DPE entries can\nextend past the skb data buffer even though the check passes.\ncdc_ncm_rx_fixup() then reads out-of-bounds memory when iterating\nthe DPE array.\n\nAdd ndpoffset to the nframes bounds check and use struct_size_t() to\nexpress the NDP-plus-DPE-array size more clearly.(CVE-2026-23448)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()\n\nSyzkaller reported a panic in smc_tcp_syn_recv_sock() [1].\n\nsmc_tcp_syn_recv_sock() is called in the TCP receive path\n(softirq) via icsk_af_ops->syn_recv_sock on the clcsock (TCP\nlistening socket). It reads sk_user_data to get the smc_sock\npointer. However, when the SMC listen socket is being closed\nconcurrently, smc_close_active() sets clcsock->sk_user_data\nto NULL under sk_callback_lock, and then the smc_sock itself\ncan be freed via sock_put() in smc_release().\n\nThis leads to two issues:\n\n1) NULL pointer dereference: sk_user_data is NULL when\n accessed.\n2) Use-after-free: sk_user_data is read as non-NULL, but the\n smc_sock is freed before its fields (e.g., queued_smc_hs,\n ori_af_ops) are accessed.\n\nThe race window looks like this (the syzkaller crash [1]\ntriggers via the SYN cookie path: tcp_get_cookie_sock() ->\nsmc_tcp_syn_recv_sock(), but the normal tcp_check_req() path\nhas the same race):\n\n CPU A (softirq) CPU B (process ctx)\n\n tcp_v4_rcv()\n TCP_NEW_SYN_RECV:\n sk = req->rsk_listener\n sock_hold(sk)\n /* No lock on listener */\n smc_close_active():\n write_lock_bh(cb_lock)\n sk_user_data = NULL\n write_unlock_bh(cb_lock)\n ...\n smc_clcsock_release()\n sock_put(smc->sk) x2\n -> smc_sock freed!\n tcp_check_req()\n smc_tcp_syn_recv_sock():\n smc = user_data(sk)\n -> NULL or dangling\n smc->queued_smc_hs\n -> crash!\n\nNote that the clcsock and smc_sock are two independent objects\nwith separate refcounts. TCP stack holds a reference on the\nclcsock, which keeps it alive, but this does NOT prevent the\nsmc_sock from being freed.\n\nFix this by using RCU and refcount_inc_not_zero() to safely\naccess smc_sock. Since smc_tcp_syn_recv_sock() is called in\nthe TCP three-way handshake path, taking read_lock_bh on\nsk_callback_lock is too heavy and would not survive a SYN\nflood attack. Using rcu_read_lock() is much more lightweight.\n\n- Set SOCK_RCU_FREE on the SMC listen socket so that\n smc_sock freeing is deferred until after the RCU grace\n period. This guarantees the memory is still valid when\n accessed inside rcu_read_lock().\n- Use rcu_read_lock() to protect reading sk_user_data.\n- Use refcount_inc_not_zero(&smc->sk.sk_refcnt) to pin the\n smc_sock. If the refcount has already reached zero (close\n path completed), it returns false and we bail out safely.\n\nNote: smc_hs_congested() has a similar lockless read of\nsk_user_data without rcu_read_lock(), but it only checks for\nNULL and accesses the global smc_hs_wq, never dereferencing\nany smc_sock field, so it is not affected.\n\nReproducer was verified with mdelay injection and smc_run,\nthe issue no longer occurs with this patch applied.\n\n[1] https://syzkaller.appspot.com/bug?extid=827ae2bfb3a3529333e9(CVE-2026-23450)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nPM: runtime: Fix a race condition related to device removal\n\nThe following code in pm_runtime_work() may dereference the dev->parent\npointer after the parent device has been freed:\n\n\t/* Maybe the parent is now able to suspend. */\n\tif (parent && !parent->power.ignore_children) {\n\t\tspin_unlock(&dev->power.lock);\n\n\t\tspin_lock(&parent->power.lock);\n\t\trpm_idle(parent, RPM_ASYNC);\n\t\tspin_unlock(&parent->power.lock);\n\n\t\tspin_lock(&dev->power.lock);\n\t}\n\nFix this by inserting a flush_work() call in pm_runtime_remove().\n\nWithout this patch blktest block/001 triggers the following complaint\nsporadically:\n\nBUG: KASAN: slab-use-after-free in lock_acquire+0x70/0x160\nRead of size 1 at addr ffff88812bef7198 by task kworker/u553:1/3081\nWorkqueue: pm pm_runtime_work\nCall Trace:\n \n dump_stack_lvl+0x61/0x80\n print_address_description.constprop.0+0x8b/0x310\n print_report+0xfd/0x1d7\n kasan_report+0xd8/0x1d0\n __kasan_check_byte+0x42/0x60\n lock_acquire.part.0+0x38/0x230\n lock_acquire+0x70/0x160\n _raw_spin_lock+0x36/0x50\n rpm_suspend+0xc6a/0xfe0\n rpm_idle+0x578/0x770\n pm_runtime_work+0xee/0x120\n process_one_work+0xde3/0x1410\n worker_thread+0x5eb/0xfe0\n kthread+0x37b/0x480\n ret_from_fork+0x6cb/0x920\n ret_from_fork_asm+0x11/0x20\n \n\nAllocated by task 4314:\n kasan_save_stack+0x2a/0x50\n kasan_save_track+0x18/0x40\n kasan_save_alloc_info+0x3d/0x50\n __kasan_kmalloc+0xa0/0xb0\n __kmalloc_noprof+0x311/0x990\n scsi_alloc_target+0x122/0xb60 [scsi_mod]\n __scsi_scan_target+0x101/0x460 [scsi_mod]\n scsi_scan_channel+0x179/0x1c0 [scsi_mod]\n scsi_scan_host_selected+0x259/0x2d0 [scsi_mod]\n store_scan+0x2d2/0x390 [scsi_mod]\n dev_attr_store+0x43/0x80\n sysfs_kf_write+0xde/0x140\n kernfs_fop_write_iter+0x3ef/0x670\n vfs_write+0x506/0x1470\n ksys_write+0xfd/0x230\n __x64_sys_write+0x76/0xc0\n x64_sys_call+0x213/0x1810\n do_syscall_64+0xee/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nFreed by task 4314:\n kasan_save_stack+0x2a/0x50\n kasan_save_track+0x18/0x40\n kasan_save_free_info+0x3f/0x50\n __kasan_slab_free+0x67/0x80\n kfree+0x225/0x6c0\n scsi_target_dev_release+0x3d/0x60 [scsi_mod]\n device_release+0xa3/0x220\n kobject_cleanup+0x105/0x3a0\n kobject_put+0x72/0xd0\n put_device+0x17/0x20\n scsi_device_dev_release+0xacf/0x12c0 [scsi_mod]\n device_release+0xa3/0x220\n kobject_cleanup+0x105/0x3a0\n kobject_put+0x72/0xd0\n put_device+0x17/0x20\n scsi_device_put+0x7f/0xc0 [scsi_mod]\n sdev_store_delete+0xa5/0x120 [scsi_mod]\n dev_attr_store+0x43/0x80\n sysfs_kf_write+0xde/0x140\n kernfs_fop_write_iter+0x3ef/0x670\n vfs_write+0x506/0x1470\n ksys_write+0xfd/0x230\n __x64_sys_write+0x76/0xc0\n x64_sys_call+0x213/0x1810(CVE-2026-23452)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user\n\nAfter commit ab4eedb790ca (\"Bluetooth: L2CAP: Fix corrupted list in\nhci_chan_del\"), l2cap_conn_del() uses conn->lock to protect access to\nconn->users. However, l2cap_register_user() and l2cap_unregister_user()\ndon't use conn->lock, creating a race condition where these functions can\naccess conn->users and conn->hchan concurrently with l2cap_conn_del().\n\nThis can lead to use-after-free and list corruption bugs, as reported\nby syzbot.\n\nFix this by changing l2cap_register_user() and l2cap_unregister_user()\nto use conn->lock instead of hci_dev_lock(), ensuring consistent locking\nfor the l2cap_conn structure.(CVE-2026-23461)\n\nRejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.(CVE-2026-23473)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix statistics allocation\n\nThe controller per-cpu statistics is not allocated until after the\ncontroller has been registered with driver core, which leaves a window\nwhere accessing the sysfs attributes can trigger a NULL-pointer\ndereference.\n\nFix this by moving the statistics allocation to controller allocation\nwhile tying its lifetime to that of the controller (rather than using\nimplicit devres).(CVE-2026-23475)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix krb5 mount with username option\n\nCustomer reported that some of their krb5 mounts were failing against\na single server as the client was trying to mount the shares with\nwrong credentials. It turned out the client was reusing SMB session\nfrom first mount to try mounting the other shares, even though a\ndifferent username= option had been specified to the other mounts.\n\nBy using username mount option along with sec=krb5 to search for\nprincipals from keytab is supported by cifs.upcall(8) since\ncifs-utils-4.8. So fix this by matching username mount option in\nmatch_session() even with Kerberos.\n\nFor example, the second mount below should fail with -ENOKEY as there\nis no 'foobar' principal in keytab (/etc/krb5.keytab). The client\nends up reusing SMB session from first mount to perform the second\none, which is wrong.\n\n```\n$ ktutil\nktutil: add_entry -password -p testuser -k 1 -e aes256-cts\nPassword for (CVE-2026-31392)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/rmap: fix incorrect pte restoration for lazyfree folios\n\nWe batch unmap anonymous lazyfree folios by folio_unmap_pte_batch. If the\nbatch has a mix of writable and non-writable bits, we may end up setting\nthe entire batch writable. Fix this by respecting writable bit during\nbatching.\n\nAlthough on a successful unmap of a lazyfree folio, the soft-dirty bit is\nlost, preserve it on pte restoration by respecting the bit during\nbatching, to make the fix consistent w.r.t both writable bit and\nsoft-dirty bit.\n\nI was able to write the below reproducer and crash the kernel. \nExplanation of reproducer (set 64K mTHP to always):\n\nFault in a 64K large folio. Split the VMA at mid-point with\nMADV_DONTFORK. fork() - parent points to the folio with 8 writable ptes\nand 8 non-writable ptes. Merge the VMAs with MADV_DOFORK so that\nfolio_unmap_pte_batch() can determine all the 16 ptes as a batch. Do\nMADV_FREE on the range to mark the folio as lazyfree. Write to the memory\nto dirty the pte, eventually rmap will dirty the folio. Then trigger\nreclaim, we will hit the pte restoration path, and the kernel will crash\nwith the trace given below.\n\nThe BUG happens at:\n\n\tBUG_ON(atomic_inc_return(&ptc->anon_map_count) > 1 && rw);\n\nThe code path is asking for anonymous page to be mapped writable into the\npagetable. The BUG_ON() firing implies that such a writable page has been\nmapped into the pagetables of more than one process, which breaks\nanonymous memory/CoW semantics.\n\n[ 21.134473] kernel BUG at mm/page_table_check.c:118!\n[ 21.134497] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 21.135917] Modules linked in:\n[ 21.136085] CPU: 1 UID: 0 PID: 1735 Comm: dup-lazyfree Not tainted 7.0.0-rc1-00116-g018018a17770 #1028 PREEMPT\n[ 21.136858] Hardware name: linux,dummy-virt (DT)\n[ 21.137019] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 21.137308] pc : page_table_check_set+0x28c/0x2a8\n[ 21.137607] lr : page_table_check_set+0x134/0x2a8\n[ 21.137885] sp : ffff80008a3b3340\n[ 21.138124] x29: ffff80008a3b3340 x28: fffffdffc3d14400 x27: ffffd1a55e03d000\n[ 21.138623] x26: 0040000000000040 x25: ffffd1a55f7dd000 x24: 0000000000000001\n[ 21.139045] x23: 0000000000000001 x22: 0000000000000001 x21: ffffd1a55f217f30\n[ 21.139629] x20: 0000000000134521 x19: 0000000000134519 x18: 005c43e000040000\n[ 21.140027] x17: 0001400000000000 x16: 0001700000000000 x15: 000000000000ffff\n[ 21.140578] x14: 000000000000000c x13: 005c006000000000 x12: 0000000000000020\n[ 21.140828] x11: 0000000000000000 x10: 005c000000000000 x9 : ffffd1a55c079ee0\n[ 21.141077] x8 : 0000000000000001 x7 : 005c03e000040000 x6 : 000000004000ffff\n[ 21.141490] x5 : ffff00017fffce00 x4 : 0000000000000001 x3 : 0000000000000002\n[ 21.141741] x2 : 0000000000134510 x1 : 0000000000000000 x0 : ffff0000c08228c0\n[ 21.141991] Call trace:\n[ 21.142093] page_table_check_set+0x28c/0x2a8 (P)\n[ 21.142265] __page_table_check_ptes_set+0x144/0x1e8\n[ 21.142441] __set_ptes_anysz.constprop.0+0x160/0x1a8\n[ 21.142766] contpte_set_ptes+0xe8/0x140\n[ 21.142907] try_to_unmap_one+0x10c4/0x10d0\n[ 21.143177] rmap_walk_anon+0x100/0x250\n[ 21.143315] try_to_unmap+0xa0/0xc8\n[ 21.143441] shrink_folio_list+0x59c/0x18a8\n[ 21.143759] shrink_lruvec+0x664/0xbf0\n[ 21.144043] shrink_node+0x218/0x878\n[ 21.144285] __node_reclaim.constprop.0+0x98/0x338\n[ 21.144763] user_proactive_reclaim+0x2a4/0x340\n[ 21.145056] reclaim_store+0x3c/0x60\n[ 21.145216] dev_attr_store+0x20/0x40\n[ 21.145585] sysfs_kf_write+0x84/0xa8\n[ 21.145835] kernfs_fop_write_iter+0x130/0x1c8\n[ 21.145994] vfs_write+0x2b8/0x368\n[ 21.146119] ksys_write+0x70/0x110\n[ 21.146240] __arm64_sys_write+0x24/0x38\n[ 21.146380] invoke_syscall+0x50/0x120\n[ 21.146513] el0_svc_common.constprop.0+0x48/0xf8\n[ 21.146679] do_el0_svc+0x28/0x40\n[ 21.146798] el0_svc+0x34/0x110\n[ 21.146926] el0t\n---truncated---(CVE-2026-31398)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm/bus: Fix potential use after free in asynchronous initialization\n\nDingisoul with KASAN reports a use after free if device_add() fails in\nnd_async_device_register().\n\nCommit b6eae0f61db2 (\"libnvdimm: Hold reference on parent while\nscheduling async init\") correctly added a reference on the parent device\nto be held until asynchronous initialization was complete. However, if\ndevice_add() results in an allocation failure the ref count of the\ndevice drops to 0 prior to the parent pointer being accessed. Thus\nresulting in use after free.\n\nThe bug bot AI correctly identified the fix. Save a reference to the\nparent pointer to be used to drop the parent reference regardless of the\noutcome of device_add().(CVE-2026-31399)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix cache_request leak in cache_release\n\nWhen a reader's file descriptor is closed while in the middle of reading\na cache_request (rp->offset != 0), cache_release() decrements the\nrequest's readers count but never checks whether it should free the\nrequest.\n\nIn cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the\ncache_request is removed from the queue and freed along with its buffer\nand cache_head reference. cache_release() lacks this cleanup.\n\nThe only other path that frees requests with readers == 0 is\ncache_dequeue(), but it runs only when CACHE_PENDING transitions from\nset to clear. If that transition already happened while readers was\nstill non-zero, cache_dequeue() will have skipped the request, and no\nsubsequent call will clean it up.\n\nAdd the same cleanup logic from cache_read() to cache_release(): after\ndecrementing readers, check if it reached 0 with CACHE_PENDING clear,\nand if so, dequeue and free the cache_request.(CVE-2026-31400)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd\n\nThe /proc/fs/nfs/exports proc entry is created at module init\nand persists for the module's lifetime. exports_proc_open()\ncaptures the caller's current network namespace and stores\nits svc_export_cache in seq->private, but takes no reference\non the namespace. If the namespace is subsequently torn down\n(e.g. container destruction after the opener does setns() to a\ndifferent namespace), nfsd_net_exit() calls nfsd_export_shutdown()\nwhich frees the cache. Subsequent reads on the still-open fd\ndereference the freed cache_detail, walking a freed hash table.\n\nHold a reference on the struct net for the lifetime of the open\nfile descriptor. This prevents nfsd_net_exit() from running --\nand thus prevents nfsd_export_shutdown() from freeing the cache\n-- while any exports fd is open. cache_detail already stores\nits net pointer (cd->net, set by cache_create_net()), so\nexports_release() can retrieve it without additional per-file\nstorage.(CVE-2026-31403)\n\nIn the Linux kernel, the Bluetooth SCO module's sco_recv_frame() function contains a use-after-free vulnerability. The function reads conn->sk under sco_conn_lock() but immediately releases the lock without holding a reference to the socket. A concurrent close() operation can free the socket between the lock release and the subsequent sk->sk_state access, resulting in a use-after-free vulnerability. Other functions in the same file (sco_sock_timeout(), sco_conn_del()) correctly use sco_sock_hold() to safely hold references under the lock. The vulnerability is fixed by using sco_sock_hold() to acquire a reference before releasing the lock and adding sock_put() on all exit paths.(CVE-2026-31408)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_fw: fix NULL pointer dereference on shared blocks\n\nThe old-method path in fw_classify() calls tcf_block_q() and\ndereferences q->handle. Shared blocks leave block->q NULL, causing a\nNULL deref when an empty cls_fw filter is attached to a shared block\nand a packet with a nonzero major skb mark is classified.\n\nReject the configuration in fw_change() when the old method (no\nTCA_OPTIONS) is used on a shared block, since fw_classify()'s\nold-method path needs block->q which is NULL for shared blocks.\n\nThe fixed null-ptr-deref calling stack:\n KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n RIP: 0010:fw_classify (net/sched/cls_fw.c:81)\n Call Trace:\n tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)\n tc_run (net/core/dev.c:4401)\n __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)(CVE-2026-31421)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_flow: fix NULL pointer dereference on shared blocks\n\nflow_change() calls tcf_block_q() and dereferences q->handle to derive\na default baseclass. Shared blocks leave block->q NULL, causing a NULL\nderef when a flow filter without a fully qualified baseclass is created\non a shared block.\n\nCheck tcf_block_shared() before accessing block->q and return -EINVAL\nfor shared blocks. This avoids the null-deref shown below:\n\n=======================================================================\nKASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\nRIP: 0010:flow_change (net/sched/cls_flow.c:508)\nCall Trace:\n tc_new_tfilter (net/sched/cls_api.c:2432)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6980)\n [...]\n=======================================================================(CVE-2026-31422)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nACPI: EC: clean up handlers on probe failure in acpi_ec_setup()\n\nWhen ec_install_handlers() returns -EPROBE_DEFER on reduced-hardware\nplatforms, it has already started the EC and installed the address\nspace handler with the struct acpi_ec pointer as handler context.\nHowever, acpi_ec_setup() propagates the error without any cleanup.\n\nThe caller acpi_ec_add() then frees the struct acpi_ec for non-boot\ninstances, leaving a dangling handler context in ACPICA.\n\nAny subsequent AML evaluation that accesses an EC OpRegion field\ndispatches into acpi_ec_space_handler() with the freed pointer,\ncausing a use-after-free:\n\n BUG: KASAN: slab-use-after-free in mutex_lock (kernel/locking/mutex.c:289)\n Write of size 8 at addr ffff88800721de38 by task init/1\n Call Trace:\n \n mutex_lock (kernel/locking/mutex.c:289)\n acpi_ec_space_handler (drivers/acpi/ec.c:1362)\n acpi_ev_address_space_dispatch (drivers/acpi/acpica/evregion.c:293)\n acpi_ex_access_region (drivers/acpi/acpica/exfldio.c:246)\n acpi_ex_field_datum_io (drivers/acpi/acpica/exfldio.c:509)\n acpi_ex_extract_from_field (drivers/acpi/acpica/exfldio.c:700)\n acpi_ex_read_data_from_field (drivers/acpi/acpica/exfield.c:327)\n acpi_ex_resolve_node_to_value (drivers/acpi/acpica/exresolv.c:392)\n \n\n Allocated by task 1:\n acpi_ec_alloc (drivers/acpi/ec.c:1424)\n acpi_ec_add (drivers/acpi/ec.c:1692)\n\n Freed by task 1:\n kfree (mm/slub.c:6876)\n acpi_ec_add (drivers/acpi/ec.c:1751)\n\nThe bug triggers on reduced-hardware EC platforms (ec->gpe < 0)\nwhen the GPIO IRQ provider defers probing. Once the stale handler\nexists, any unprivileged sysfs read that causes AML to touch an\nEC OpRegion (battery, thermal, backlight) exercises the dangling\npointer.\n\nFix this by calling ec_remove_handlers() in the error path of\nacpi_ec_setup() before clearing first_ec. ec_remove_handlers()\nchecks each EC_FLAGS_* bit before acting, so it is safe to call\nregardless of how far ec_install_handlers() progressed:\n\n -ENODEV (handler not installed): only calls acpi_ec_stop()\n -EPROBE_DEFER (handler installed): removes handler, stops EC(CVE-2026-31426)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: skb: fix cross-cache free of KFENCE-allocated skb head\n\nSKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2\nvalue (e.g. 704 on x86_64) to avoid collisions with generic kmalloc\nbucket sizes. This ensures that skb_kfree_head() can reliably use\nskb_end_offset to distinguish skb heads allocated from\nskb_small_head_cache vs. generic kmalloc caches.\n\nHowever, when KFENCE is enabled, kfence_ksize() returns the exact\nrequested allocation size instead of the slab bucket size. If a caller\n(e.g. bpf_test_init) allocates skb head data via kzalloc() and the\nrequested size happens to equal SKB_SMALL_HEAD_CACHE_SIZE, then\nslab_build_skb() -> ksize() returns that exact value. After subtracting\nskb_shared_info overhead, skb_end_offset ends up matching\nSKB_SMALL_HEAD_HEADROOM, causing skb_kfree_head() to incorrectly free\nthe object to skb_small_head_cache instead of back to the original\nkmalloc cache, resulting in a slab cross-cache free:\n\n kmem_cache_free(skbuff_small_head): Wrong slab cache. Expected\n skbuff_small_head but got kmalloc-1k\n\nFix this by always calling kfree(head) in skb_kfree_head(). This keeps\nthe free path generic and avoids allocator-specific misclassification\nfor KFENCE objects.(CVE-2026-31429)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nX.509: Fix out-of-bounds access when parsing extensions\n\nLeo reports an out-of-bounds access when parsing a certificate with\nempty Basic Constraints or Key Usage extension because the first byte of\nthe extension is read before checking its length. Fix it.\n\nThe bug can be triggered by an unprivileged user by submitting a\nspecially crafted certificate to the kernel through the keyrings(7) API.\nLeo has demonstrated this with a proof-of-concept program responsibly\ndisclosed off-list.(CVE-2026-31430)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix memory leak when a wq is reset\n\nidxd_wq_disable_cleanup() which is called from the reset path for a\nworkqueue, sets the wq type to NONE, which for other parts of the\ndriver mean that the wq is empty (all its resources were released).\n\nOnly set the wq type to NONE after its resources are released.(CVE-2026-31441)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's possible for a invalid memory\naccess to happen.\n\nAlways set the deallocated scratch area to NULL after FLR completes.(CVE-2026-31442)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free in update_super_work when racing with umount\n\nCommit b98535d09179 (\"ext4: fix bug_on in start_this_handle during umount\nfilesystem\") moved ext4_unregister_sysfs() before flushing s_sb_upd_work\nto prevent new error work from being queued via /proc/fs/ext4/xx/mb_groups\nreads during unmount. However, this introduced a use-after-free because\nupdate_super_work calls ext4_notify_error_sysfs() -> sysfs_notify() which\naccesses the kobject's kernfs_node after it has been freed by kobject_del()\nin ext4_unregister_sysfs():\n\n update_super_work ext4_put_super\n ----------------- --------------\n ext4_unregister_sysfs(sb)\n kobject_del(&sbi->s_kobj)\n __kobject_del()\n sysfs_remove_dir()\n kobj->sd = NULL\n sysfs_put(sd)\n kernfs_put() // RCU free\n ext4_notify_error_sysfs(sbi)\n sysfs_notify(&sbi->s_kobj)\n kn = kobj->sd // stale pointer\n kernfs_get(kn) // UAF on freed kernfs_node\n ext4_journal_destroy()\n flush_work(&sbi->s_sb_upd_work)\n\nInstead of reordering the teardown sequence, fix this by making\next4_notify_error_sysfs() detect that sysfs has already been torn down\nby checking s_kobj.state_in_sysfs, and skipping the sysfs_notify() call\nin that case. A dedicated mutex (s_error_notify_mutex) serializes\next4_notify_error_sysfs() against kobject_del() in ext4_unregister_sysfs()\nto prevent TOCTOU races where the kobject could be deleted between the\nstate_in_sysfs check and the sysfs_notify() call.(CVE-2026-31446)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: validate p_idx bounds in ext4_ext_correct_indexes\n\next4_ext_correct_indexes() walks up the extent tree correcting\nindex entries when the first extent in a leaf is modified. Before\naccessing path[k].p_idx->ei_block, there is no validation that\np_idx falls within the valid range of index entries for that\nlevel.\n\nIf the on-disk extent header contains a corrupted or crafted\neh_entries value, p_idx can point past the end of the allocated\nbuffer, causing a slab-out-of-bounds read.\n\nFix this by validating path[k].p_idx against EXT_LAST_INDEX() at\nboth access sites: before the while loop and inside it. Return\n-EFSCORRUPTED if the index pointer is out of range, consistent\nwith how other bounds violations are handled in the ext4 extent\ntree code.(CVE-2026-31449)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: publish jinode after initialization\n\next4_inode_attach_jinode() publishes ei->jinode to concurrent users.\nIt used to set ei->jinode before jbd2_journal_init_jbd_inode(),\nallowing a reader to observe a non-NULL jinode with i_vfs_inode\nstill unset.\n\nThe fast commit flush path can then pass this jinode to\njbd2_wait_inode_data(), which dereferences i_vfs_inode->i_mapping and\nmay crash.\n\nBelow is the crash I observe:\n```\nBUG: unable to handle page fault for address: 000000010beb47f4\nPGD 110e51067 P4D 110e51067 PUD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 1 UID: 0 PID: 4850 Comm: fc_fsync_bench_ Not tainted 6.18.0-00764-g795a690c06a5 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.17.0-2-2 04/01/2014\nRIP: 0010:xas_find_marked+0x3d/0x2e0\nCode: e0 03 48 83 f8 02 0f 84 f0 01 00 00 48 8b 47 08 48 89 c3 48 39 c6 0f 82 fd 01 00 00 48 85 c9 74 3d 48 83 f9 03 77 63 4c 8b 0f <49> 8b 71 08 48 c7 47 18 00 00 00 00 48 89 f1 83 e1 03 48 83 f9 02\nRSP: 0018:ffffbbee806e7bf0 EFLAGS: 00010246\nRAX: 000000000010beb4 RBX: 000000000010beb4 RCX: 0000000000000003\nRDX: 0000000000000001 RSI: 0000002000300000 RDI: ffffbbee806e7c10\nRBP: 0000000000000001 R08: 0000002000300000 R09: 000000010beb47ec\nR10: ffff9ea494590090 R11: 0000000000000000 R12: 0000002000300000\nR13: ffffbbee806e7c90 R14: ffff9ea494513788 R15: ffffbbee806e7c88\nFS: 00007fc2f9e3e6c0(0000) GS:ffff9ea6b1444000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000010beb47f4 CR3: 0000000119ac5000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n\nfilemap_get_folios_tag+0x87/0x2a0\n__filemap_fdatawait_range+0x5f/0xd0\n? srso_alias_return_thunk+0x5/0xfbef5\n? __schedule+0x3e7/0x10c0\n? srso_alias_return_thunk+0x5/0xfbef5\n? srso_alias_return_thunk+0x5/0xfbef5\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\n? srso_alias_return_thunk+0x5/0xfbef5\n? cap_safe_nice+0x37/0x70\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\n? srso_alias_return_thunk+0x5/0xfbef5\nfilemap_fdatawait_range_keep_errors+0x12/0x40\next4_fc_commit+0x697/0x8b0\n? ext4_file_write_iter+0x64b/0x950\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\n? srso_alias_return_thunk+0x5/0xfbef5\n? vfs_write+0x356/0x480\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\next4_sync_file+0xf7/0x370\ndo_fsync+0x3b/0x80\n? syscall_trace_enter+0x108/0x1d0\n__x64_sys_fdatasync+0x16/0x20\ndo_syscall_64+0x62/0x2c0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n...\n```\n\nFix this by initializing the jbd2_inode first.\nUse smp_wmb() and WRITE_ONCE() to publish ei->jinode after\ninitialization. Readers use READ_ONCE() to fetch the pointer.(CVE-2026-31450)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running while properly reporting the filesystem corruption.\n\nThe error is logged via ext4_error_inode(), the buffer head is released\nto prevent memory leak, and -EFSCORRUPTED is returned to indicate\nfilesystem corruption.(CVE-2026-31451)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: convert inline data to extents when truncate exceeds inline size\n\nAdd a check in ext4_setattr() to convert files from inline data storage\nto extent-based storage when truncate() grows the file size beyond the\ninline capacity. This prevents the filesystem from entering an\ninconsistent state where the inline data flag is set but the file size\nexceeds what can be stored inline.\n\nWithout this fix, the following sequence causes a kernel BUG_ON():\n\n1. Mount filesystem with inode that has inline flag set and small size\n2. truncate(file, 50MB) - grows size but inline flag remains set\n3. sendfile() attempts to write data\n4. ext4_write_inline_data() hits BUG_ON(write_size > inline_capacity)\n\nThe crash occurs because ext4_write_inline_data() expects inline storage\nto accommodate the write, but the actual inline capacity (~60 bytes for\ni_block + ~96 bytes for xattrs) is far smaller than the file size and\nwrite request.\n\nThe fix checks if the new size from setattr exceeds the inode's actual\ninline capacity (EXT4_I(inode)->i_inline_size) and converts the file to\nextent-based storage before proceeding with the size change.\n\nThis addresses the root cause by ensuring the inline data flag and file\nsize remain consistent during truncate operations.(CVE-2026-31452)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nerofs: add GFP_NOIO in the bio completion if needed\n\nThe bio completion path in the process context (e.g. dm-verity)\nwill directly call into decompression rather than trigger another\nworkqueue context for minimal scheduling latencies, which can\nthen call vm_map_ram() with GFP_KERNEL.\n\nDue to insufficient memory, vm_map_ram() may generate memory\nswapping I/O, which can cause submit_bio_wait to deadlock\nin some scenarios.\n\nTrimmed down the call stack, as follows:\n\nf2fs_submit_read_io\n submit_bio //bio_list is initialized.\n mmc_blk_mq_recovery\n z_erofs_endio\n vm_map_ram\n __pte_alloc_kernel\n __alloc_pages_direct_reclaim\n shrink_folio_list\n __swap_writepage\n submit_bio_wait //bio_list is non-NULL, hang!!!\n\nUse memalloc_noio_{save,restore}() to wrap up this path.(CVE-2026-31467)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false\n\nA UAF issue occurs when the virtio_net driver is configured with napi_tx=N\nand the device's IFF_XMIT_DST_RELEASE flag is cleared\n(e.g., during the configuration of tc route filter rules).\n\nWhen IFF_XMIT_DST_RELEASE is removed from the net_device, the network stack\nexpects the driver to hold the reference to skb->dst until the packet\nis fully transmitted and freed. In virtio_net with napi_tx=N,\nskbs may remain in the virtio transmit ring for an extended period.\n\nIf the network namespace is destroyed while these skbs are still pending,\nthe corresponding dst_ops structure has freed. When a subsequent packet\nis transmitted, free_old_xmit() is triggered to clean up old skbs.\nIt then calls dst_release() on the skb associated with the stale dst_entry.\nSince the dst_ops (referenced by the dst_entry) has already been freed,\na UAF kernel paging request occurs.\n\nfix it by adds skb_dst_drop(skb) in start_xmit to explicitly release\nthe dst reference before the skb is queued in virtio_net.\n\nCall Trace:\n Unable to handle kernel paging request at virtual address ffff80007e150000\n CPU: 2 UID: 0 PID: 6236 Comm: ping Kdump: loaded Not tainted 7.0.0-rc1+ #6 PREEMPT\n ...\n percpu_counter_add_batch+0x3c/0x158 lib/percpu_counter.c:98 (P)\n dst_release+0xe0/0x110 net/core/dst.c:177\n skb_release_head_state+0xe8/0x108 net/core/skbuff.c:1177\n sk_skb_reason_drop+0x54/0x2d8 net/core/skbuff.c:1255\n dev_kfree_skb_any_reason+0x64/0x78 net/core/dev.c:3469\n napi_consume_skb+0x1c4/0x3a0 net/core/skbuff.c:1527\n __free_old_xmit+0x164/0x230 drivers/net/virtio_net.c:611 [virtio_net]\n free_old_xmit drivers/net/virtio_net.c:1081 [virtio_net]\n start_xmit+0x7c/0x530 drivers/net/virtio_net.c:3329 [virtio_net]\n ...\n\nReproduction Steps:\nNETDEV=\"enp3s0\"\n\nconfig_qdisc_route_filter() {\n tc qdisc del dev $NETDEV root\n tc qdisc add dev $NETDEV root handle 1: prio\n tc filter add dev $NETDEV parent 1:0 \\\n\tprotocol ip prio 100 route to 100 flowid 1:1\n ip route add 192.168.1.100/32 dev $NETDEV realm 100\n}\n\ntest_ns() {\n ip netns add testns\n ip link set $NETDEV netns testns\n ip netns exec testns ifconfig $NETDEV 10.0.32.46/24\n ip netns exec testns ping -c 1 10.0.32.1\n ip netns del testns\n}\n\nconfig_qdisc_route_filter\n\ntest_ns\nsleep 2\ntest_ns(CVE-2026-31469)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nspi: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]\n\nAlso note that we do not enable the driver_override feature of struct\nbus_type, as SPI - in contrast to most other buses - passes \"\" to\nsysfs_emit() when the driver_override pointer is NULL. Thus, printing\n\"\\n\" instead of \"(null)\\n\".(CVE-2026-31487)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use netlink policy range checks\n\nReplace manual range and mask validations with netlink policy\nannotations in ctnetlink code paths, so that the netlink core rejects\ninvalid values early and can generate extack errors.\n\n- CTA_PROTOINFO_TCP_STATE: reject values > TCP_CONNTRACK_SYN_SENT2 at\n policy level, removing the manual >= TCP_CONNTRACK_MAX check.\n- CTA_PROTOINFO_TCP_WSCALE_ORIGINAL/REPLY: reject values > TCP_MAX_WSCALE\n (14). The normal TCP option parsing path already clamps to this value,\n but the ctnetlink path accepted 0-255, causing undefined behavior when\n used as a u32 shift count.\n- CTA_FILTER_ORIG_FLAGS/REPLY_FLAGS: use NLA_POLICY_MASK with\n CTA_FILTER_F_ALL, removing the manual mask checks.\n- CTA_EXPECT_FLAGS: use NLA_POLICY_MASK with NF_CT_EXPECT_MASK, adding\n a new mask define grouping all valid expect flags.\n\nExtracted from a broader nf-next patch by Florian Westphal, scoped to\nctnetlink for the fixes tree.(CVE-2026-31495)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: skip expectations in other netns via proc\n\nSkip expectations that do not reside in this netns.\n\nSimilar to e77e6ff502ea (\"netfilter: conntrack: do not dump other netns's\nconntrack entries via proc\").(CVE-2026-31496)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop\n\nl2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED\nstate to support L2CAP reconfiguration (e.g. MTU changes). However,\nsince both CONF_INPUT_DONE and CONF_OUTPUT_DONE are already set from\nthe initial configuration, the reconfiguration path falls through to\nl2cap_ertm_init(), which re-initializes tx_q, srej_q, srej_list, and\nretrans_list without freeing the previous allocations and sets\nchan->sdu to NULL without freeing the existing skb. This leaks all\npreviously allocated ERTM resources.\n\nAdditionally, l2cap_parse_conf_req() does not validate the minimum\nvalue of remote_mps derived from the RFC max_pdu_size option. A zero\nvalue propagates to l2cap_segment_sdu() where pdu_len becomes zero,\ncausing the while loop to never terminate since len is never\ndecremented, exhausting all available memory.\n\nFix the double-init by skipping l2cap_ertm_init() and\nl2cap_chan_ready() when the channel is already in BT_CONNECTED state,\nwhile still allowing the reconfiguration parameters to be updated\nthrough l2cap_parse_conf_req(). Also add a pdu_len zero check in\nl2cap_segment_sdu() as a safeguard.(CVE-2026-31498)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix deadlock in l2cap_conn_del()\n\nl2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer\nand id_addr_timer while holding conn->lock. However, the work functions\nl2cap_info_timeout() and l2cap_conn_update_id_addr() both acquire\nconn->lock, creating a potential AB-BA deadlock if the work is already\nexecuting when l2cap_conn_del() takes the lock.\n\nMove the work cancellations before acquiring conn->lock and use\ndisable_delayed_work_sync() to additionally prevent the works from\nbeing rearmed after cancellation, consistent with the pattern used in\nhci_conn_del().(CVE-2026-31499)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix out-of-bounds writes in iavf_get_ethtool_stats()\n\niavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the\nvalue could change in runtime, we should use num_tx_queues instead.\n\nMoreover iavf_get_ethtool_stats() uses num_active_queues while\niavf_get_sset_count() and iavf_get_stat_strings() use\nreal_num_tx_queues, which triggers out-of-bounds writes when we do\n\"ethtool -L\" and \"ethtool -S\" simultaneously [1].\n\nFor example when we change channels from 1 to 8, Thread 3 could be\nscheduled before Thread 2, and out-of-bounds writes could be triggered\nin Thread 3:\n\nThread 1 (ethtool -L) Thread 2 (work) Thread 3 (ethtool -S)\niavf_set_channels()\n...\niavf_alloc_queues()\n-> num_active_queues = 8\niavf_schedule_finish_config()\n iavf_get_sset_count()\n real_num_tx_queues: 1\n -> buffer for 1 queue\n iavf_get_ethtool_stats()\n num_active_queues: 8\n -> out-of-bounds!\n iavf_finish_config()\n -> real_num_tx_queues = 8\n\nUse immutable num_tx_queues in all related functions to avoid the issue.\n\n[1]\n BUG: KASAN: vmalloc-out-of-bounds in iavf_add_one_ethtool_stat+0x200/0x270\n Write of size 8 at addr ffffc900031c9080 by task ethtool/5800\n\n CPU: 1 UID: 0 PID: 5800 Comm: ethtool Not tainted 6.19.0-enjuk-08403-g8137e3db7f1c #241 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x6f/0xb0\n print_report+0x170/0x4f3\n kasan_report+0xe1/0x180\n iavf_add_one_ethtool_stat+0x200/0x270\n iavf_get_ethtool_stats+0x14c/0x2e0\n __dev_ethtool+0x3d0c/0x5830\n dev_ethtool+0x12d/0x270\n dev_ioctl+0x53c/0xe30\n sock_do_ioctl+0x1a9/0x270\n sock_ioctl+0x3d4/0x5e0\n __x64_sys_ioctl+0x137/0x1c0\n do_syscall_64+0xf3/0x690\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7da0e6e36d\n ...\n \n\n The buggy address belongs to a 1-page vmalloc region starting at 0xffffc900031c9000 allocated at __dev_ethtool+0x3cc9/0x5830\n The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000\n index:0xffff88813a013de0 pfn:0x13a013\n flags: 0x200000000000000(node=0|zone=2)\n raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000\n raw: ffff88813a013de0 0000000000000000 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffffc900031c8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900031c9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffffc900031c9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900031c9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900031c9180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8(CVE-2026-31505)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025\n Workqueue: events l2cap_info_timeout\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n veth0_macvtap: entered promiscuous mode\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS: 0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Call Trace:\n \n __kasan_check_byte+0x12/0x40\n lock_acquire+0x79/0x2e0\n lock_sock_nested+0x48/0x100\n ? l2cap_sock_ready_cb+0x46/0x160\n l2cap_sock_ready_cb+0x46/0x160\n l2cap_conn_start+0x779/0xff0\n ? __pfx_l2cap_conn_start+0x10/0x10\n ? l2cap_info_timeout+0x60/0xa0\n ? __pfx___mutex_lock+0x10/0x10\n l2cap_info_timeout+0x68/0xa0\n ? process_scheduled_works+0xa8d/0x18c0\n process_scheduled_works+0xb6e/0x18c0\n ? __pfx_process_scheduled_works+0x10/0x10\n ? assign_work+0x3d5/0x5e0\n worker_thread+0xa53/0xfc0\n kthread+0x388/0x470\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x51e/0xb90\n ? __pfx_ret_from_fork+0x10/0x10\n veth1_macvtap: entered promiscuous mode\n ? __switch_to+0xc7d/0x1450\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n batman_adv: batadv0: Interface activated: batadv_slave_0\n batman_adv: batadv0: Interface activated: batadv_slave_1\n netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS: 0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception(CVE-2026-31510)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete\n\nThis fixes the condition checking so mgmt_pending_valid is executed\nwhenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd)\nwould kfree(cmd) without unlinking it from the list first, leaving a\ndangling pointer. Any subsequent list traversal (e.g.,\nmgmt_pending_foreach during __mgmt_power_off, or another\nmgmt_pending_valid call) would dereference freed memory.(CVE-2026-31511)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()\n\nl2cap_ecred_data_rcv() reads the SDU length field from skb->data using\nget_unaligned_le16() without first verifying that skb contains at least\nL2CAP_SDULEN_SIZE (2) bytes. When skb->len is less than 2, this reads\npast the valid data in the skb.\n\nThe ERTM reassembly path correctly calls pskb_may_pull() before reading\nthe SDU length (l2cap_reassemble_sdu, L2CAP_SAR_START case). Apply the\nsame validation to the Enhanced Credit Based Flow Control data path.(CVE-2026-31512)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: prevent policy_hthresh.work from racing with netns teardown\n\nA XFRM_MSG_NEWSPDINFO request can queue the per-net work item\npolicy_hthresh.work onto the system workqueue.\n\nThe queued callback, xfrm_hash_rebuild(), retrieves the enclosing\nstruct net via container_of(). If the net namespace is torn down\nbefore that work runs, the associated struct net may already have\nbeen freed, and xfrm_hash_rebuild() may then dereference stale memory.\n\nxfrm_policy_fini() already flushes policy_hash_work during teardown,\nbut it does not synchronize policy_hthresh.work.\n\nSynchronize policy_hthresh.work in xfrm_policy_fini() as well, so the\nqueued work cannot outlive the net namespace teardown and access a\nfreed struct net.(CVE-2026-31516)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nesp: fix skb leak with espintcp and async crypto\n\nWhen the TX queue for espintcp is full, esp_output_tail_tcp will\nreturn an error and not free the skb, because with synchronous crypto,\nthe common xfrm output code will drop the packet for us.\n\nWith async crypto (esp_output_done), we need to drop the skb when\nesp_output_tail_tcp returns an error.(CVE-2026-31518)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN\n\nThe BPF interpreter's signed 32-bit division and modulo handlers use\nthe kernel abs() macro on s32 operands. The abs() macro documentation\n(include/linux/math.h) explicitly states the result is undefined when\nthe input is the type minimum. When DST contains S32_MIN (0x80000000),\nabs((s32)DST) triggers undefined behavior and returns S32_MIN unchanged\non arm64/x86. This value is then sign-extended to u64 as\n0xFFFFFFFF80000000, causing do_div() to compute the wrong result.\n\nThe verifier's abstract interpretation (scalar32_min_max_sdiv) computes\nthe mathematically correct result for range tracking, creating a\nverifier/interpreter mismatch that can be exploited for out-of-bounds\nmap value access.\n\nIntroduce abs_s32() which handles S32_MIN correctly by casting to u32\nbefore negating, avoiding signed overflow entirely. Replace all 8\nabs((s32)...) call sites in the interpreter's sdiv32/smod32 handlers.\n\ns32 is the only affected case -- the s64 division/modulo handlers do\nnot use abs().(CVE-2026-31525)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nperf: Make sure to use pmu_ctx->pmu for groups\n\nOliver reported that x86_pmu_del() ended up doing an out-of-bound memory access\nwhen group_sched_in() fails and needs to roll back.\n\nThis *should* be handled by the transaction callbacks, but he found that when\nthe group leader is a software event, the transaction handlers of the wrong PMU\nare used. Despite the move_group case in perf_event_open() and group_sched_in()\nusing pmu_ctx->pmu.\n\nTurns out, inherit uses event->pmu to clone the events, effectively undoing the\nmove_group case for all inherited contexts. Fix this by also making inherit use\npmu_ctx->pmu, ensuring all inherited counters end up in the same pmu context.\n\nSimilarly, __perf_event_read() should use equally use pmu_ctx->pmu for the\ngroup case.(CVE-2026-31528)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()\n\nWhen querying a nexthop object via RTM_GETNEXTHOP, the kernel currently\nallocates a fixed-size skb using NLMSG_GOODSIZE. While sufficient for\nsingle nexthops and small Equal-Cost Multi-Path groups, this fixed\nallocation fails for large nexthop groups like 512 nexthops.\n\nThis results in the following warning splat:\n\n WARNING: net/ipv4/nexthop.c:3395 at rtm_get_nexthop+0x176/0x1c0, CPU#20: rep/4608\n [...]\n RIP: 0010:rtm_get_nexthop (net/ipv4/nexthop.c:3395)\n [...]\n Call Trace:\n \n rtnetlink_rcv_msg (net/core/rtnetlink.c:6989)\n netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\n netlink_sendmsg (net/netlink/af_netlink.c:1894)\n ____sys_sendmsg (net/socket.c:721 net/socket.c:736 net/socket.c:2585)\n ___sys_sendmsg (net/socket.c:2641)\n __sys_sendmsg (net/socket.c:2671)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \n\nFix this by allocating the size dynamically using nh_nlmsg_size() and\nusing nlmsg_new(), this is consistent with nexthop_notify() behavior. In\naddition, adjust nh_nlmsg_size_grp() so it calculates the size needed\nbased on flags passed. While at it, also add the size of NHA_FDB for\nnexthop group size calculation as it was missing too.\n\nThis cannot be reproduced via iproute2 as the group size is currently\nlimited and the command fails as follows:\n\naddattr_l ERROR: message exceeded bound of 1048(CVE-2026-31531)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncan: raw: fix ro->uniq use-after-free in raw_rcv()\n\nraw_release() unregisters raw CAN receive filters via can_rx_unregister(),\nbut receiver deletion is deferred with call_rcu(). This leaves a window\nwhere raw_rcv() may still be running in an RCU read-side critical section\nafter raw_release() frees ro->uniq, leading to a use-after-free of the\npercpu uniq storage.\n\nMove free_percpu(ro->uniq) out of raw_release() and into a raw-specific\nsocket destructor. can_rx_unregister() takes an extra reference to the\nsocket and only drops it from the RCU callback, so freeing uniq from\nsk_destruct ensures the percpu area is not released until the relevant\ncallbacks have drained.\n\n[mkl: applied manually](CVE-2026-31532)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix use-after-free in -EBUSY error path of tls_do_encryption\n\nThe -EBUSY handling in tls_do_encryption(), introduced by commit\n859054147318 (\"net: tls: handle backlogging of crypto requests\"), has\na use-after-free due to double cleanup of encrypt_pending and the\nscatterlist entry.\n\nWhen crypto_aead_encrypt() returns -EBUSY, the request is enqueued to\nthe cryptd backlog and the async callback tls_encrypt_done() will be\ninvoked upon completion. That callback unconditionally restores the\nscatterlist entry (sge->offset, sge->length) and decrements\nctx->encrypt_pending. However, if tls_encrypt_async_wait() returns an\nerror, the synchronous error path in tls_do_encryption() performs the\nsame cleanup again, double-decrementing encrypt_pending and\ndouble-restoring the scatterlist.\n\nThe double-decrement corrupts the encrypt_pending sentinel (initialized\nto 1), making tls_encrypt_async_wait() permanently skip the wait for\npending async callbacks. A subsequent sendmsg can then free the\ntls_rec via bpf_exec_tx_verdict() while a cryptd callback is still\npending, resulting in a use-after-free when the callback fires on the\nfreed record.\n\nFix this by skipping the synchronous cleanup when the -EBUSY async\nwait returns an error, since the callback has already handled\nencrypt_pending and sge restoration.(CVE-2026-31533)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Check set_default_submission() before deferencing\n\nWhen the i915 driver firmware binaries are not present, the\nset_default_submission pointer is not set. This pointer is\ndereferenced during suspend anyways.\n\nAdd a check to make sure it is set before dereferencing.\n\n[ 23.289926] PM: suspend entry (deep)\n[ 23.293558] Filesystems sync: 0.000 seconds\n[ 23.298010] Freezing user space processes\n[ 23.302771] Freezing user space processes completed (elapsed 0.000 seconds)\n[ 23.309766] OOM killer disabled.\n[ 23.313027] Freezing remaining freezable tasks\n[ 23.318540] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)\n[ 23.342038] serial 00:05: disabled\n[ 23.345719] serial 00:02: disabled\n[ 23.349342] serial 00:01: disabled\n[ 23.353782] sd 0:0:0:0: [sda] Synchronizing SCSI cache\n[ 23.358993] sd 1:0:0:0: [sdb] Synchronizing SCSI cache\n[ 23.361635] ata1.00: Entering standby power mode\n[ 23.368863] ata2.00: Entering standby power mode\n[ 23.445187] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 23.452194] #PF: supervisor instruction fetch in kernel mode\n[ 23.457896] #PF: error_code(0x0010) - not-present page\n[ 23.463065] PGD 0 P4D 0\n[ 23.465640] Oops: Oops: 0010 [#1] SMP NOPTI\n[ 23.469869] CPU: 8 UID: 0 PID: 211 Comm: kworker/u48:18 Tainted: G S W 6.19.0-rc4-00020-gf0b9d8eb98df #10 PREEMPT(voluntary)\n[ 23.482512] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 23.496511] Workqueue: async async_run_entry_fn\n[ 23.501087] RIP: 0010:0x0\n[ 23.503755] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 23.510324] RSP: 0018:ffffb4a60065fca8 EFLAGS: 00010246\n[ 23.515592] RAX: 0000000000000000 RBX: ffff9f428290e000 RCX: 000000000000000f\n[ 23.522765] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff9f428290e000\n[ 23.529937] RBP: ffff9f4282907070 R08: ffff9f4281130428 R09: 00000000ffffffff\n[ 23.537111] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f42829070f8\n[ 23.544284] R13: ffff9f4282906028 R14: ffff9f4282900000 R15: ffff9f4282906b68\n[ 23.551457] FS: 0000000000000000(0000) GS:ffff9f466b2cf000(0000) knlGS:0000000000000000\n[ 23.559588] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 23.565365] CR2: ffffffffffffffd6 CR3: 000000031c230001 CR4: 0000000000f70ef0\n[ 23.572539] PKRU: 55555554\n[ 23.575281] Call Trace:\n[ 23.577770] \n[ 23.579905] intel_engines_reset_default_submission+0x42/0x60\n[ 23.585695] __intel_gt_unset_wedged+0x191/0x200\n[ 23.590360] intel_gt_unset_wedged+0x20/0x40\n[ 23.594675] gt_sanitize+0x15e/0x170\n[ 23.598290] i915_gem_suspend_late+0x6b/0x180\n[ 23.602692] i915_drm_suspend_late+0x35/0xf0\n[ 23.607008] ? __pfx_pci_pm_suspend_late+0x10/0x10\n[ 23.611843] dpm_run_callback+0x78/0x1c0\n[ 23.615817] device_suspend_late+0xde/0x2e0\n[ 23.620037] async_suspend_late+0x18/0x30\n[ 23.624082] async_run_entry_fn+0x25/0xa0\n[ 23.628129] process_one_work+0x15b/0x380\n[ 23.632182] worker_thread+0x2a5/0x3c0\n[ 23.635973] ? __pfx_worker_thread+0x10/0x10\n[ 23.640279] kthread+0xf6/0x1f0\n[ 23.643464] ? __pfx_kthread+0x10/0x10\n[ 23.647263] ? __pfx_kthread+0x10/0x10\n[ 23.651045] ret_from_fork+0x131/0x190\n[ 23.654837] ? __pfx_kthread+0x10/0x10\n[ 23.658634] ret_from_fork_asm+0x1a/0x30\n[ 23.662597] \n[ 23.664826] Modules linked in:\n[ 23.667914] CR2: 0000000000000000\n[ 23.671271] ------------[ cut here ]------------\n\n(cherry picked from commit daa199abc3d3d1740c9e3a2c3e9216ae5b447cad)(CVE-2026-31540)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nx86/platform/uv: Handle deconfigured sockets\n\nWhen a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes\na panic while allocating UV hub info structures.\n\nFix this by using NUMA_NO_NODE, allowing UV hub info structures to be\nallocated on valid nodes.(CVE-2026-31542)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix NULL deref in bond_debug_rlb_hash_show\n\nrlb_clear_slave intentionally keeps RLB hash-table entries on\nthe rx_hashtbl_used_head list with slave set to NULL when no\nreplacement slave is available. However, bond_debug_rlb_hash_show\nvisites client_info->slave without checking if it's NULL.\n\nOther used-list iterators in bond_alb.c already handle this NULL-slave\nstate safely:\n\n- rlb_update_client returns early on !client_info->slave\n- rlb_req_update_slave_clients, rlb_clear_slave, and rlb_rebalance\ncompare slave values before visiting\n- lb_req_update_subnet_clients continues if slave is NULL\n\nThe following NULL deref crash can be trigger in\nbond_debug_rlb_hash_show:\n\n[ 1.289791] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.292058] RIP: 0010:bond_debug_rlb_hash_show (drivers/net/bonding/bond_debugfs.c:41)\n[ 1.293101] RSP: 0018:ffffc900004a7d00 EFLAGS: 00010286\n[ 1.293333] RAX: 0000000000000000 RBX: ffff888102b48200 RCX: ffff888102b48204\n[ 1.293631] RDX: ffff888102b48200 RSI: ffffffff839daad5 RDI: ffff888102815078\n[ 1.293924] RBP: ffff888102815078 R08: ffff888102b4820e R09: 0000000000000000\n[ 1.294267] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100f929c0\n[ 1.294564] R13: ffff888100f92a00 R14: 0000000000000001 R15: ffffc900004a7ed8\n[ 1.294864] FS: 0000000001395380(0000) GS:ffff888196e75000(0000) knlGS:0000000000000000\n[ 1.295239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1.295480] CR2: 0000000000000000 CR3: 0000000102adc004 CR4: 0000000000772ef0\n[ 1.295897] Call Trace:\n[ 1.296134] seq_read_iter (fs/seq_file.c:231)\n[ 1.296341] seq_read (fs/seq_file.c:164)\n[ 1.296493] full_proxy_read (fs/debugfs/file.c:378 (discriminator 1))\n[ 1.296658] vfs_read (fs/read_write.c:572)\n[ 1.296981] ksys_read (fs/read_write.c:717)\n[ 1.297132] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n[ 1.297325] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nAdd a NULL check and print \"(none)\" for entries with no assigned slave.(CVE-2026-31546)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Clear stale exiting pointer in futex_lock_pi() retry path\n\nFuzzying/stressing futexes triggered:\n\n WARNING: kernel/futex/core.c:825 at wait_for_owner_exiting+0x7a/0x80, CPU#11: futex_lock_pi_s/524\n\nWhen futex_lock_pi_atomic() sees the owner is exiting, it returns -EBUSY\nand stores a refcounted task pointer in 'exiting'.\n\nAfter wait_for_owner_exiting() consumes that reference, the local pointer\nis never reset to nil. Upon a retry, if futex_lock_pi_atomic() returns a\ndifferent error, the bogus pointer is passed to wait_for_owner_exiting().\n\n CPU0\t\t\t CPU1\t\t CPU2\n futex_lock_pi(uaddr)\n // acquires the PI futex\n exit()\n futex_cleanup_begin()\n futex_state = EXITING;\n\t\t\t futex_lock_pi(uaddr)\n\t\t\t futex_lock_pi_atomic()\n\t\t\t\t attach_to_pi_owner()\n\t\t\t\t // observes EXITING\n\t\t\t\t *exiting = owner; // takes ref\n\t\t\t\t return -EBUSY\n\t\t\t wait_for_owner_exiting(-EBUSY, owner)\n\t\t\t\t put_task_struct(); // drops ref\n\t\t\t // exiting still points to owner\n\t\t\t goto retry;\n\t\t\t futex_lock_pi_atomic()\n\t\t\t\t lock_pi_update_atomic()\n\t\t\t\t cmpxchg(uaddr)\n\t\t\t\t\t*uaddr ^= WAITERS // whatever\n\t\t\t\t // value changed\n\t\t\t\t return -EAGAIN;\n\t\t\t wait_for_owner_exiting(-EAGAIN, exiting) // stale\n\t\t\t\t WARN_ON_ONCE(exiting)\n\nFix this by resetting upon retry, essentially aligning it with requeue_pi.(CVE-2026-31555)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib\n\namdgpu_amdkfd_submit_ib() submits a GPU job and gets a fence\nfrom amdgpu_ib_schedule(). This fence is used to wait for job\ncompletion.\n\nCurrently, the code drops the fence reference using dma_fence_put()\nbefore calling dma_fence_wait().\n\nIf dma_fence_put() releases the last reference, the fence may be\nfreed before dma_fence_wait() is called. This can lead to a\nuse-after-free.\n\nFix this by waiting on the fence first and releasing the reference\nonly after dma_fence_wait() completes.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c:697 amdgpu_amdkfd_submit_ib() warn: passing freed memory 'f' (line 696)\n\n(cherry picked from commit 8b9e5259adc385b61a6590a13b82ae0ac2bd3482)(CVE-2026-31566)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncan: gw: fix OOB heap access in cgw_csum_crc8_rel()\n\ncgw_csum_crc8_rel() correctly computes bounds-safe indices via calc_idx():\n\n int from = calc_idx(crc8->from_idx, cf->len);\n int to = calc_idx(crc8->to_idx, cf->len);\n int res = calc_idx(crc8->result_idx, cf->len);\n\n if (from < 0 || to < 0 || res < 0)\n return;\n\nHowever, the loop and the result write then use the raw s8 fields directly\ninstead of the computed variables:\n\n for (i = crc8->from_idx; ...) /* BUG: raw negative index */\n cf->data[crc8->result_idx] = ...; /* BUG: raw negative index */\n\nWith from_idx = to_idx = result_idx = -64 on a 64-byte CAN FD frame,\ncalc_idx(-64, 64) = 0 so the guard passes, but the loop iterates with\ni = -64, reading cf->data[-64], and the write goes to cf->data[-64].\nThis write might end up to 56 (7.0-rc) or 40 (<= 6.19) bytes before the\nstart of the canfd_frame on the heap.\n\nThe companion function cgw_csum_xor_rel() uses `from`/`to`/`res`\ncorrectly throughout; fix cgw_csum_crc8_rel() to match.\n\nConfirmed with KASAN on linux-7.0-rc2:\n BUG: KASAN: slab-out-of-bounds in cgw_csum_crc8_rel+0x515/0x5b0\n Read of size 1 at addr ffff8880076619c8 by task poc_cgw_oob/62\n\nTo configure the can-gw crc8 checksums CAP_NET_ADMIN is needed.(CVE-2026-31570)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION\n\nDrop the WARN in sev_pin_memory() on npages overflowing an int, as the\nWARN is comically trivially to trigger from userspace, e.g. by doing:\n\n struct kvm_enc_region range = {\n .addr = 0,\n .size = -1ul,\n };\n\n __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range);\n\nNote, the checks in sev_mem_enc_register_region() that presumably exist to\nverify the incoming address+size are completely worthless, as both \"addr\"\nand \"size\" are u64s and SEV is 64-bit only, i.e. they _can't_ be greater\nthan ULONG_MAX. That wart will be cleaned up in the near future.\n\n\tif (range->addr > ULONG_MAX || range->size > ULONG_MAX)\n\t\treturn -EINVAL;\n\nOpportunistically add a comment to explain why the code calculates the\nnumber of pages the \"hard\" way, e.g. instead of just shifting @ulen.(CVE-2026-31590)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup\n\nDisable the delayed work before clearing BAR mappings and doorbells to\navoid running the handler after resources have been torn down.\n\n Unable to handle kernel paging request at virtual address ffff800083f46004\n [...]\n Internal error: Oops: 0000000096000007 [#1] SMP\n [...]\n Call trace:\n epf_ntb_cmd_handler+0x54/0x200 [pci_epf_vntb] (P)\n process_one_work+0x154/0x3b0\n worker_thread+0x2c8/0x400\n kthread+0x148/0x210\n ret_from_fork+0x10/0x20(CVE-2026-31595)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU: Fix FPDSS on Zen1\n\nZen1's hardware divider can leave, under certain circumstances, partial\nresults from previous operations. Those results can be leaked by\nanother, attacker thread.\n\nFix that with a chicken bit.(CVE-2026-31628)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: proc: size address buffers for %pISpc output\n\nThe AF_RXRPC procfs helpers format local and remote socket addresses into\nfixed 50-byte stack buffers with \"%pISpc\".\n\nThat is too small for the longest current-tree IPv6-with-port form the\nformatter can produce. In lib/vsprintf.c, the compressed IPv6 path uses a\ndotted-quad tail not only for v4mapped addresses, but also for ISATAP\naddresses via ipv6_addr_is_isatap().\n\nAs a result, a case such as\n\n [ffff:ffff:ffff:ffff:0:5efe:255.255.255.255]:65535\n\nis possible with the current formatter. That is 50 visible characters, so\n51 bytes including the trailing NUL, which does not fit in the existing\nchar[50] buffers used by net/rxrpc/proc.c.\n\nSize the buffers from the formatter's maximum textual form and switch the\ncall sites to scnprintf().\n\nChanges since v1:\n- correct the changelog to cite the actual maximum current-tree case\n explicitly\n- frame the proof around the ISATAP formatting path instead of the earlier\n mapped-v4 example(CVE-2026-31630)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmmc: vub300: fix NULL-deref on disconnect\n\nMake sure to deregister the controller before dropping the reference to\nthe driver data on disconnect to avoid NULL-pointer dereferences or\nuse-after-free.(CVE-2026-31651)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: fix use-after-free in timeout object destroy\n\nnft_ct_timeout_obj_destroy() frees the timeout object with kfree()\nimmediately after nf_ct_untimeout(), without waiting for an RCU grace\nperiod. Concurrent packet processing on other CPUs may still hold\nRCU-protected references to the timeout object obtained via\nrcu_dereference() in nf_ct_timeout_data().\n\nAdd an rcu_head to struct nf_ct_timeout and use kfree_rcu() to defer\nfreeing until after an RCU grace period, matching the approach already\nused in nfnetlink_cttimeout.c.\n\nKASAN report:\n BUG: KASAN: slab-use-after-free in nf_conntrack_tcp_packet+0x1381/0x29d0\n Read of size 4 at addr ffff8881035fe19c by task exploit/80\n\n Call Trace:\n nf_conntrack_tcp_packet+0x1381/0x29d0\n nf_conntrack_in+0x612/0x8b0\n nf_hook_slow+0x70/0x100\n __ip_local_out+0x1b2/0x210\n tcp_sendmsg_locked+0x722/0x1580\n __sys_sendto+0x2d8/0x320\n\n Allocated by task 75:\n nft_ct_timeout_obj_init+0xf6/0x290\n nft_obj_init+0x107/0x1b0\n nf_tables_newobj+0x680/0x9c0\n nfnetlink_rcv_batch+0xc29/0xe00\n\n Freed by task 26:\n nft_obj_destroy+0x3f/0xa0\n nf_tables_trans_destroy_work+0x51c/0x5c0\n process_one_work+0x2c4/0x5a0(CVE-2026-31665)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - fix circular locking dependency with ff-core\n\nA lockdep circular locking dependency warning can be triggered\nreproducibly when using a force-feedback gamepad with uinput (for\nexample, playing ELDEN RING under Wine with a Flydigi Vader 5\ncontroller):\n\n ff->mutex -> udev->mutex -> input_mutex -> dev->mutex -> ff->mutex\n\nThe cycle is caused by four lock acquisition paths:\n\n1. ff upload: input_ff_upload() holds ff->mutex and calls\n uinput_dev_upload_effect() -> uinput_request_submit() ->\n uinput_request_send(), which acquires udev->mutex.\n\n2. device create: uinput_ioctl_handler() holds udev->mutex and calls\n uinput_create_device() -> input_register_device(), which acquires\n input_mutex.\n\n3. device register: input_register_device() holds input_mutex and\n calls kbd_connect() -> input_register_handle(), which acquires\n dev->mutex.\n\n4. evdev release: evdev_release() calls input_flush_device() under\n dev->mutex, which calls input_ff_flush() acquiring ff->mutex.\n\nFix this by introducing a new state_lock spinlock to protect\nudev->state and udev->dev access in uinput_request_send() instead of\nacquiring udev->mutex. The function only needs to atomically check\ndevice state and queue an input event into the ring buffer via\nuinput_dev_event() -- both operations are safe under a spinlock\n(ktime_get_ts64() and wake_up_interruptible() do not sleep). This\nbreaks the ff->mutex -> udev->mutex link since a spinlock is a leaf in\nthe lock ordering and cannot form cycles with mutexes.\n\nTo keep state transitions visible to uinput_request_send(), protect\nwrites to udev->state in uinput_create_device() and\nuinput_destroy_device() with the same state_lock spinlock.\n\nAdditionally, move init_completion(&request->done) from\nuinput_request_send() to uinput_request_submit() before\nuinput_request_reserve_slot(). Once the slot is allocated,\nuinput_flush_requests() may call complete() on it at any time from\nthe destroy path, so the completion must be initialised before the\nrequest becomes visible.\n\nLock ordering after the fix:\n\n ff->mutex -> state_lock (spinlock, leaf)\n udev->mutex -> state_lock (spinlock, leaf)\n udev->mutex -> input_mutex -> dev->mutex -> ff->mutex (no back-edge)(CVE-2026-31667)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_netem: fix out-of-bounds access in packet corruption\n\nIn netem_enqueue(), the packet corruption logic uses\nget_random_u32_below(skb_headlen(skb)) to select an index for\nmodifying skb->data. When an AF_PACKET TX_RING sends fully non-linear\npackets over an IPIP tunnel, skb_headlen(skb) evaluates to 0.\n\nPassing 0 to get_random_u32_below() takes the variable-ceil slow path\nwhich returns an unconstrained 32-bit random integer. Using this\nunconstrained value as an offset into skb->data results in an\nout-of-bounds memory access.\n\nFix this by verifying skb_headlen(skb) is non-zero before attempting\nto corrupt the linear data area. Fully non-linear packets will silently\nbypass the corruption logic.(CVE-2026-31675)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - limit RX SG extraction by receive buffer budget\n\nMake af_alg_get_rsgl() limit each RX scatterlist extraction to the\nremaining receive buffer budget.\n\naf_alg_get_rsgl() currently uses af_alg_readable() only as a gate\nbefore extracting data into the RX scatterlist. Limit each extraction\nto the remaining af_alg_rcvbuf(sk) budget so that receive-side\naccounting matches the amount of data attached to the request.\n\nIf skcipher cannot obtain enough RX space for at least one chunk while\nmore data remains to be processed, reject the recvmsg call instead of\nrounding the request length down to zero.(CVE-2026-31677)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: defer tunnel netdev_put to RCU release\n\novs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already\ndetached the device. Dropping the netdev reference in destroy can race\nwith concurrent readers that still observe vport->dev.\n\nDo not release vport->dev in ovs_netdev_tunnel_destroy(). Instead, let\nvport_netdev_free() drop the reference from the RCU callback, matching\nthe non-tunnel destroy path and avoiding additional synchronization\nunder RTNL.(CVE-2026-31678)\n\nIn the Linux kernel, a memory out-of-bounds access vulnerability exists in the act_csum module's tcf_csum_act() function when processing nested VLAN headers. When an skb still carries in-payload VLAN tags, the function walks nested VLAN headers directly from skb->data. The current code reads vlan->h_vlan_encapsulated_proto and then pulls VLAN_HLEN bytes without first ensuring that the full VLAN header is present in the linear area. If only part of an inner VLAN header is linearized, accessing h_vlan_encapsulated_proto reads past the linear area, and the following skb_pull(VLAN_HLEN) may violate skb invariants.(CVE-2026-31684)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ip6t_eui64: reject invalid MAC header for all packets\n\n`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address\nand compares it with the low 64 bits of the IPv6 source address.\n\nThe existing guard only rejects an invalid MAC header when\n`par->fragoff != 0`. For packets with `par->fragoff == 0`, `eui64_mt6()`\ncan still reach `eth_hdr(skb)` even when the MAC header is not valid.\n\nFix this by removing the `par->fragoff != 0` condition so that packets\nwith an invalid MAC header are rejected before accessing `eth_hdr(skb)`.(CVE-2026-31685)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/mc: Fix error path ordering in edac_mc_alloc()\n\nWhen the mci->pvt_info allocation in edac_mc_alloc() fails, the error path\nwill call put_device() which will end up calling the device's release\nfunction.\n\nHowever, the init ordering is wrong such that device_initialize() happens\n*after* the failed allocation and thus the device itself and the release\nfunction pointer are not initialized yet when they're called:\n\n MCE: In-kernel MCE decoding enabled.\n ------------[ cut here ]------------\n kobject: '(null)': is not initialized, yet kobject_put() is being called.\n WARNING: lib/kobject.c:734 at kobject_put, CPU#22: systemd-udevd\n CPU: 22 UID: 0 PID: 538 Comm: systemd-udevd Not tainted 7.0.0-rc1+ #2 PREEMPT(full)\n RIP: 0010:kobject_put\n Call Trace:\n \n edac_mc_alloc+0xbe/0xe0 [edac_core]\n amd64_edac_init+0x7a4/0xff0 [amd64_edac]\n ? __pfx_amd64_edac_init+0x10/0x10 [amd64_edac]\n do_one_initcall\n ...\n\nReorder the calling sequence so that the device is initialized and thus the\nrelease function pointer is properly set before it can be used.\n\nThis was found by Claude while reviewing another EDAC patch.(CVE-2026-31689)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy ID to userspace if PSP command failed\n\nWhen retrieving the ID for the CPU, don't attempt to copy the ID blob to\nuserspace if the firmware command failed. If the failure was due to an\ninvalid length, i.e. the userspace buffer+length was too small, copying\nthe number of bytes _firmware_ requires will overflow the kernel-allocated\nbuffer and leak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 64 at addr ffff8881867f5960 by task syz.0.906/24388\n\n CPU: 130 UID: 0 PID: 24388 Comm: syz.0.906 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.62.0-0 11/19/2025\n Call Trace:\n \n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_get_id2+0x361/0x490 ../drivers/crypto/ccp/sev-dev.c:2222\n sev_ioctl+0x25f/0x490 ../drivers/crypto/ccp/sev-dev.c:2575\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.(CVE-2026-31697)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed\n\nWhen retrieving the PDH cert, don't attempt to copy the blobs to userspace\nif the firmware command failed. If the failure was due to an invalid\nlength, i.e. the userspace buffer+length was too small, copying the number\nof bytes _firmware_ requires will overflow the kernel-allocated buffer and\nleak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 2084 at addr ffff8885c4ab8aa0 by task syz.0.186/21033\n\n CPU: 51 UID: 0 PID: 21033 Comm: syz.0.186 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.84.12-0 11/17/2025\n Call Trace:\n \n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_pdh_export+0x3d3/0x7c0 ../drivers/crypto/ccp/sev-dev.c:2347\n sev_ioctl+0x2a2/0x490 ../drivers/crypto/ccp/sev-dev.c:2568\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.(CVE-2026-31698)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed\n\nWhen retrieving the PEK CSR, don't attempt to copy the blob to userspace\nif the firmware command failed. If the failure was due to an invalid\nlength, i.e. the userspace buffer+length was too small, copying the number\nof bytes _firmware_ requires will overflow the kernel-allocated buffer and\nleak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 2084 at addr ffff898144612e20 by task syz.9.219/21405\n\n CPU: 14 UID: 0 PID: 21405 Comm: syz.9.219 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.62.0-0 11/19/2025\n Call Trace:\n \n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_pek_csr+0x31f/0x590 ../drivers/crypto/ccp/sev-dev.c:1872\n sev_ioctl+0x3a4/0x490 ../drivers/crypto/ccp/sev-dev.c:2562\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.(CVE-2026-31699)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path\n\nsmb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL\nand the default QUERY_INFO path. The QUERY_INFO branch clamps\nqi.input_buffer_length to the server-reported OutputBufferLength and then\ncopies qi.input_buffer_length bytes from qi_rsp->Buffer to userspace, but\nit never verifies that the flexible-array payload actually fits within\nrsp_iov[1].iov_len.\n\nA malicious server can return OutputBufferLength larger than the actual\nQUERY_INFO response, causing copy_to_user() to walk past the response\nbuffer and expose adjacent kernel heap to userspace.\n\nGuard the QUERY_INFO copy with a bounds check on the actual Buffer\npayload. Use struct_size(qi_rsp, Buffer, qi.input_buffer_length)\nrather than an open-coded addition so the guard cannot overflow on\n32-bit builds.(CVE-2026-31708)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: validate ND option lengths in vxlan_na_create\n\nvxlan_na_create() walks ND options according to option-provided\nlengths. A malformed option can make the parser advance beyond the\ncomputed option span or use a too-short source LLADDR option payload.\n\nValidate option lengths against the remaining NS option area before\nadvancing, and only read source LLADDR when the option is large enough\nfor an Ethernet address.(CVE-2026-31738)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbridge: br_nd_send: validate ND option lengths\n\nbr_nd_send() walks ND options according to option-provided lengths.\nA malformed option can make the parser advance beyond the computed\noption span or use a too-short source LLADDR option payload.\n\nValidate option lengths against the remaining NS option area before\nadvancing, and only read source LLADDR when the option is large enough\nfor an Ethernet address.(CVE-2026-31752)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: gadget: fix NULL pointer dereference in ep_queue\n\nWhen the gadget endpoint is disabled or not yet configured, the ep->desc\npointer can be NULL. This leads to a NULL pointer dereference when\n__cdns3_gadget_ep_queue() is called, causing a kernel crash.\n\nAdd a check to return -ESHUTDOWN if ep->desc is NULL, which is the\nstandard return code for unconfigured endpoints.\n\nThis prevents potential crashes when ep_queue is called on endpoints\nthat are not ready.(CVE-2026-31755)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: move wake reason storage into validated event handlers\n\nhci_store_wake_reason() is called from hci_event_packet() immediately\nafter stripping the HCI event header but before hci_event_func()\nenforces the per-event minimum payload length from hci_ev_table.\nThis means a short HCI event frame can reach bacpy() before any bounds\ncheck runs.\n\nRather than duplicating skb parsing and per-event length checks inside\nhci_store_wake_reason(), move wake-address storage into the individual\nevent handlers after their existing event-length validation has\nsucceeded. Convert hci_store_wake_reason() into a small helper that only\nstores an already-validated bdaddr while the caller holds hci_dev_lock().\nUse the same helper after hci_event_func() with a NULL address to\npreserve the existing unexpected-wake fallback semantics when no\nvalidated event handler records a wake address.\n\nAnnotate the helper with __must_hold(&hdev->lock) and add\nlockdep_assert_held(&hdev->lock) so future call paths keep the lock\ncontract explicit.\n\nCall the helper from hci_conn_request_evt(), hci_conn_complete_evt(),\nhci_sync_conn_complete_evt(), le_conn_complete_evt(),\nhci_le_adv_report_evt(), hci_le_ext_adv_report_evt(),\nhci_le_direct_adv_report_evt(), hci_le_pa_sync_established_evt(), and\nhci_le_past_received_evt().(CVE-2026-31771)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SMP: derive legacy responder STK authentication from MITM state\n\nThe legacy responder path in smp_random() currently labels the stored\nSTK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH.\nThat reflects what the local service requested, not what the pairing\nflow actually achieved.\n\nFor Just Works/Confirm legacy pairing, SMP_FLAG_MITM_AUTH stays clear\nand the resulting STK should remain unauthenticated even if the local\nside requested HIGH security. Use the established MITM state when\nstoring the responder STK so the key metadata matches the pairing result.\n\nThis also keeps the legacy path aligned with the Secure Connections code,\nwhich already treats JUST_WORKS/JUST_CFM as unauthenticated.(CVE-2026-31773)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()\n\nThe memcpy function assumes the dynamic array notif->matches is at least\nas large as the number of bytes to copy. Otherwise, results->matches may\ncontain unwanted data. To guarantee safety, extend the validation in one\nof the checks to ensure sufficient packet length.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2026-31779)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ioc32: stop speculation on the drm_compat_ioctl path\n\nThe drm compat ioctl path takes a user controlled pointer, and then\ndereferences it into a table of function pointers, the signature method\nof spectre problems. Fix this up by calling array_index_nospec() on the\nindex to the function pointer list.(CVE-2026-31781)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: validate LTK enc_size on load\n\nLoad Long Term Keys stores the user-provided enc_size and later uses\nit to size fixed-size stack operations when replying to LE LTK\nrequests. An enc_size larger than the 16-byte key buffer can therefore\noverflow the reply stack buffer.\n\nReject oversized enc_size values while validating the management LTK\nrecord so invalid keys never reach the stored key state.(CVE-2026-43020)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: use skb_header_pointer() for TCPv4 GSO frag_off check\n\nSyzbot reported a KMSAN uninit-value warning in gso_features_check()\ncalled from netif_skb_features() [1].\n\ngso_features_check() reads iph->frag_off to decide whether to clear\nmangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr()\ncan rely on skb header offsets that are not always safe for direct\ndereference on packets injected from PF_PACKET paths.\n\nUse skb_header_pointer() for the TCPv4 frag_off check so the header read\nis robust whether data is already linear or needs copying.\n\n[1] https://syzkaller.appspot.com/bug?extid=1543a7d954d9c6d00407(CVE-2026-43036)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak\n\nWhen processing Router Advertisements with user options the kernel\nbuilds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct\nhas three padding fields that are never zeroed and can leak kernel data\n\nThe fix is simple, just zeroes the padding fields.(CVE-2026-43040)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af-alg - fix NULL pointer dereference in scatterwalk\n\nThe AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)\nwhen chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL\nexactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent\nsendmsg() allocates a new SGL and chains it, but fails to clear the end\nmarker on the previous SGL's last data entry.\n\nThis causes the crypto scatterwalk to hit a premature end, returning NULL\non sg_next() and leading to a kernel panic during dereference.\n\nFix this by explicitly unmarking the end of the previous SGL when\nperforming sg_chain() in af_alg_alloc_tsgl().(CVE-2026-43043)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Fix TX deadlock when using DMA\n\n`dmaengine_terminate_async` does not guarantee that the\n`__dma_tx_complete` callback will run. The callback is currently the\nonly place where `dma->tx_running` gets cleared. If the transaction is\ncanceled and the callback never runs, then `dma->tx_running` will never\nget cleared and we will never schedule new TX DMA transactions again.\n\nThis change makes it so we clear `dma->tx_running` after we terminate\nthe DMA transaction. This is \"safe\" because `serial8250_tx_dma_flush`\nis holding the UART port lock. The first thing the callback does is also\ngrab the UART port lock, so access to `dma->tx_running` is serialized.(CVE-2026-43061)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix not releasing workqueue on .release()\n\nThe workqueue associated with an DSA/IAA device is not released when\nthe object is freed.(CVE-2026-43064)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Skip discovery table for offline dies\n\nThis warning can be triggered if NUMA is disabled and the system\nboots with fewer CPUs than the number of CPUs in die 0.\n\nWARNING: CPU: 9 PID: 7257 at uncore.c:1157 uncore_pci_pmu_register+0x136/0x160 [intel_uncore]\n\nCurrently, the discovery table continues to be parsed even if all CPUs\nin the associated die are offline. This can lead to an array overflow\nat \"pmu->boxes[die] = box\" in uncore_pci_pmu_register(), which may\ntrigger the warning above or cause other issues.(CVE-2026-43079)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: fix null-ptr-deref in icmp_build_probe()\n\nipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the\nIPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing\nthis error pointer to dev_hold() will cause a kernel crash with\nnull-ptr-deref.\n\nInstead, silently discard the request. RFC 8335 does not appear to\ndefine a specific response for the case where an IPv6 interface\nidentifier is syntactically valid but the implementation cannot perform\nthe lookup at runtime, and silently dropping the request may safer than\nmisreporting \"No Such Interface\".(CVE-2026-43099)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/smp: Add check for kcalloc() failure in parse_thread_groups()\n\nAs kcalloc() may fail, check its return value to avoid a NULL pointer\ndereference when passing it to of_property_read_u32_array().(CVE-2026-43148)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: enable basic endpoint checking\n\npegasus_probe() fills URBs with hardcoded endpoint pipes without\nverifying the endpoint descriptors:\n\n - usb_rcvbulkpipe(dev, 1) for RX data\n - usb_sndbulkpipe(dev, 2) for TX data\n - usb_rcvintpipe(dev, 3) for status interrupts\n\nA malformed USB device can present these endpoints with transfer types\nthat differ from what the driver assumes.\n\nAdd a pegasus_usb_ep enum for endpoint numbers, replacing magic\nconstants throughout. Add usb_check_bulk_endpoints() and\nusb_check_int_endpoints() calls before any resource allocation to\nverify endpoint types before use, rejecting devices with mismatched\ndescriptors at probe time, and avoid triggering assertion.\n\nSimilar fix to\n- commit 90b7f2961798 (\"net: usb: rtl8150: enable basic endpoint checking\")\n- commit 9e7021d2aeae (\"net: usb: catc: enable basic endpoint checking\")(CVE-2026-43156)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd/bitmap: fix GPF in write_page caused by resize race\n\nA General Protection Fault occurs in write_page() during array resize:\nRIP: 0010:write_page+0x22b/0x3c0 [md_mod]\n\nThis is a use-after-free race between bitmap_daemon_work() and\n__bitmap_resize(). The daemon iterates over `bitmap->storage.filemap`\nwithout locking, while the resize path frees that storage via\nmd_bitmap_file_unmap(). `quiesce()` does not stop the md thread,\nallowing concurrent access to freed pages.\n\nFix by holding `mddev->bitmap_info.mutex` during the bitmap update.(CVE-2026-43163)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()\n\nOn the receive path, __ioam6_fill_trace_data() uses trace->nodelen\nto decide how much data to write for each node. It trusts this field\nas-is from the incoming packet, with no consistency check against\ntrace->type (the 24-bit field that tells which data items are\npresent). A crafted packet can set nodelen=0 while setting type bits\n0-21, causing the function to write ~100 bytes past the allocated\nregion (into skb_shared_info), which corrupts adjacent heap memory\nand leads to a kernel panic.\n\nAdd a shared helper ioam6_trace_compute_nodelen() in ioam6.c to\nderive the expected nodelen from the type field, and use it:\n\n - in ioam6_iptunnel.c (send path, existing validation) to replace\n the open-coded computation;\n - in exthdrs.c (receive path, ipv6_hop_ioam) to drop packets whose\n nodelen is inconsistent with the type field, before any data is\n written.\n\nPer RFC 9197, bits 12-21 are each short (4-octet) fields, so they\nare included in IOAM6_MASK_SHORT_FIELDS (changed from 0xff100000 to\n0xff1ffc00).(CVE-2026-43186)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE\n\nThe arch definition of cpumask_of_node() cannot handle NUMA_NO_NODE -\nwhich is a valid index - so add a check for this.(CVE-2026-43212)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: add a sanity check on previous kernel's ima kexec buffer\n\nWhen the second-stage kernel is booted via kexec with a limiting command\nline such as \"mem=\", the physical range that contains the carried\nover IMA measurement list may fall outside the truncated RAM leading to a\nkernel panic.\n\n BUG: unable to handle page fault for address: ffff97793ff47000\n RIP: ima_restore_measurement_list+0xdc/0x45a\n #PF: error_code(0x0000) – not-present page\n\nOther architectures already validate the range with page_is_ram(), as done\nin commit cbf9c4b9617b (\"of: check previous kernel's ima-kexec-buffer\nagainst memory bounds\") do a similar check on x86.\n\nWithout carrying the measurement list across kexec, the attestation\nwould fail.(CVE-2026-43240)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: fiemap page fault fix\n\nIn gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode\nglock. This can lead to recursive glock taking if the fiemap buffer is\nmemory mapped to the same inode and accessing it triggers a page fault.\n\nFix by disabling page faults for iomap_fiemap() and faulting in the\nbuffer by hand if necessary.\n\nFixes xfstest generic/742.(CVE-2026-43262)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nceph: supply snapshot context in ceph_zero_partial_object()\n\nThe ceph_zero_partial_object function was missing proper snapshot\ncontext for its OSD write operations, which could lead to data\ninconsistencies in snapshots.\n\nReproducer:\n../src/vstart.sh --new -x --localhost --bluestore\n./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a'\nmount -t ceph (CVE-2026-43273)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\next4: move ext4_percpu_param_init() before ext4_mb_init()\n\nWhen running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the\n`DOUBLE_CHECK` macro defined, the following panic is triggered:\n\n==================================================================\nEXT4-fs error (device vdc): ext4_validate_block_bitmap:423:\n comm mount: bg 0: bad block bitmap checksum\nBUG: unable to handle page fault for address: ff110000fa2cc000\nPGD 3e01067 P4D 3e02067 PUD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 0 UID: 0 PID: 2386 Comm: mount Tainted: G W\n 6.18.0-gba65a4e7120a-dirty #1152 PREEMPT(none)\nRIP: 0010:percpu_counter_add_batch+0x13/0xa0\nCall Trace:\n \n ext4_mark_group_bitmap_corrupted+0xcb/0xe0\n ext4_validate_block_bitmap+0x2a1/0x2f0\n ext4_read_block_bitmap+0x33/0x50\n mb_group_bb_bitmap_alloc+0x33/0x80\n ext4_mb_add_groupinfo+0x190/0x250\n ext4_mb_init_backend+0x87/0x290\n ext4_mb_init+0x456/0x640\n __ext4_fill_super+0x1072/0x1680\n ext4_fill_super+0xd3/0x280\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x29/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4f6/0x6b0\n do_syscall_64+0x50/0x1f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n==================================================================\n\nThis issue can be reproduced using the following commands:\n mkfs.ext4 -F -q -b 1024 /dev/sda 5G\n tune2fs -O quota,project /dev/sda\n mount /dev/sda /tmp/test\n\nWith DOUBLE_CHECK defined, mb_group_bb_bitmap_alloc() reads\nand validates the block bitmap. When the validation fails,\next4_mark_group_bitmap_corrupted() attempts to update\nsbi->s_freeclusters_counter. However, this percpu_counter has not been\ninitialized yet at this point, which leads to the panic described above.\n\nFix this by moving the execution of ext4_percpu_param_init() to occur\nbefore ext4_mb_init(), ensuring the per-CPU counters are initialized\nbefore they are used.(CVE-2026-43288)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node\n\nWhen CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during\nvmalloc cleanup triggers expensive stack unwinding that acquires RCU read\nlocks. Processing a large purge_list without rescheduling can cause the\ntask to hold CPU for extended periods (10+ seconds), leading to RCU stalls\nand potential OOM conditions.\n\nThe issue manifests in purge_vmap_node() -> kasan_release_vmalloc_node()\nwhere iterating through hundreds or thousands of vmap_area entries and\nfreeing their associated shadow pages causes:\n\n rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:\n rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6229/1:b..l\n ...\n task:kworker/0:17 state:R running task stack:28840 pid:6229\n ...\n kasan_release_vmalloc_node+0x1ba/0xad0 mm/vmalloc.c:2299\n purge_vmap_node+0x1ba/0xad0 mm/vmalloc.c:2299\n\nEach call to kasan_release_vmalloc() can free many pages, and with\npage_owner tracking, each free triggers save_stack() which performs stack\nunwinding under RCU read lock. Without yielding, this creates an\nunbounded RCU critical section.\n\nAdd periodic cond_resched() calls within the loop to allow:\n- RCU grace periods to complete\n- Other tasks to run\n- Scheduler to preempt when needed\n\nThe fix uses need_resched() for immediate response under load, with a\nbatch count of 32 as a guaranteed upper bound to prevent worst-case stalls\neven under light load.(CVE-2026-43292)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipa: fix event ring index not programmed for IPA v5.0+\n\nFor IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to\nCH_C_CNTXT_1. The v5.0 register definition intended to define this\nfield in the CH_C_CNTXT_1 fmask array but used the old identifier of\nERINDEX instead of CH_ERINDEX.\n\nWithout a valid event ring, GSI channels could never signal transfer\ncompletions. This caused gsi_channel_trans_quiesce() to block\nforever in wait_for_completion().\n\nAt least for IPA v5.2 this resolves an issue seen where runtime\nsuspend, system suspend, and remoteproc stop all hanged forever. It\nalso meant the IPA data path was completely non functional.(CVE-2026-43345)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: check if target buffer list is still legacy on recycle\n\nThere's a gap between when the buffer was grabbed and when it\npotentially gets recycled, where if the list is empty, someone could've\nupgraded it to a ring provided type. This can happen if the request\nis forced via io-wq. The legacy recycling is missing checking if the\nbuffer_list still exists, and if it's of the correct type. Add those\nchecks.(CVE-2026-43366)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds reads in process_message_header()\n\nIf the message frame is (maliciously) corrupted in a way that the\nlength of the control segment ends up being less than the size of the\nmessage header or a different frame is made to look like a message\nframe, out-of-bounds reads may ensue in process_message_header().\n\nPerform an explicit bounds check before decoding the message header.(CVE-2026-43406)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leaks in ceph_mdsc_build_path()\n\nAdd __putname() calls to error code paths that did not free the \"path\"\npointer obtained by __getname(). If ownership of this pointer is not\npassed to the caller via path_info.path, the function must free it\nbefore returning.(CVE-2026-43419)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: class: cdc-wdm: fix reordering issue in read code path\n\nQuoting the bug report:\n\nDue to compiler optimization or CPU out-of-order execution, the\ndesc->length update can be reordered before the memmove. If this\nhappens, wdm_read() can see the new length and call copy_to_user() on\nuninitialized memory. This also violates LKMM data race rules [1].\n\nFix it by using WRITE_ONCE and memory barriers.(CVE-2026-43427)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Limit the length of unkillable synchronous timeouts\n\nThe usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in\nusbcore allow unlimited timeout durations. And since they use\nuninterruptible waits, this leaves open the possibility of hanging a\ntask for an indefinitely long time, with no way to kill it short of\nunplugging the target device.\n\nTo prevent this sort of problem, enforce a maximum limit on the length\nof these unkillable timeouts. The limit chosen here, somewhat\narbitrarily, is 60 seconds. On many systems (although not all) this\nis short enough to avoid triggering the kernel's hung-task detector.\n\nIn addition, clear up the ambiguity of negative timeout values by\ntreating them the same as 0, i.e., using the maximum allowed timeout.(CVE-2026-43428)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix deadlock between devlink lock and esw->wq\n\nesw->work_queue executes esw_functions_changed_event_handler ->\nesw_vfs_changed_event_handler and acquires the devlink lock.\n\n.eswitch_mode_set (acquires devlink lock in devlink_nl_pre_doit) ->\nmlx5_devlink_eswitch_mode_set -> mlx5_eswitch_disable_locked ->\nmlx5_eswitch_event_handler_unregister -> flush_workqueue deadlocks\nwhen esw_vfs_changed_event_handler executes.\n\nFix that by no longer flushing the work to avoid the deadlock, and using\na generation counter to keep track of work relevance. This avoids an old\nhandler manipulating an esw that has undergone one or more mode changes:\n- the counter is incremented in mlx5_eswitch_event_handler_unregister.\n- the counter is read and passed to the ephemeral mlx5_host_work struct.\n- the work handler takes the devlink lock and bails out if the current\n generation is different than the one it was scheduled to operate on.\n- mlx5_eswitch_cleanup does the final draining before destroying the wq.\n\nNo longer flushing the workqueue has the side effect of maybe no longer\ncancelling pending vport_change_handler work items, but that's ok since\nthose are disabled elsewhere:\n- mlx5_eswitch_disable_locked disables the vport eq notifier.\n- mlx5_esw_vport_disable disarms the HW EQ notification and marks\n vport->enabled under state_lock to false to prevent pending vport\n handler from doing anything.\n- mlx5_eswitch_cleanup destroys the workqueue and makes sure all events\n are disabled/finished.(CVE-2026-43468)\n\nIn the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications. The Linux kernel CVE team has assigned CVE-2026-43493 to this issue.(CVE-2026-43493)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()->flags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft 'dup to ' rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()'d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb's frag descriptors into the\naccumulator's last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p's frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)->flags, and skb_segment_list() reuses each sub-skb's\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb's flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb's flag into nskb. Fold frag_skb's flag at both sites\nso segments drawing frags from frag_list members carry the marker.(CVE-2026-43503)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()\n\nAdd the same NULL guard already present in\nl2cap_sock_resume_cb() and l2cap_sock_ready_cb().(CVE-2026-45834)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix slab-use-after-free in qd_put\n\nCommit a475c5dd16e5 (\"gfs2: Free quota data objects synchronously\")\nstarted freeing quota data objects during filesystem shutdown instead of\nputting them back onto the LRU list, but it failed to remove these\nobjects from the LRU list, causing LRU list corruption. This caused\nuse-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access\nalready-freed objects on the LRU list.\n\nFix this by removing qd objects from the LRU list before freeing them in\nqd_put().\n\nInitial fix from Deepanshu Kartikey <(CVE-2026-45861)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix role switching during resume\n\nIf the role change while we are suspended, the cdns3 driver switches to the\nnew mode during resume. However, switching to host mode in this context\ncauses a NULL pointer dereference.\n\nThe host role's start() operation registers a xhci-hcd device, but its\nprobe is deferred while we are in the resume path. The host role's resume()\noperation assumes the xhci-hcd device is already probed, which is not the\ncase, leading to the dereference. Since the start() operation of the new\nrole is already called, the resume operation can be skipped.\n\nSo skip the resume operation for the new role if a role switch occurs\nduring resume. Once the resume sequence is complete, the xhci-hcd device\ncan be probed in case of host mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000208\nMem abort info:\n...\nData abort info:\n...\n[0000000000000208] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in:\nCPU: 0 UID: 0 PID: 146 Comm: sh Not tainted\n6.19.0-rc7-00013-g6e64f4aabfae-dirty #135 PREEMPT\nHardware name: Texas Instruments J7200 EVM (DT)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usb_hcd_is_primary_hcd+0x0/0x1c\nlr : cdns_host_resume+0x24/0x5c\n...\nCall trace:\n usb_hcd_is_primary_hcd+0x0/0x1c (P)\n cdns_resume+0x6c/0xbc\n cdns3_controller_resume.isra.0+0xe8/0x17c\n cdns3_plat_resume+0x18/0x24\n platform_pm_resume+0x2c/0x68\n dpm_run_callback+0x90/0x248\n device_resume+0x100/0x24c\n dpm_resume+0x190/0x2ec\n dpm_resume_end+0x18/0x34\n suspend_devices_and_enter+0x2b0/0xa44\n pm_suspend+0x16c/0x5fc\n state_store+0x80/0xec\n kobj_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x130/0x1dc\n vfs_write+0x240/0x370\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0x108\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\nCode: 52800003 f9407ca5 d63f00a0 17ffffe4 (f9410401)\n---[ end trace 0000000000000000 ]---(CVE-2026-45911)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inline data read failure for ztailpacking pclusters\n\nCompressed folios for ztailpacking pclusters must be valid before adding\nthese pclusters to I/O chains. Otherwise, z_erofs_decompress_pcluster()\nmay assume they are already valid and then trigger a NULL pointer\ndereference.\n\nIt is somewhat hard to reproduce because the inline data is in the same\nblock as the tail of the compressed indexes, which are usually read just\nbefore. However, it may still happen if a fatal signal arrives while\nread_mapping_folio() is running, as shown below:\n\n erofs: (device dm-1): z_erofs_pcluster_begin: failed to get inline data -4\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n\n ...\n\n pc : z_erofs_decompress_queue+0x4c8/0xa14\n lr : z_erofs_decompress_queue+0x160/0xa14\n sp : ffffffc08b3eb3a0\n x29: ffffffc08b3eb570 x28: ffffffc08b3eb418 x27: 0000000000001000\n x26: ffffff8086ebdbb8 x25: ffffff8086ebdbb8 x24: 0000000000000001\n x23: 0000000000000008 x22: 00000000fffffffb x21: dead000000000700\n x20: 00000000000015e7 x19: ffffff808babb400 x18: ffffffc089edc098\n x17: 00000000c006287d x16: 00000000c006287d x15: 0000000000000004\n x14: ffffff80ba8f8000 x13: 0000000000000004 x12: 00000006589a77c9\n x11: 0000000000000015 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\n x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020\n x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n z_erofs_decompress_queue+0x4c8/0xa14\n z_erofs_runqueue+0x908/0x97c\n z_erofs_read_folio+0x128/0x228\n filemap_read_folio+0x68/0x128\n filemap_get_pages+0x44c/0x8b4\n filemap_read+0x12c/0x5b8\n generic_file_read_iter+0x4c/0x15c\n do_iter_readv_writev+0x188/0x1e0\n vfs_iter_read+0xac/0x1a4\n backing_file_read_iter+0x170/0x34c\n ovl_read_iter+0xf0/0x140\n vfs_read+0x28c/0x344\n ksys_read+0x80/0xf0\n __arm64_sys_read+0x24/0x34\n invoke_syscall+0x60/0x114\n el0_svc_common+0x88/0xe4\n do_el0_svc+0x24/0x30\n el0_svc+0x40/0xa8\n el0t_64_sync_handler+0x70/0xbc\n el0t_64_sync+0x1bc/0x1c0\n\nFix this by reading the inline data before allocating and adding\nthe pclusters to the I/O chains.(CVE-2026-45943)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()\n\nIn amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM,\nthe function returns directly without releasing the allocated xcc_info,\nresulting in a memory leak.\n\nFix this by ensuring that xcc_info is properly freed in the error paths.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.(CVE-2026-45947)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: fix memory leaks in gfs2_fill_super error path\n\nFix two memory leaks in the gfs2_fill_super() error handling path when\ntransitioning a filesystem to read-write mode fails.\n\nFirst leak: kthread objects (thread_struct, task_struct, etc.)\nWhen gfs2_freeze_lock_shared() fails after init_threads() succeeds, the\ncreated kernel threads (logd and quotad) are never destroyed. This\noccurs because the fail_per_node label doesn't call\ngfs2_destroy_threads().\n\nSecond leak: quota bitmap buffer (8192 bytes)\nWhen gfs2_make_fs_rw() fails after gfs2_quota_init() succeeds but\nbefore other operations complete, the allocated quota bitmap is never\nfreed.\n\nThe fix moves thread cleanup to the fail_per_node label to handle all\nerror paths uniformly. gfs2_destroy_threads() is safe to call\nunconditionally as it checks for NULL pointers. Quota cleanup is added\nin gfs2_make_fs_rw() to properly handle the withdrawal case where\nquota initialization succeeds but the filesystem is then withdrawn.\n\nThread leak backtrace (gfs2_freeze_lock_shared failure):\n unreferenced object 0xffff88801d7bca80 (size 4480):\n copy_process+0x3a1/0x4670 kernel/fork.c:2422\n kernel_clone+0xf3/0x6e0 kernel/fork.c:2779\n kthread_create_on_node+0x100/0x150 kernel/kthread.c:478\n init_threads+0xab/0x350 fs/gfs2/ops_fstype.c:611\n gfs2_fill_super+0xe5c/0x1240 fs/gfs2/ops_fstype.c:1265\n\nQuota leak backtrace (gfs2_make_fs_rw failure):\n unreferenced object 0xffff88812de7c000 (size 8192):\n gfs2_quota_init+0xe5/0x820 fs/gfs2/quota.c:1409\n gfs2_make_fs_rw+0x7a/0xe0 fs/gfs2/super.c:149\n gfs2_fill_super+0xfbb/0x1240 fs/gfs2/ops_fstype.c:1275(CVE-2026-45961)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()\n\nCover a missed execution path with a new check.(CVE-2026-45982)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()\n\nSome crafted images can have illegal (!partial_decoding &&\nm_llen < m_plen) extents, and the LZ4 inplace decompression path\ncan be wrongly hit, but it cannot handle (outpages < inpages)\nproperly: \"outpages - inpages\" wraps to a large value and\nthe subsequent rq->out[] access reads past the decompressed_pages\narray.\n\nHowever, such crafted cases can correctly result in a corruption\nreport in the normal LZ4 non-inplace path.\n\nLet's add an additional check to fix this for backporting.\n\nReproducible image (base64-encoded gzipped blob):\n\nH4sIAJGR12kCA+3SPUoDQRgG4MkmkkZk8QRbRFIIi9hbpEjrHQI5ghfwCN5BLCzTGtLbBI+g\ndilSJo1CnIm7GEXFxhT6PDDwfrs73/ywIQD/1ePD4r7Ou6ETsrq4mu7XcWfj++Pb58nJU/9i\nPNtbjhan04/9GtX4qVYc814WDqt6FaX5s+ZwXXeq52lndT6IuVvlblytLMvh4Gzwaf90nsvz\n2DF/21+20T/ldgp5s1jXRaN4t/8izsy/OUB6e/Qa79r+JwAAAAAAAL52vQVuGQAAAP6+my1w\nywAAAAAAAADwu14ATsEYtgBQAAA=\n\n$ mount -t erofs -o cache_strategy=disabled foo.erofs /mnt\n$ dd if=/mnt/data of=/dev/null bs=4096 count=1(CVE-2026-45999)\n\nIn the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped. So make sure the kthread is stopped on an error condition if it is running. The Linux kernel CVE team has assigned CVE-2026-46044 to this issue.(CVE-2026-46044)\n\nIn the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retry_aligned_read() When retry_aligned_read() encounters an overlapped stripe, it releases the stripe via raid5_release_stripe() which puts it on the lockless released_stripes llist. In the next raid5d loop iteration, release_stripe_list() drains the stripe onto handle_list (since STRIPE_HANDLE is set by the original IO), but retry_aligned_read() runs before handle_active_stripes() and removes the stripe from handle_list via find_get_stripe() -> list_del_init(). This prevents handle_stripe() from ever processing the stripe to resolve the overlap, causing an infinite loop and soft lockup. Fix this by using __release_stripe() with temp_inactive_list instead of raid5_release_stripe() in the failure path, so the stripe does not go through the released_stripes llist. This allows raid5d to break out of its loop, and the overlap will be resolved when the stripe is eventually processed by handle_stripe(). The Linux kernel CVE team has assigned CVE-2026-46051 to this issue.(CVE-2026-46051)\n\nIn the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the hypercall is something other than one of the supported Hyper-V hypercalls. When all of the above conditions are met, KVM will intercept VMMCALL but never forward it to L1, i.e. will let L2 make hypercalls as if it were L1. The TLFS says a whole lot of nothing about this scenario, so go with the architectural behavior, which says that VMMCALL #UDs if it's not intercepted. Opportunistically do a 2-for-1 stub trade by stub-ifying the new API instead of the helpers it uses. The last remaining \"single\" stub will soon be dropped as well. [sean: rewrite changelog and comment, tag for stable, remove defunct stubs] The Linux kernel CVE team has assigned CVE-2026-46076 to this issue.(CVE-2026-46076)\n\nIn the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen() with unchecked nameoffs. If a crafted EROFS has a trailing dirent with nameoff >= maxsize, maxsize - nameoff can underflow, causing strnlen() to read past the directory block. nameoff0 should also be verified to be a multiple of `sizeof(struct erofs_dirent)` as well [1]. [1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com The Linux kernel CVE team has assigned CVE-2026-46078 to this issue.(CVE-2026-46078)\n\nIn the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inject #UD when EFER.SVME=0. [sean: tag for stable@] The Linux kernel CVE team has assigned CVE-2026-46082 to this issue.(CVE-2026-46082)\n\nIn the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users. The Linux kernel CVE team has assigned CVE-2026-46093 to this issue.(CVE-2026-46093)\n\nIn the Linux kernel, the following vulnerability has been resolved:mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lockPatch series \"mm/damon/sysfs-schemes: fix use-after-free for [memcg_]path\".Reads of 'memcg_path' and 'path' files in DAMON sysfs interface could racewith their writes, results in use-after-free. Fix those.This patch (of 2):damon_sysfs_scheme_filter->mmecg_path can be read and written by users,via DAMON sysfs memcg_path file. It can also be indirectly read, for theparameters {on,off}line committing to DAMON. The reads for parameterscommitting are protected by damon_sysfs_lock to avoid the sysfs filesbeing destroyed while any of the parameters are being read. But theuser-driven direct reads and writes are not protected by any lock, whilethe write is deallocating the memcg_path-pointing buffer. As a result,the readers could read the already freed buffer (user-after-free). Notethat the user-reads don't race when the same open file is used by thewriter, due to kernfs's open file locking. Nonetheless, doing the readsand writes with separate open files would be common. Fix it by protectingboth the user-direct reads and writes with damon_sysfs_lock.(CVE-2026-46121)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt\n\nhci_le_create_big_complete_evt() iterates over BT_BOUND connections for\na BIG handle using a while loop, accessing ev->bis_handle[i++] on each\niteration. However, there is no check that i stays within ev->num_bis\nbefore the array access.\n\nWhen a controller sends a LE_Create_BIG_Complete event with fewer\nbis_handle entries than there are BT_BOUND connections for that BIG,\nor with num_bis=0, the loop reads beyond the valid bis_handle[] flex\narray into adjacent heap memory. Since the out-of-bounds values\ntypically exceed HCI_CONN_HANDLE_MAX (0x0EFF), hci_conn_set_handle()\nrejects them and the connection remains in BT_BOUND state. The same\nconnection is then found again by hci_conn_hash_lookup_big_state(),\ncreating an infinite loop with hci_dev_lock held.\n\nFix this by terminating the BIG if in case not all BIS could be setup\nproperly.(CVE-2026-46138)\n\nIn the Linux kernel, vports are used concurrently and protected by RCU, so netdev_put() must happen after the RCU grace period. The rtnl_delete_link() must happen under RTNL and cannot be executed in RCU context. Calling synchronize_net() while holding RTNL is not good for performance and system stability, so calling netdev_put() in RCU call is the right solution. However, when the device is deleted, rtnl_unlock() calls netdev_run_todo() and blocks until all references are gone. In the current code, this means that call_rcu() is never reached, the vport is never freed, and the reference is never released, causing a self-deadlock on device removal. The fix moves the rcu_call() before rtnl_unlock(), so the scheduled RCU callback will be executed when synchronize_net() is called from rtnl_unlock()->netdev_run_todo() while RTNL itself is already released.(CVE-2026-46165)\n\nIn the Linux kernel's RISC-V KVM subsystem, when the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is not freed, causing a memory leak. An attacker can trigger this via ioctl(vm_fd, KVM_CREATE_VCPU), potentially leading to resource exhaustion.(CVE-2026-46171)\n\nIn the Linux kernel, the mlx4_ib_create_srq() function fails to release resources allocated by mlx4_srq_alloc() in error handling paths, leading to a resource leak. An attacker could exploit this vulnerability to cause resource exhaustion or denial of service.(CVE-2026-46178)\n\nIn the Linux kernel, the spi_nor_params_show() function uses sizeof(snor_f_names) to calculate the array length. Since snor_f_names is an array of pointers, sizeof returns the total byte size of the pointer array (element_count sizeof(void )), which on 64-bit systems is 8 times larger than intended. This causes an out-of-bounds read when a flag bit is set that exceeds the actual element count but falls within the inflated byte-size count. The fix replaces sizeof with ARRAY_SIZE to pass the actual number of elements.(CVE-2026-46190)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-24.03-LTS-SP3/openEuler-22.03-LTS-SP3/openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2582", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" }, { "summary":"CVE-2025-39833", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-39833&packageName=kernel" }, { "summary":"CVE-2025-68334", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-68334&packageName=kernel" }, { "summary":"CVE-2025-68340", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-68340&packageName=kernel" }, { "summary":"CVE-2025-68801", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-68801&packageName=kernel" }, { "summary":"CVE-2025-71068", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-71068&packageName=kernel" }, { "summary":"CVE-2025-71087", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-71087&packageName=kernel" }, { "summary":"CVE-2025-71130", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-71130&packageName=kernel" }, { "summary":"CVE-2025-71152", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-71152&packageName=kernel" }, { "summary":"CVE-2025-71194", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-71194&packageName=kernel" }, { "summary":"CVE-2026-23001", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23001&packageName=kernel" }, { "summary":"CVE-2026-23011", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23011&packageName=kernel" }, { "summary":"CVE-2026-23025", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23025&packageName=kernel" }, { "summary":"CVE-2026-23054", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23054&packageName=kernel" }, { "summary":"CVE-2026-23074", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23074&packageName=kernel" }, { "summary":"CVE-2026-23100", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23100&packageName=kernel" }, { "summary":"CVE-2026-23138", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23138&packageName=kernel" }, { "summary":"CVE-2026-23247", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23247&packageName=kernel" }, { "summary":"CVE-2026-23269", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23269&packageName=kernel" }, { "summary":"CVE-2026-23272", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23272&packageName=kernel" }, { "summary":"CVE-2026-23312", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23312&packageName=kernel" }, { "summary":"CVE-2026-23340", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23340&packageName=kernel" }, { "summary":"CVE-2026-23378", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23378&packageName=kernel" }, { "summary":"CVE-2026-23389", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23389&packageName=kernel" }, { "summary":"CVE-2026-23406", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23406&packageName=kernel" }, { "summary":"CVE-2026-23407", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23407&packageName=kernel" }, { "summary":"CVE-2026-23410", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23410&packageName=kernel" }, { "summary":"CVE-2026-23411", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23411&packageName=kernel" }, { "summary":"CVE-2026-23439", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23439&packageName=kernel" }, { "summary":"CVE-2026-23440", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23440&packageName=kernel" }, { "summary":"CVE-2026-23441", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23441&packageName=kernel" }, { "summary":"CVE-2026-23444", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23444&packageName=kernel" }, { "summary":"CVE-2026-23448", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23448&packageName=kernel" }, { "summary":"CVE-2026-23450", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23450&packageName=kernel" }, { "summary":"CVE-2026-23452", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23452&packageName=kernel" }, { "summary":"CVE-2026-23461", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23461&packageName=kernel" }, { "summary":"CVE-2026-23473", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23473&packageName=kernel" }, { "summary":"CVE-2026-23475", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23475&packageName=kernel" }, { "summary":"CVE-2026-31392", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31392&packageName=kernel" }, { "summary":"CVE-2026-31398", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31398&packageName=kernel" }, { "summary":"CVE-2026-31399", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31399&packageName=kernel" }, { "summary":"CVE-2026-31400", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31400&packageName=kernel" }, { "summary":"CVE-2026-31403", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31403&packageName=kernel" }, { "summary":"CVE-2026-31408", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31408&packageName=kernel" }, { "summary":"CVE-2026-31421", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31421&packageName=kernel" }, { "summary":"CVE-2026-31422", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31422&packageName=kernel" }, { "summary":"CVE-2026-31426", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31426&packageName=kernel" }, { "summary":"CVE-2026-31429", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31429&packageName=kernel" }, { "summary":"CVE-2026-31430", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31430&packageName=kernel" }, { "summary":"CVE-2026-31441", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31441&packageName=kernel" }, { "summary":"CVE-2026-31442", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31442&packageName=kernel" }, { "summary":"CVE-2026-31446", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31446&packageName=kernel" }, { "summary":"CVE-2026-31449", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31449&packageName=kernel" }, { "summary":"CVE-2026-31450", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31450&packageName=kernel" }, { "summary":"CVE-2026-31451", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31451&packageName=kernel" }, { "summary":"CVE-2026-31452", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31452&packageName=kernel" }, { "summary":"CVE-2026-31467", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31467&packageName=kernel" }, { "summary":"CVE-2026-31469", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31469&packageName=kernel" }, { "summary":"CVE-2026-31487", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31487&packageName=kernel" }, { "summary":"CVE-2026-31495", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31495&packageName=kernel" }, { "summary":"CVE-2026-31496", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31496&packageName=kernel" }, { "summary":"CVE-2026-31498", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31498&packageName=kernel" }, { "summary":"CVE-2026-31499", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31499&packageName=kernel" }, { "summary":"CVE-2026-31505", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31505&packageName=kernel" }, { "summary":"CVE-2026-31510", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31510&packageName=kernel" }, { "summary":"CVE-2026-31511", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31511&packageName=kernel" }, { "summary":"CVE-2026-31512", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31512&packageName=kernel" }, { "summary":"CVE-2026-31516", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31516&packageName=kernel" }, { "summary":"CVE-2026-31518", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31518&packageName=kernel" }, { "summary":"CVE-2026-31525", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31525&packageName=kernel" }, { "summary":"CVE-2026-31528", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31528&packageName=kernel" }, { "summary":"CVE-2026-31531", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31531&packageName=kernel" }, { "summary":"CVE-2026-31532", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31532&packageName=kernel" }, { "summary":"CVE-2026-31533", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31533&packageName=kernel" }, { "summary":"CVE-2026-31540", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31540&packageName=kernel" }, { "summary":"CVE-2026-31542", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31542&packageName=kernel" }, { "summary":"CVE-2026-31546", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31546&packageName=kernel" }, { "summary":"CVE-2026-31555", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31555&packageName=kernel" }, { "summary":"CVE-2026-31566", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31566&packageName=kernel" }, { "summary":"CVE-2026-31570", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31570&packageName=kernel" }, { "summary":"CVE-2026-31590", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31590&packageName=kernel" }, { "summary":"CVE-2026-31595", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31595&packageName=kernel" }, { "summary":"CVE-2026-31628", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31628&packageName=kernel" }, { "summary":"CVE-2026-31630", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31630&packageName=kernel" }, { "summary":"CVE-2026-31651", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31651&packageName=kernel" }, { "summary":"CVE-2026-31665", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31665&packageName=kernel" }, { "summary":"CVE-2026-31667", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31667&packageName=kernel" }, { "summary":"CVE-2026-31675", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31675&packageName=kernel" }, { "summary":"CVE-2026-31677", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31677&packageName=kernel" }, { "summary":"CVE-2026-31678", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31678&packageName=kernel" }, { "summary":"CVE-2026-31684", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31684&packageName=kernel" }, { "summary":"CVE-2026-31685", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31685&packageName=kernel" }, { "summary":"CVE-2026-31689", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31689&packageName=kernel" }, { "summary":"CVE-2026-31697", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31697&packageName=kernel" }, { "summary":"CVE-2026-31698", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31698&packageName=kernel" }, { "summary":"CVE-2026-31699", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31699&packageName=kernel" }, { "summary":"CVE-2026-31708", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31708&packageName=kernel" }, { "summary":"CVE-2026-31738", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31738&packageName=kernel" }, { "summary":"CVE-2026-31752", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31752&packageName=kernel" }, { "summary":"CVE-2026-31755", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31755&packageName=kernel" }, { "summary":"CVE-2026-31771", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31771&packageName=kernel" }, { "summary":"CVE-2026-31773", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31773&packageName=kernel" }, { "summary":"CVE-2026-31779", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31779&packageName=kernel" }, { "summary":"CVE-2026-31781", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31781&packageName=kernel" }, { "summary":"CVE-2026-43020", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43020&packageName=kernel" }, { "summary":"CVE-2026-43036", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43036&packageName=kernel" }, { "summary":"CVE-2026-43040", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43040&packageName=kernel" }, { "summary":"CVE-2026-43043", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43043&packageName=kernel" }, { "summary":"CVE-2026-43061", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43061&packageName=kernel" }, { "summary":"CVE-2026-43064", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43064&packageName=kernel" }, { "summary":"CVE-2026-43079", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43079&packageName=kernel" }, { "summary":"CVE-2026-43099", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43099&packageName=kernel" }, { "summary":"CVE-2026-43148", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43148&packageName=kernel" }, { "summary":"CVE-2026-43156", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43156&packageName=kernel" }, { "summary":"CVE-2026-43163", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43163&packageName=kernel" }, { "summary":"CVE-2026-43186", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43186&packageName=kernel" }, { "summary":"CVE-2026-43212", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43212&packageName=kernel" }, { "summary":"CVE-2026-43240", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43240&packageName=kernel" }, { "summary":"CVE-2026-43262", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43262&packageName=kernel" }, { "summary":"CVE-2026-43273", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43273&packageName=kernel" }, { "summary":"CVE-2026-43288", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43288&packageName=kernel" }, { "summary":"CVE-2026-43292", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43292&packageName=kernel" }, { "summary":"CVE-2026-43345", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43345&packageName=kernel" }, { "summary":"CVE-2026-43366", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43366&packageName=kernel" }, { "summary":"CVE-2026-43406", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43406&packageName=kernel" }, { "summary":"CVE-2026-43419", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43419&packageName=kernel" }, { "summary":"CVE-2026-43427", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43427&packageName=kernel" }, { "summary":"CVE-2026-43428", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43428&packageName=kernel" }, { "summary":"CVE-2026-43468", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43468&packageName=kernel" }, { "summary":"CVE-2026-43493", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43493&packageName=kernel" }, { "summary":"CVE-2026-43503", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-43503&packageName=kernel" }, { "summary":"CVE-2026-45834", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45834&packageName=kernel" }, { "summary":"CVE-2026-45861", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45861&packageName=kernel" }, { "summary":"CVE-2026-45911", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45911&packageName=kernel" }, { "summary":"CVE-2026-45943", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45943&packageName=kernel" }, { "summary":"CVE-2026-45947", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45947&packageName=kernel" }, { "summary":"CVE-2026-45961", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45961&packageName=kernel" }, { "summary":"CVE-2026-45982", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45982&packageName=kernel" }, { "summary":"CVE-2026-45999", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45999&packageName=kernel" }, { "summary":"CVE-2026-46044", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46044&packageName=kernel" }, { "summary":"CVE-2026-46051", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46051&packageName=kernel" }, { "summary":"CVE-2026-46076", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46076&packageName=kernel" }, { "summary":"CVE-2026-46078", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46078&packageName=kernel" }, { "summary":"CVE-2026-46082", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46082&packageName=kernel" }, { "summary":"CVE-2026-46093", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46093&packageName=kernel" }, { "summary":"CVE-2026-46121", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46121&packageName=kernel" }, { "summary":"CVE-2026-46138", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46138&packageName=kernel" }, { "summary":"CVE-2026-46165", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46165&packageName=kernel" }, { "summary":"CVE-2026-46171", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46171&packageName=kernel" }, { "summary":"CVE-2026-46178", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46178&packageName=kernel" }, { "summary":"CVE-2026-46190", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46190&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39833" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68334" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68340" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68801" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71068" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71087" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71130" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71152" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71194" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23001" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23011" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23025" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23054" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23074" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23100" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23138" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23247" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23269" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23272" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23312" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23340" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23378" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23389" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23406" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23407" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23410" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23411" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23439" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23440" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23441" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23444" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23448" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23450" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23452" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23461" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23473" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23475" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31392" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31398" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31399" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31400" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31403" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31408" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31421" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31422" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31426" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31429" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31430" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31441" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31442" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31446" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31449" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31450" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31451" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31452" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31467" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31469" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31487" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31495" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31496" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31498" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31499" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31505" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31510" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31511" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31512" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31516" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31518" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31525" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31528" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31531" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31532" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31533" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31540" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31542" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31546" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31555" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31566" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31570" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31590" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31595" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31628" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31630" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31651" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31665" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31667" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31675" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31677" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31678" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31684" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31685" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31689" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31697" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31698" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31699" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31708" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31738" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31752" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31755" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31771" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31773" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31779" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31781" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43020" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43036" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43040" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43043" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43061" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43064" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43079" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43099" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43148" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43156" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43163" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43186" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43212" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43240" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43262" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43273" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43288" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43292" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43345" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43366" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43406" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43419" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43427" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43428" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43468" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43493" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43503" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45834" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45861" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45911" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45943" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45947" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45961" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45982" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45999" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46044" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46051" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46076" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46078" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46082" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46093" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46121" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46138" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46165" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46171" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46178" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46190" }, { "summary":"openEuler-SA-2026-2582 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2582.json" } ], "title":"An update for kernel is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-06-08T15:01:39+08:00", "revision_history":[ { "date":"2026-06-08T15:01:39+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-08T15:01:39+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-08T15:01:39+08:00", "id":"openEuler-SA-2026-2582", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "name":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm" }, "name":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "name":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm" }, "name":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"kernel-6.6.0-145.3.14.145.oe2403sp3.src.rpm", "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.src.rpm" }, "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"perf-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "name":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"perf-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "name":"python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"kernel-6.6.0-145.3.14.145.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src", "name":"kernel-6.6.0-145.3.14.145.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-39833", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-39833" }, { "cve":"CVE-2025-68334", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Add support for Van Gogh SoC\n\nThe ROG Xbox Ally (non-X) SoC features a similar architecture to the\nSteam Deck. While the Steam Deck supports S3 (s2idle causes a crash),\nthis support was dropped by the Xbox Ally which only S0ix suspend.\n\nSince the handler is missing here, this causes the device to not suspend\nand the AMD GPU driver to crash while trying to resume afterwards due to\na power hang.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-68334" }, { "cve":"CVE-2025-68340", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nteam: Move team device type change at the end of team_port_add\n\nAttempting to add a port device that is already up will expectedly fail,\nbut not before modifying the team device header_ops.\n\nIn the case of the syzbot reproducer the gre0 device is\nalready in state UP when it attempts to add it as a\nport device of team0, this fails but before that\nheader_ops->create of team0 is changed from eth_header to ipgre_header\nin the call to team_dev_type_check_change.\n\nLater when we end up in ipgre_header() struct ip_tunnel* points to nonsense\nas the private data of the device still holds a struct team.\n\nExample sequence of iproute2 commands to reproduce the hang/BUG():\nip link add dev team0 type team\nip link add dev gre0 type gre\nip link set dev gre0 up\nip link set dev gre0 master team0\nip link set dev team0 up\nping -I team0 1.1.1.1\n\nMove team_dev_type_check_change down where all other checks have passed\nas it changes the dev type with no way to restore it in case\none of the checks that follow it fail.\n\nAlso make sure to preserve the origial mtu assignment:\n - If port_dev is not the same type as dev, dev takes mtu from port_dev\n - If port_dev is the same type as dev, port_dev takes mtu from dev\n\nThis is done by adding a conditional before the call to dev_set_mtu\nto prevent it from assigning port_dev->mtu = dev->mtu and instead\nletting team_dev_type_check_change assign dev->mtu = port_dev->mtu.\nThe conditional is needed because the patch moves the call to\nteam_dev_type_check_change past dev_set_mtu.\n\nTesting:\n - team device driver in-tree selftests\n - Add/remove various devices as slaves of team device\n - syzbot", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-68340" }, { "cve":"CVE-2025-68801", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix neighbour use-after-free\n\nWe sometimes observe use-after-free when dereferencing a neighbour [1].\nThe problem seems to be that the driver stores a pointer to the\nneighbour, but without holding a reference on it. A reference is only\ntaken when the neighbour is used by a nexthop.\n\nFix by simplifying the reference counting scheme. Always take a\nreference when storing a neighbour pointer in a neighbour entry. Avoid\ntaking a referencing when the neighbour is used by a nexthop as the\nneighbour entry associated with the nexthop already holds a reference.\n\nTested by running the test that uncovered the problem over 300 times.\nWithout this patch the problem was reproduced after a handful of\niterations.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x2d4/0x310\nRead of size 8 at addr ffff88817f8e3420 by task ip/3929\n\nCPU: 3 UID: 0 PID: 3929 Comm: ip Not tainted 6.18.0-rc4-virtme-g36b21a067510 #3 PREEMPT(full)\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nCall Trace:\n \n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6e/0x300\n print_report+0xfc/0x1fb\n kasan_report+0xe4/0x110\n mlxsw_sp_neigh_entry_update+0x2d4/0x310\n mlxsw_sp_router_rif_gone_sync+0x35f/0x510\n mlxsw_sp_rif_destroy+0x1ea/0x730\n mlxsw_sp_inetaddr_port_vlan_event+0xa1/0x1b0\n __mlxsw_sp_inetaddr_lag_event+0xcc/0x130\n __mlxsw_sp_inetaddr_event+0xf5/0x3c0\n mlxsw_sp_router_netdevice_event+0x1015/0x1580\n notifier_call_chain+0xcc/0x150\n call_netdevice_notifiers_info+0x7e/0x100\n __netdev_upper_dev_unlink+0x10b/0x210\n netdev_upper_dev_unlink+0x79/0xa0\n vrf_del_slave+0x18/0x50\n do_set_master+0x146/0x7d0\n do_setlink.isra.0+0x9a0/0x2880\n rtnl_newlink+0x637/0xb20\n rtnetlink_rcv_msg+0x6fe/0xb90\n netlink_rcv_skb+0x123/0x380\n netlink_unicast+0x4a3/0x770\n netlink_sendmsg+0x75b/0xc90\n __sock_sendmsg+0xbe/0x160\n ____sys_sendmsg+0x5b2/0x7d0\n ___sys_sendmsg+0xfd/0x180\n __sys_sendmsg+0x124/0x1c0\n do_syscall_64+0xbb/0xfd0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[...]\n\nAllocated by task 109:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x2c1/0x790\n neigh_alloc+0x6af/0x8f0\n ___neigh_create+0x63/0xe90\n mlxsw_sp_nexthop_neigh_init+0x430/0x7e0\n mlxsw_sp_nexthop_type_init+0x212/0x960\n mlxsw_sp_nexthop6_group_info_init.constprop.0+0x81f/0x1280\n mlxsw_sp_nexthop6_group_get+0x392/0x6a0\n mlxsw_sp_fib6_entry_create+0x46a/0xfd0\n mlxsw_sp_router_fib6_replace+0x1ed/0x5f0\n mlxsw_sp_router_fib6_event_work+0x10a/0x2a0\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20\n\nFreed by task 154:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x43/0x70\n kmem_cache_free_bulk.part.0+0x1eb/0x5e0\n kvfree_rcu_bulk+0x1f2/0x260\n kfree_rcu_work+0x130/0x1b0\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20\n\nLast potentially related work creation:\n kasan_save_stack+0x30/0x50\n kasan_record_aux_stack+0x8c/0xa0\n kvfree_call_rcu+0x93/0x5b0\n mlxsw_sp_router_neigh_event_work+0x67d/0x860\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.7, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-68801" }, { "cve":"CVE-2025-71068", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: bound check rq_pages index in inline path\n\nsvc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without\nverifying rc_curpage stays within the allocated page array. Add guards\nbefore the first use and after advancing to a new page.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-71068" }, { "cve":"CVE-2025-71087", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix off-by-one issues in iavf_config_rss_reg()\n\nThere are off-by-one bugs when configuring RSS hash key and lookup\ntable, causing out-of-bounds reads to memory [1] and out-of-bounds\nwrites to device registers.\n\nBefore commit 43a3d9ba34c9 (\"i40evf: Allow PF driver to configure RSS\"),\nthe loop upper bounds were:\n i <= I40E_VFQF_{HKEY,HLUT}_MAX_INDEX\nwhich is safe since the value is the last valid index.\n\nThat commit changed the bounds to:\n i <= adapter->rss_{key,lut}_size / 4\nwhere `rss_{key,lut}_size / 4` is the number of dwords, so the last\nvalid index is `(rss_{key,lut}_size / 4) - 1`. Therefore, using `<=`\naccesses one element past the end.\n\nFix the issues by using `<` instead of `<=`, ensuring we do not exceed\nthe bounds.\n\n[1] KASAN splat about rss_key_size off-by-one\n BUG: KASAN: slab-out-of-bounds in iavf_config_rss+0x619/0x800\n Read of size 4 at addr ffff888102c50134 by task kworker/u8:6/63\n\n CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:6 Not tainted 6.18.0-rc2-enjuk-tnguy-00378-g3005f5b77652-dirty #156 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Workqueue: iavf iavf_watchdog_task\n Call Trace:\n \n dump_stack_lvl+0x6f/0xb0\n print_report+0x170/0x4f3\n kasan_report+0xe1/0x1a0\n iavf_config_rss+0x619/0x800\n iavf_watchdog_task+0x2be7/0x3230\n process_one_work+0x7fd/0x1420\n worker_thread+0x4d1/0xd40\n kthread+0x344/0x660\n ret_from_fork+0x249/0x320\n ret_from_fork_asm+0x1a/0x30\n \n\n Allocated by task 63:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x246/0x6f0\n iavf_watchdog_task+0x28fc/0x3230\n process_one_work+0x7fd/0x1420\n worker_thread+0x4d1/0xd40\n kthread+0x344/0x660\n ret_from_fork+0x249/0x320\n ret_from_fork_asm+0x1a/0x30\n\n The buggy address belongs to the object at ffff888102c50100\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes to the right of\n allocated 52-byte region [ffff888102c50100, ffff888102c50134)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c50\n flags: 0x200000000000000(node=0|zone=2)\n page_type: f5(slab)\n raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888102c50000: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc\n ffff888102c50080: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc\n >ffff888102c50100: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc\n ^\n ffff888102c50180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc\n ffff888102c50200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-71087" }, { "cve":"CVE-2025-71130", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer\n\nInitialize the eb.vma array with values of 0 when the eb structure is\nfirst set up. In particular, this sets the eb->vma[i].vma pointers to\nNULL, simplifying cleanup and getting rid of the bug described below.\n\nDuring the execution of eb_lookup_vmas(), the eb->vma array is\nsuccessively filled up with struct eb_vma objects. This process includes\ncalling eb_add_vma(), which might fail; however, even in the event of\nfailure, eb->vma[i].vma is set for the currently processed buffer.\n\nIf eb_add_vma() fails, eb_lookup_vmas() returns with an error, which\nprompts a call to eb_release_vmas() to clean up the mess. Since\neb_lookup_vmas() might fail during processing any (possibly not first)\nbuffer, eb_release_vmas() checks whether a buffer's vma is NULL to know\nat what point did the lookup function fail.\n\nIn eb_lookup_vmas(), eb->vma[i].vma is set to NULL if either the helper\nfunction eb_lookup_vma() or eb_validate_vma() fails. eb->vma[i+1].vma is\nset to NULL in case i915_gem_object_userptr_submit_init() fails; the\ncurrent one needs to be cleaned up by eb_release_vmas() at this point,\nso the next one is set. If eb_add_vma() fails, neither the current nor\nthe next vma is set to NULL, which is a source of a NULL deref bug\ndescribed in the issue linked in the Closes tag.\n\nWhen entering eb_lookup_vmas(), the vma pointers are set to the slab\npoison value, instead of NULL. This doesn't matter for the actual\nlookup, since it gets overwritten anyway, however the eb_release_vmas()\nfunction only recognizes NULL as the stopping value, hence the pointers\nare being set to NULL as they go in case of intermediate failure. This\npatch changes the approach to filling them all with NULL at the start\ninstead, rather than handling that manually during failure.\n\n(cherry picked from commit 08889b706d4f0b8d2352b7ca29c2d8df4d0787cd)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-71130" }, { "cve":"CVE-2025-71152", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: properly keep track of conduit reference\n\nProblem description\n-------------------\n\nDSA has a mumbo-jumbo of reference handling of the conduit net device\nand its kobject which, sadly, is just wrong and doesn't make sense.\n\nThere are two distinct problems.\n\n1. The OF path, which uses of_find_net_device_by_node(), never releases\n the elevated refcount on the conduit's kobject. Nominally, the OF and\n non-OF paths should result in objects having identical reference\n counts taken, and it is already suspicious that\n dsa_dev_to_net_device() has a put_device() call which is missing in\n dsa_port_parse_of(), but we can actually even verify that an issue\n exists. With CONFIG_DEBUG_KOBJECT_RELEASE=y, if we run this command\n \"before\" and \"after\" applying this patch:\n\n(unbind the conduit driver for net device eno2)\necho 0000:00:00.2 > /sys/bus/pci/drivers/fsl_enetc/unbind\n\nwe see these lines in the output diff which appear only with the patch\napplied:\n\nkobject: 'eno2' (ffff002009a3a6b8): kobject_release, parent 0000000000000000 (delayed 1000)\nkobject: '109' (ffff0020099d59a0): kobject_release, parent 0000000000000000 (delayed 1000)\n\n2. After we find the conduit interface one way (OF) or another (non-OF),\n it can get unregistered at any time, and DSA remains with a long-lived,\n but in this case stale, cpu_dp->conduit pointer. Holding the net\n device's underlying kobject isn't actually of much help, it just\n prevents it from being freed (but we never need that kobject\n directly). What helps us to prevent the net device from being\n unregistered is the parallel netdev reference mechanism (dev_hold()\n and dev_put()).\n\nActually we actually use that netdev tracker mechanism implicitly on\nuser ports since commit 2f1e8ea726e9 (\"net: dsa: link interfaces with\nthe DSA master to get rid of lockdep warnings\"), via netdev_upper_dev_link().\nBut time still passes at DSA switch probe time between the initial\nof_find_net_device_by_node() code and the user port creation time, time\nduring which the conduit could unregister itself and DSA wouldn't know\nabout it.\n\nSo we have to run of_find_net_device_by_node() under rtnl_lock() to\nprevent that from happening, and release the lock only with the netdev\ntracker having acquired the reference.\n\nDo we need to keep the reference until dsa_unregister_switch() /\ndsa_switch_shutdown()?\n1: Maybe yes. A switch device will still be registered even if all user\n ports failed to probe, see commit 86f8b1c01a0a (\"net: dsa: Do not\n make user port errors fatal\"), and the cpu_dp->conduit pointers\n remain valid. I haven't audited all call paths to see whether they\n will actually use the conduit in lack of any user port, but if they\n do, it seems safer to not rely on user ports for that reference.\n2. Definitely yes. We support changing the conduit which a user port is\n associated to, and we can get into a situation where we've moved all\n user ports away from a conduit, thus no longer hold any reference to\n it via the net device tracker. But we shouldn't let it go nonetheless\n - see the next change in relation to dsa_tree_find_first_conduit()\n and LAG conduits which disappear.\n We have to be prepared to return to the physical conduit, so the CPU\n port must explicitly keep another reference to it. This is also to\n say: the user ports and their CPU ports may not always keep a\n reference to the same conduit net device, and both are needed.\n\nAs for the conduit's kobject for the /sys/class/net/ entry, we don't\ncare about it, we can release it as soon as we hold the net device\nobject itself.\n\nHistory and blame attribution\n-----------------------------\n\nThe code has been refactored so many times, it is very difficult to\nfollow and properly attribute a blame, but I'll try to make a short\nhistory which I hope to be correct.\n\nWe have two distinct probing paths:\n- one for OF, introduced in 2016 i\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-71152" }, { "cve":"CVE-2025-71194", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock in wait_current_trans() due to ignored transaction type\n\nWhen wait_current_trans() is called during start_transaction(), it\ncurrently waits for a blocked transaction without considering whether\nthe given transaction type actually needs to wait for that particular\ntransaction state. The btrfs_blocked_trans_types[] array already defines\nwhich transaction types should wait for which transaction states, but\nthis check was missing in wait_current_trans().\n\nThis can lead to a deadlock scenario involving two transactions and\npending ordered extents:\n\n 1. Transaction A is in TRANS_STATE_COMMIT_DOING state\n\n 2. A worker processing an ordered extent calls start_transaction()\n with TRANS_JOIN\n\n 3. join_transaction() returns -EBUSY because Transaction A is in\n TRANS_STATE_COMMIT_DOING\n\n 4. Transaction A moves to TRANS_STATE_UNBLOCKED and completes\n\n 5. A new Transaction B is created (TRANS_STATE_RUNNING)\n\n 6. The ordered extent from step 2 is added to Transaction B's\n pending ordered extents\n\n 7. Transaction B immediately starts commit by another task and\n enters TRANS_STATE_COMMIT_START\n\n 8. The worker finally reaches wait_current_trans(), sees Transaction B\n in TRANS_STATE_COMMIT_START (a blocked state), and waits\n unconditionally\n\n 9. However, TRANS_JOIN should NOT wait for TRANS_STATE_COMMIT_START\n according to btrfs_blocked_trans_types[]\n\n 10. Transaction B is waiting for pending ordered extents to complete\n\n 11. Deadlock: Transaction B waits for ordered extent, ordered extent\n waits for Transaction B\n\nThis can be illustrated by the following call stacks:\n CPU0 CPU1\n btrfs_finish_ordered_io()\n start_transaction(TRANS_JOIN)\n join_transaction()\n # -EBUSY (Transaction A is\n # TRANS_STATE_COMMIT_DOING)\n # Transaction A completes\n # Transaction B created\n # ordered extent added to\n # Transaction B's pending list\n btrfs_commit_transaction()\n # Transaction B enters\n # TRANS_STATE_COMMIT_START\n # waiting for pending ordered\n # extents\n wait_current_trans()\n # waits for Transaction B\n # (should not wait!)\n\nTask bstore_kv_sync in btrfs_commit_transaction waiting for ordered\nextents:\n\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n btrfs_sync_file+0x342/0x4d0 [btrfs]\n __x64_sys_fdatasync+0x4b/0x80\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTask kworker in wait_current_trans waiting for transaction commit:\n\n Workqueue: btrfs-syno_nocow btrfs_work_helper [btrfs]\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n wait_current_trans+0xb0/0x110 [btrfs]\n start_transaction+0x346/0x5b0 [btrfs]\n btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n btrfs_work_helper+0xe8/0x350 [btrfs]\n process_one_work+0x1d3/0x3c0\n worker_thread+0x4d/0x3e0\n kthread+0x12d/0x150\n ret_from_fork+0x1f/0x30\n\nFix this by passing the transaction type to wait_current_trans() and\nchecking btrfs_blocked_trans_types[cur_trans->state] against the given\ntype before deciding to wait. This ensures that transaction types which\nare allowed to join during certain blocked states will not unnecessarily\nwait and cause deadlocks.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-71194" }, { "cve":"CVE-2026-23001", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix possible UAF in macvlan_forward_source()\n\nAdd RCU protection on (struct macvlan_source_entry)->vlan.\n\nWhenever macvlan_hash_del_source() is called, we must clear\nentry->vlan pointer before RCU grace period starts.\n\nThis allows macvlan_forward_source() to skip over\nentries queued for freeing.\n\nNote that macvlan_dev are already RCU protected, as they\nare embedded in a standard netdev (netdev_priv(ndev)).\n\nhttps: //lore.kernel.org/netdev/", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23001" }, { "cve":"CVE-2026-23011", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_gre: make ipgre_header() robust\n\nAnalog to commit db5b4e39c4e6 (\"ip6_gre: make ip6gre_header() robust\")\n\nOver the years, syzbot found many ways to crash the kernel\nin ipgre_header() [1].\n\nThis involves team or bonding drivers ability to dynamically\nchange their dev->needed_headroom and/or dev->hard_header_len\n\nIn this particular crash mld_newpack() allocated an skb\nwith a too small reserve/headroom, and by the time mld_sendpack()\nwas called, syzbot managed to attach an ipgre device.\n\n[1]\nskbuff: skb_under_panic: text:ffffffff89ea3cb7 len:2030915468 put:2030915372 head:ffff888058b43000 data:ffff887fdfa6e194 tail:0x120 end:0x6c0 dev:team0\n kernel BUG at net/core/skbuff.c:213 !\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 1 UID: 0 PID: 1322 Comm: kworker/1:9 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025\nWorkqueue: mld mld_ifc_work\n RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:213\nCall Trace:\n \n skb_under_panic net/core/skbuff.c:223 [inline]\n skb_push+0xc3/0xe0 net/core/skbuff.c:2641\n ipgre_header+0x67/0x290 net/ipv4/ip_gre.c:897\n dev_hard_header include/linux/netdevice.h:3436 [inline]\n neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618\n NF_HOOK_COND include/linux/netfilter.h:307 [inline]\n ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247\n NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318\n mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855\n mld_send_cr net/ipv6/mcast.c:2154 [inline]\n mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23011" }, { "cve":"CVE-2026-23025", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: prevent pcp corruption with SMP=n\n\nThe kernel test robot has reported:\n\n BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28\n lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0\n CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470\n Call Trace:\n \n __dump_stack (lib/dump_stack.c:95)\n dump_stack_lvl (lib/dump_stack.c:123)\n dump_stack (lib/dump_stack.c:130)\n spin_dump (kernel/locking/spinlock_debug.c:71)\n do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?)\n _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138)\n __free_frozen_pages (mm/page_alloc.c:2973)\n ___free_pages (mm/page_alloc.c:5295)\n __free_pages (mm/page_alloc.c:5334)\n tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290)\n ? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289)\n ? rcu_core (kernel/rcu/tree.c:?)\n rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861)\n rcu_core_si (kernel/rcu/tree.c:2879)\n handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623)\n __irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725)\n irq_exit_rcu (kernel/softirq.c:741)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052)\n \n \n RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)\n free_pcppages_bulk (mm/page_alloc.c:1494)\n drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632)\n __drain_all_pages (mm/page_alloc.c:2731)\n drain_all_pages (mm/page_alloc.c:2747)\n kcompactd (mm/compaction.c:3115)\n kthread (kernel/kthread.c:465)\n ? __cfi_kcompactd (mm/compaction.c:3166)\n ? __cfi_kthread (kernel/kthread.c:412)\n ret_from_fork (arch/x86/kernel/process.c:164)\n ? __cfi_kthread (kernel/kthread.c:412)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:255)\n \n\nMatthew has analyzed the report and identified that in drain_page_zone()\nwe are in a section protected by spin_lock(&pcp->lock) and then get an\ninterrupt that attempts spin_trylock() on the same lock. The code is\ndesigned to work this way without disabling IRQs and occasionally fail the\ntrylock with a fallback. However, the SMP=n spinlock implementation\nassumes spin_trylock() will always succeed, and thus it's normally a\nno-op. Here the enabled lock debugging catches the problem, but otherwise\nit could cause a corruption of the pcp structure.\n\nThe problem has been introduced by commit 574907741599 (\"mm/page_alloc:\nleave IRQs enabled for per-cpu page allocations\"). The pcp locking scheme\nrecognizes the need for disabling IRQs to prevent nesting spin_trylock()\nsections on SMP=n, but the need to prevent the nesting in spin_lock() has\nnot been recognized. Fix it by introducing local wrappers that change the\nspin_lock() to spin_lock_iqsave() with SMP=n and use them in all places\nthat do spin_lock(&pcp->lock).\n\n[", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23025" }, { "cve":"CVE-2026-23054", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23054" }, { "cve":"CVE-2026-23074", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Enforce that teql can only be used as root qdisc\n\nDesign intent of teql is that it is only supposed to be used as root qdisc.\nWe need to check for that constraint.\n\nAlthough not important, I will describe the scenario that unearthed this\nissue for the curious.\n\nGangMin Kim <", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23074" }, { "cve":"CVE-2026-23100", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix hugetlb_pmd_shared()\n\nPatch series \"mm/hugetlb: fixes for PMD table sharing (incl. using\nmmu_gather)\", v3.\n\nOne functional fix, one performance regression fix, and two related\ncomment fixes.\n\nI cleaned up my prototype I recently shared [1] for the performance fix,\ndeferring most of the cleanups I had in the prototype to a later point. \nWhile doing that I identified the other things.\n\nThe goal of this patch set is to be backported to stable trees \"fairly\"\neasily. At least patch #1 and #4.\n\nPatch #1 fixes hugetlb_pmd_shared() not detecting any sharing\nPatch #2 + #3 are simple comment fixes that patch #4 interacts with.\nPatch #4 is a fix for the reported performance regression due to excessive\nIPI broadcasts during fork()+exit().\n\nThe last patch is all about TLB flushes, IPIs and mmu_gather.\nRead: complicated\n\nThere are plenty of cleanups in the future to be had + one reasonable\noptimization on x86. But that's all out of scope for this series.\n\nRuntime tested, with a focus on fixing the performance regression using\nthe original reproducer [2] on x86.\n\n\nThis patch (of 4):\n\nWe switched from (wrongly) using the page count to an independent shared\ncount. Now, shared page tables have a refcount of 1 (excluding\nspeculative references) and instead use ptdesc->pt_share_count to identify\nsharing.\n\nWe didn't convert hugetlb_pmd_shared(), so right now, we would never\ndetect a shared PMD table as such, because sharing/unsharing no longer\ntouches the refcount of a PMD table.\n\nPage migration, like mbind() or migrate_pages() would allow for migrating\nfolios mapped into such shared PMD tables, even though the folios are not\nexclusive. In smaps we would account them as \"private\" although they are\n\"shared\", and we would be wrongly setting the PM_MMAP_EXCLUSIVE in the\npagemap interface.\n\nFix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23100" }, { "cve":"CVE-2026-23138", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add recursion protection in kernel stack trace recording\n\nA bug was reported about an infinite recursion caused by tracing the rcu\nevents with the kernel stack trace trigger enabled. The stack trace code\ncalled back into RCU which then called the stack trace again.\n\nExpand the ftrace recursion protection to add a set of bits to protect\nevents from recursion. Each bit represents the context that the event is\nin (normal, softirq, interrupt and NMI).\n\nHave the stack trace code use the interrupt context to protect against\nrecursion.\n\nNote, the bug showed an issue in both the RCU code as well as the tracing\nstacktrace code. This only handles the tracing stack trace side of the\nbug. The RCU fix will be handled separately.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23138" }, { "cve":"CVE-2026-23247", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23247" }, { "cve":"CVE-2026-23269", "notes":[ { "text":"In the Linux kernel, a vulnerability exists in the AppArmor module's unpack_pdb function. The vulnerability occurs due to failure to validate that DFA start states are within bounds, which can lead to out-of-bound reads. An attacker can exploit this vulnerability through specially crafted policy files, potentially leading to information disclosure or system crashes.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23269" }, { "cve":"CVE-2026-23272", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set->nelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set->nelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23272" }, { "cve":"CVE-2026-23312", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: validate USB endpoints\n\nThe kaweth driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23312" }, { "cve":"CVE-2026-23340", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs\n\nWhen shrinking the number of real tx queues,\nnetif_set_real_num_tx_queues() calls qdisc_reset_all_tx_gt() to flush\nqdiscs for queues which will no longer be used.\n\nqdisc_reset_all_tx_gt() currently serializes qdisc_reset() with\nqdisc_lock(). However, for lockless qdiscs, the dequeue path is\nserialized by qdisc_run_begin/end() using qdisc->seqlock instead, so\nqdisc_reset() can run concurrently with __qdisc_run() and free skbs\nwhile they are still being dequeued, leading to UAF.\n\nThis can easily be reproduced on e.g. virtio-net by imposing heavy\ntraffic while frequently changing the number of queue pairs:\n\n iperf3 -ub0 -c $peer -t 0 &\n while :; do\n ethtool -L eth0 combined 1\n ethtool -L eth0 combined 2\n done\n\nWith KASAN enabled, this leads to reports like:\n\n BUG: KASAN: slab-use-after-free in __qdisc_run+0x133f/0x1760\n ...\n Call Trace:\n \n ...\n __qdisc_run+0x133f/0x1760\n __dev_queue_xmit+0x248f/0x3550\n ip_finish_output2+0xa42/0x2110\n ip_output+0x1a7/0x410\n ip_send_skb+0x2e6/0x480\n udp_send_skb+0xb0a/0x1590\n udp_sendmsg+0x13c9/0x1fc0\n ...\n \n\n Allocated by task 1270 on cpu 5 at 44.558414s:\n ...\n alloc_skb_with_frags+0x84/0x7c0\n sock_alloc_send_pskb+0x69a/0x830\n __ip_append_data+0x1b86/0x48c0\n ip_make_skb+0x1e8/0x2b0\n udp_sendmsg+0x13a6/0x1fc0\n ...\n\n Freed by task 1306 on cpu 3 at 44.558445s:\n ...\n kmem_cache_free+0x117/0x5e0\n pfifo_fast_reset+0x14d/0x580\n qdisc_reset+0x9e/0x5f0\n netif_set_real_num_tx_queues+0x303/0x840\n virtnet_set_channels+0x1bf/0x260 [virtio_net]\n ethnl_set_channels+0x684/0xae0\n ethnl_default_set_doit+0x31a/0x890\n ...\n\nSerialize qdisc_reset_all_tx_gt() against the lockless dequeue path by\ntaking qdisc->seqlock for TCQ_F_NOLOCK qdiscs, matching the\nserialization model already used by dev_reset_queue().\n\nAdditionally clear QDISC_STATE_NON_EMPTY after reset so the qdisc state\nreflects an empty queue, avoiding needless re-scheduling.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23340" }, { "cve":"CVE-2026-23378", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ife: Fix metalist update behavior\n\nWhenever an ife action replace changes the metalist, instead of\nreplacing the old data on the metalist, the current ife code is appending\nthe new metadata. Aside from being innapropriate behavior, this may lead\nto an unbounded addition of metadata to the metalist which might cause an\nout of bounds error when running the encode op:\n\n[ 138.423369][ C1] ==================================================================\n[ 138.424317][ C1] BUG: KASAN: slab-out-of-bounds in ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.424906][ C1] Write of size 4 at addr ffff8880077f4ffe by task ife_out_out_bou/255\n[ 138.425778][ C1] CPU: 1 UID: 0 PID: 255 Comm: ife_out_out_bou Not tainted 7.0.0-rc1-00169-gfbdfa8da05b6 #624 PREEMPT(full)\n[ 138.425795][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 138.425800][ C1] Call Trace:\n[ 138.425804][ C1] \n[ 138.425808][ C1] dump_stack_lvl (lib/dump_stack.c:122)\n[ 138.425828][ C1] print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n[ 138.425839][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425844][ C1] ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:95 (discriminator 1) ./include/linux/rcupdate.h:975 (discriminator 1) ./include/linux/mmzone.h:2207 (discriminator 1) arch/x86/mm/physaddr.c:54 (discriminator 1))\n[ 138.425853][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425859][ C1] kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:597)\n[ 138.425868][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425878][ C1] kasan_check_range (mm/kasan/generic.c:186 (discriminator 1) mm/kasan/generic.c:200 (discriminator 1))\n[ 138.425884][ C1] __asan_memset (mm/kasan/shadow.c:84 (discriminator 2))\n[ 138.425889][ C1] ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425893][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:171)\n[ 138.425898][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425903][ C1] ife_encode_meta_u16 (net/sched/act_ife.c:57)\n[ 138.425910][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114)\n[ 138.425916][ C1] ? __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 3))\n[ 138.425921][ C1] ? __pfx_ife_encode_meta_u16 (net/sched/act_ife.c:45)\n[ 138.425927][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425931][ C1] tcf_ife_act (net/sched/act_ife.c:847 net/sched/act_ife.c:879)\n\nTo solve this issue, fix the replace behavior by adding the metalist to\nthe ife rcu data structure.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23378" }, { "cve":"CVE-2026-23389", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23389" }, { "cve":"CVE-2026-23406", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix side-effect bug in match_char() macro usage\n\nThe match_char() macro evaluates its character parameter multiple\ntimes when traversing differential encoding chains. When invoked\nwith *str++, the string pointer advances on each iteration of the\ninner do-while loop, causing the DFA to check different characters\nat each iteration and therefore skip input characters.\nThis results in out-of-bounds reads when the pointer advances past\nthe input buffer boundary.\n\n[ 94.984676] ==================================================================\n[ 94.985301] BUG: KASAN: slab-out-of-bounds in aa_dfa_match+0x5ae/0x760\n[ 94.985655] Read of size 1 at addr ffff888100342000 by task file/976\n\n[ 94.986319] CPU: 7 UID: 1000 PID: 976 Comm: file Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)\n[ 94.986322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 94.986329] Call Trace:\n[ 94.986341] \n[ 94.986347] dump_stack_lvl+0x5e/0x80\n[ 94.986374] print_report+0xc8/0x270\n[ 94.986384] ? aa_dfa_match+0x5ae/0x760\n[ 94.986388] kasan_report+0x118/0x150\n[ 94.986401] ? aa_dfa_match+0x5ae/0x760\n[ 94.986405] aa_dfa_match+0x5ae/0x760\n[ 94.986408] __aa_path_perm+0x131/0x400\n[ 94.986418] aa_path_perm+0x219/0x2f0\n[ 94.986424] apparmor_file_open+0x345/0x570\n[ 94.986431] security_file_open+0x5c/0x140\n[ 94.986442] do_dentry_open+0x2f6/0x1120\n[ 94.986450] vfs_open+0x38/0x2b0\n[ 94.986453] ? may_open+0x1e2/0x2b0\n[ 94.986466] path_openat+0x231b/0x2b30\n[ 94.986469] ? __x64_sys_openat+0xf8/0x130\n[ 94.986477] do_file_open+0x19d/0x360\n[ 94.986487] do_sys_openat2+0x98/0x100\n[ 94.986491] __x64_sys_openat+0xf8/0x130\n[ 94.986499] do_syscall_64+0x8e/0x660\n[ 94.986515] ? count_memcg_events+0x15f/0x3c0\n[ 94.986526] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986540] ? handle_mm_fault+0x1639/0x1ef0\n[ 94.986551] ? vma_start_read+0xf0/0x320\n[ 94.986558] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986561] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986563] ? fpregs_assert_state_consistent+0x50/0xe0\n[ 94.986572] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986574] ? arch_exit_to_user_mode_prepare+0x9/0xb0\n[ 94.986587] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986588] ? irqentry_exit+0x3c/0x590\n[ 94.986595] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 94.986597] RIP: 0033:0x7fda4a79c3ea\n\nFix by extracting the character value before invoking match_char,\nensuring single evaluation per outer loop.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23406" }, { "cve":"CVE-2026-23407", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix missing bounds check on DEFAULT table in verify_dfa()\n\nThe verify_dfa() function only checks DEFAULT_TABLE bounds when the state\nis not differentially encoded.\n\nWhen the verification loop traverses the differential encoding chain,\nit reads k = DEFAULT_TABLE[j] and uses k as an array index without\nvalidation. A malformed DFA with DEFAULT_TABLE[j] >= state_count,\ntherefore, causes both out-of-bounds reads and writes.\n\n[ 57.179855] ==================================================================\n[ 57.180549] BUG: KASAN: slab-out-of-bounds in verify_dfa+0x59a/0x660\n[ 57.180904] Read of size 4 at addr ffff888100eadec4 by task su/993\n\n[ 57.181554] CPU: 1 UID: 0 PID: 993 Comm: su Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)\n[ 57.181558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 57.181563] Call Trace:\n[ 57.181572] \n[ 57.181577] dump_stack_lvl+0x5e/0x80\n[ 57.181596] print_report+0xc8/0x270\n[ 57.181605] ? verify_dfa+0x59a/0x660\n[ 57.181608] kasan_report+0x118/0x150\n[ 57.181620] ? verify_dfa+0x59a/0x660\n[ 57.181623] verify_dfa+0x59a/0x660\n[ 57.181627] aa_dfa_unpack+0x1610/0x1740\n[ 57.181629] ? __kmalloc_cache_noprof+0x1d0/0x470\n[ 57.181640] unpack_pdb+0x86d/0x46b0\n[ 57.181647] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181653] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181656] ? aa_unpack_nameX+0x1a8/0x300\n[ 57.181659] aa_unpack+0x20b0/0x4c30\n[ 57.181662] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181664] ? stack_depot_save_flags+0x33/0x700\n[ 57.181681] ? kasan_save_track+0x4f/0x80\n[ 57.181683] ? kasan_save_track+0x3e/0x80\n[ 57.181686] ? __kasan_kmalloc+0x93/0xb0\n[ 57.181688] ? __kvmalloc_node_noprof+0x44a/0x780\n[ 57.181693] ? aa_simple_write_to_buffer+0x54/0x130\n[ 57.181697] ? policy_update+0x154/0x330\n[ 57.181704] aa_replace_profiles+0x15a/0x1dd0\n[ 57.181707] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181710] ? __kvmalloc_node_noprof+0x44a/0x780\n[ 57.181712] ? aa_loaddata_alloc+0x77/0x140\n[ 57.181715] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181717] ? _copy_from_user+0x2a/0x70\n[ 57.181730] policy_update+0x17a/0x330\n[ 57.181733] profile_replace+0x153/0x1a0\n[ 57.181735] ? rw_verify_area+0x93/0x2d0\n[ 57.181740] vfs_write+0x235/0xab0\n[ 57.181745] ksys_write+0xb0/0x170\n[ 57.181748] do_syscall_64+0x8e/0x660\n[ 57.181762] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 57.181765] RIP: 0033:0x7f6192792eb2\n\nRemove the MATCH_FLAG_DIFF_ENCODE condition to validate all DEFAULT_TABLE\nentries unconditionally.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23407" }, { "cve":"CVE-2026-23410", "notes":[ { "text":"A race condition vulnerability exists in the AppArmor security module of the Linux kernel, leading to a use-after-free issue. This vulnerability can be triggered when an attacker simultaneously opens rawdata files and removes an associated AppArmor profile. Since rawdata inodes are not refcounted, there is a time window during profile removal where the i_private pointer may reference freed memory, causing the system to access freed memory regions. This can result in program crashes, unexpected value usage, or arbitrary code execution, threatening the confidentiality, integrity, and availability of the system.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23410" }, { "cve":"CVE-2026-23411", "notes":[ { "text":"A vulnerability exists in the AppArmor security module of the Linux kernel when handling the i_private field of the inode structure. AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can and does live beyond that point and it is possible that some of the fs callback functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. This vulnerability could allow a local attacker to bypass AppArmor's access control policies through a specially crafted request, leading to privilege escalation and impacting system confidentiality, integrity, and availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23411" }, { "cve":"CVE-2026-23439", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nudp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n\n\nWhen CONFIG_IPV6 is disabled, the udp_sock_create6() function returns 0\n(success) without actually creating a socket. Callers such as\nfou_create() then proceed to dereference the uninitialized socket\npointer, resulting in a NULL pointer dereference.\n\nThe captured NULL deref crash:\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n RIP: 0010:fou_nl_add_doit (net/ipv4/fou_core.c:590 net/ipv4/fou_core.c:764)\n [...]\n Call Trace:\n \n genl_family_rcv_msg_doit.constprop.0 (net/netlink/genetlink.c:1114)\n genl_rcv_msg (net/netlink/genetlink.c:1194 net/netlink/genetlink.c:1209)\n [...]\n netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n genl_rcv (net/netlink/genetlink.c:1219)\n netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\n netlink_sendmsg (net/netlink/af_netlink.c:1894)\n __sock_sendmsg (net/socket.c:727 (discriminator 1) net/socket.c:742 (discriminator 1))\n __sys_sendto (./include/linux/file.h:62 (discriminator 1) ./include/linux/file.h:83 (discriminator 1) net/socket.c:2183 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2213 (discriminator 1) net/socket.c:2209 (discriminator 1) net/socket.c:2209 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (net/arch/x86/entry/entry_64.S:130)\n\nThis patch makes udp_sock_create6 return -EPFNOSUPPORT instead, so\ncallers correctly take their error paths. There is only one caller of\nthe vulnerable function and only privileged users can trigger it.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23439" }, { "cve":"CVE-2026-23440", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race condition during IPSec ESN update\n\nIn IPSec full offload mode, the device reports an ESN (Extended\nSequence Number) wrap event to the driver. The driver validates this\nevent by querying the IPSec ASO and checking that the esn_event_arm\nfield is 0x0, which indicates an event has occurred. After handling\nthe event, the driver must re-arm the context by setting esn_event_arm\nback to 0x1.\n\nA race condition exists in this handling path. After validating the\nevent, the driver calls mlx5_accel_esp_modify_xfrm() to update the\nkernel's xfrm state. This function temporarily releases and\nre-acquires the xfrm state lock.\n\nSo, need to acknowledge the event first by setting esn_event_arm to\n0x1. This prevents the driver from reprocessing the same ESN update if\nthe hardware sends events for other reason. Since the next ESN update\nonly occurs after nearly 2^31 packets are received, there's no risk of\nmissing an update, as it will happen long after this handling has\nfinished.\n\nProcessing the event twice causes the ESN high-order bits (esn_msb) to\nbe incremented incorrectly. The driver then programs the hardware with\nthis invalid ESN state, which leads to anti-replay failures and a\ncomplete halt of IPSec traffic.\n\nFix this by re-arming the ESN event immediately after it is validated,\nbefore calling mlx5_accel_esp_modify_xfrm(). This ensures that any\nspurious, duplicate events are correctly ignored, closing the race\nwindow.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23440" }, { "cve":"CVE-2026-23441", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent concurrent access to IPSec ASO context\n\nThe query or updating IPSec offload object is through Access ASO WQE.\nThe driver uses a single mlx5e_ipsec_aso struct for each PF, which\ncontains a shared DMA-mapped context for all ASO operations.\n\nA race condition exists because the ASO spinlock is released before\nthe hardware has finished processing WQE. If a second operation is\ninitiated immediately after, it overwrites the shared context in the\nDMA area.\n\nWhen the first operation's completion is processed later, it reads\nthis corrupted context, leading to unexpected behavior and incorrect\nresults.\n\nThis commit fixes the race by introducing a private context within\neach IPSec offload object. The shared ASO context is now copied to\nthis private context while the ASO spinlock is held. Subsequent\nprocessing uses this saved, per-object context, ensuring its integrity\nis maintained.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23441" }, { "cve":"CVE-2026-23444", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure\n\nieee80211_tx_prepare_skb() has three error paths, but only two of them\nfree the skb. The first error path (ieee80211_tx_prepare() returning\nTX_DROP) does not free it, while invoke_tx_handlers() failure and the\nfragmentation check both do.\n\nAdd kfree_skb() to the first error path so all three are consistent,\nand remove the now-redundant frees in callers (ath9k, mt76,\nmac80211_hwsim) to avoid double-free.\n\nDocument the skb ownership guarantee in the function's kdoc.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23444" }, { "cve":"CVE-2026-23448", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check\n\ncdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE\nentries fit within the skb. The first check correctly accounts for\nndpoffset:\n\n if ((ndpoffset + sizeof(struct usb_cdc_ncm_ndp16)) > skb_in->len)\n\nbut the second check omits it:\n\n if ((sizeof(struct usb_cdc_ncm_ndp16) +\n ret * (sizeof(struct usb_cdc_ncm_dpe16))) > skb_in->len)\n\nThis validates the DPE array size against the total skb length as if\nthe NDP were at offset 0, rather than at ndpoffset. When the NDP is\nplaced near the end of the NTB (large wNdpIndex), the DPE entries can\nextend past the skb data buffer even though the check passes.\ncdc_ncm_rx_fixup() then reads out-of-bounds memory when iterating\nthe DPE array.\n\nAdd ndpoffset to the nframes bounds check and use struct_size_t() to\nexpress the NDP-plus-DPE-array size more clearly.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23448" }, { "cve":"CVE-2026-23450", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()\n\nSyzkaller reported a panic in smc_tcp_syn_recv_sock() [1].\n\nsmc_tcp_syn_recv_sock() is called in the TCP receive path\n(softirq) via icsk_af_ops->syn_recv_sock on the clcsock (TCP\nlistening socket). It reads sk_user_data to get the smc_sock\npointer. However, when the SMC listen socket is being closed\nconcurrently, smc_close_active() sets clcsock->sk_user_data\nto NULL under sk_callback_lock, and then the smc_sock itself\ncan be freed via sock_put() in smc_release().\n\nThis leads to two issues:\n\n1) NULL pointer dereference: sk_user_data is NULL when\n accessed.\n2) Use-after-free: sk_user_data is read as non-NULL, but the\n smc_sock is freed before its fields (e.g., queued_smc_hs,\n ori_af_ops) are accessed.\n\nThe race window looks like this (the syzkaller crash [1]\ntriggers via the SYN cookie path: tcp_get_cookie_sock() ->\nsmc_tcp_syn_recv_sock(), but the normal tcp_check_req() path\nhas the same race):\n\n CPU A (softirq) CPU B (process ctx)\n\n tcp_v4_rcv()\n TCP_NEW_SYN_RECV:\n sk = req->rsk_listener\n sock_hold(sk)\n /* No lock on listener */\n smc_close_active():\n write_lock_bh(cb_lock)\n sk_user_data = NULL\n write_unlock_bh(cb_lock)\n ...\n smc_clcsock_release()\n sock_put(smc->sk) x2\n -> smc_sock freed!\n tcp_check_req()\n smc_tcp_syn_recv_sock():\n smc = user_data(sk)\n -> NULL or dangling\n smc->queued_smc_hs\n -> crash!\n\nNote that the clcsock and smc_sock are two independent objects\nwith separate refcounts. TCP stack holds a reference on the\nclcsock, which keeps it alive, but this does NOT prevent the\nsmc_sock from being freed.\n\nFix this by using RCU and refcount_inc_not_zero() to safely\naccess smc_sock. Since smc_tcp_syn_recv_sock() is called in\nthe TCP three-way handshake path, taking read_lock_bh on\nsk_callback_lock is too heavy and would not survive a SYN\nflood attack. Using rcu_read_lock() is much more lightweight.\n\n- Set SOCK_RCU_FREE on the SMC listen socket so that\n smc_sock freeing is deferred until after the RCU grace\n period. This guarantees the memory is still valid when\n accessed inside rcu_read_lock().\n- Use rcu_read_lock() to protect reading sk_user_data.\n- Use refcount_inc_not_zero(&smc->sk.sk_refcnt) to pin the\n smc_sock. If the refcount has already reached zero (close\n path completed), it returns false and we bail out safely.\n\nNote: smc_hs_congested() has a similar lockless read of\nsk_user_data without rcu_read_lock(), but it only checks for\nNULL and accesses the global smc_hs_wq, never dereferencing\nany smc_sock field, so it is not affected.\n\nReproducer was verified with mdelay injection and smc_run,\nthe issue no longer occurs with this patch applied.\n\n[1] https://syzkaller.appspot.com/bug?extid=827ae2bfb3a3529333e9", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-23450" }, { "cve":"CVE-2026-23452", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nPM: runtime: Fix a race condition related to device removal\n\nThe following code in pm_runtime_work() may dereference the dev->parent\npointer after the parent device has been freed:\n\n\t/* Maybe the parent is now able to suspend. */\n\tif (parent && !parent->power.ignore_children) {\n\t\tspin_unlock(&dev->power.lock);\n\n\t\tspin_lock(&parent->power.lock);\n\t\trpm_idle(parent, RPM_ASYNC);\n\t\tspin_unlock(&parent->power.lock);\n\n\t\tspin_lock(&dev->power.lock);\n\t}\n\nFix this by inserting a flush_work() call in pm_runtime_remove().\n\nWithout this patch blktest block/001 triggers the following complaint\nsporadically:\n\nBUG: KASAN: slab-use-after-free in lock_acquire+0x70/0x160\nRead of size 1 at addr ffff88812bef7198 by task kworker/u553:1/3081\nWorkqueue: pm pm_runtime_work\nCall Trace:\n \n dump_stack_lvl+0x61/0x80\n print_address_description.constprop.0+0x8b/0x310\n print_report+0xfd/0x1d7\n kasan_report+0xd8/0x1d0\n __kasan_check_byte+0x42/0x60\n lock_acquire.part.0+0x38/0x230\n lock_acquire+0x70/0x160\n _raw_spin_lock+0x36/0x50\n rpm_suspend+0xc6a/0xfe0\n rpm_idle+0x578/0x770\n pm_runtime_work+0xee/0x120\n process_one_work+0xde3/0x1410\n worker_thread+0x5eb/0xfe0\n kthread+0x37b/0x480\n ret_from_fork+0x6cb/0x920\n ret_from_fork_asm+0x11/0x20\n \n\nAllocated by task 4314:\n kasan_save_stack+0x2a/0x50\n kasan_save_track+0x18/0x40\n kasan_save_alloc_info+0x3d/0x50\n __kasan_kmalloc+0xa0/0xb0\n __kmalloc_noprof+0x311/0x990\n scsi_alloc_target+0x122/0xb60 [scsi_mod]\n __scsi_scan_target+0x101/0x460 [scsi_mod]\n scsi_scan_channel+0x179/0x1c0 [scsi_mod]\n scsi_scan_host_selected+0x259/0x2d0 [scsi_mod]\n store_scan+0x2d2/0x390 [scsi_mod]\n dev_attr_store+0x43/0x80\n sysfs_kf_write+0xde/0x140\n kernfs_fop_write_iter+0x3ef/0x670\n vfs_write+0x506/0x1470\n ksys_write+0xfd/0x230\n __x64_sys_write+0x76/0xc0\n x64_sys_call+0x213/0x1810\n do_syscall_64+0xee/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nFreed by task 4314:\n kasan_save_stack+0x2a/0x50\n kasan_save_track+0x18/0x40\n kasan_save_free_info+0x3f/0x50\n __kasan_slab_free+0x67/0x80\n kfree+0x225/0x6c0\n scsi_target_dev_release+0x3d/0x60 [scsi_mod]\n device_release+0xa3/0x220\n kobject_cleanup+0x105/0x3a0\n kobject_put+0x72/0xd0\n put_device+0x17/0x20\n scsi_device_dev_release+0xacf/0x12c0 [scsi_mod]\n device_release+0xa3/0x220\n kobject_cleanup+0x105/0x3a0\n kobject_put+0x72/0xd0\n put_device+0x17/0x20\n scsi_device_put+0x7f/0xc0 [scsi_mod]\n sdev_store_delete+0xa5/0x120 [scsi_mod]\n dev_attr_store+0x43/0x80\n sysfs_kf_write+0xde/0x140\n kernfs_fop_write_iter+0x3ef/0x670\n vfs_write+0x506/0x1470\n ksys_write+0xfd/0x230\n __x64_sys_write+0x76/0xc0\n x64_sys_call+0x213/0x1810", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23452" }, { "cve":"CVE-2026-23461", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user\n\nAfter commit ab4eedb790ca (\"Bluetooth: L2CAP: Fix corrupted list in\nhci_chan_del\"), l2cap_conn_del() uses conn->lock to protect access to\nconn->users. However, l2cap_register_user() and l2cap_unregister_user()\ndon't use conn->lock, creating a race condition where these functions can\naccess conn->users and conn->hchan concurrently with l2cap_conn_del().\n\nThis can lead to use-after-free and list corruption bugs, as reported\nby syzbot.\n\nFix this by changing l2cap_register_user() and l2cap_unregister_user()\nto use conn->lock instead of hci_dev_lock(), ensuring consistent locking\nfor the l2cap_conn structure.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-23461" }, { "cve":"CVE-2026-23473", "notes":[ { "text":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23473" }, { "cve":"CVE-2026-23475", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix statistics allocation\n\nThe controller per-cpu statistics is not allocated until after the\ncontroller has been registered with driver core, which leaves a window\nwhere accessing the sysfs attributes can trigger a NULL-pointer\ndereference.\n\nFix this by moving the statistics allocation to controller allocation\nwhile tying its lifetime to that of the controller (rather than using\nimplicit devres).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-23475" }, { "cve":"CVE-2026-31392", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix krb5 mount with username option\n\nCustomer reported that some of their krb5 mounts were failing against\na single server as the client was trying to mount the shares with\nwrong credentials. It turned out the client was reusing SMB session\nfrom first mount to try mounting the other shares, even though a\ndifferent username= option had been specified to the other mounts.\n\nBy using username mount option along with sec=krb5 to search for\nprincipals from keytab is supported by cifs.upcall(8) since\ncifs-utils-4.8. So fix this by matching username mount option in\nmatch_session() even with Kerberos.\n\nFor example, the second mount below should fail with -ENOKEY as there\nis no 'foobar' principal in keytab (/etc/krb5.keytab). The client\nends up reusing SMB session from first mount to perform the second\none, which is wrong.\n\n```\n$ ktutil\nktutil: add_entry -password -p testuser -k 1 -e aes256-cts\nPassword for ", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31392" }, { "cve":"CVE-2026-31398", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/rmap: fix incorrect pte restoration for lazyfree folios\n\nWe batch unmap anonymous lazyfree folios by folio_unmap_pte_batch. If the\nbatch has a mix of writable and non-writable bits, we may end up setting\nthe entire batch writable. Fix this by respecting writable bit during\nbatching.\n\nAlthough on a successful unmap of a lazyfree folio, the soft-dirty bit is\nlost, preserve it on pte restoration by respecting the bit during\nbatching, to make the fix consistent w.r.t both writable bit and\nsoft-dirty bit.\n\nI was able to write the below reproducer and crash the kernel. \nExplanation of reproducer (set 64K mTHP to always):\n\nFault in a 64K large folio. Split the VMA at mid-point with\nMADV_DONTFORK. fork() - parent points to the folio with 8 writable ptes\nand 8 non-writable ptes. Merge the VMAs with MADV_DOFORK so that\nfolio_unmap_pte_batch() can determine all the 16 ptes as a batch. Do\nMADV_FREE on the range to mark the folio as lazyfree. Write to the memory\nto dirty the pte, eventually rmap will dirty the folio. Then trigger\nreclaim, we will hit the pte restoration path, and the kernel will crash\nwith the trace given below.\n\nThe BUG happens at:\n\n\tBUG_ON(atomic_inc_return(&ptc->anon_map_count) > 1 && rw);\n\nThe code path is asking for anonymous page to be mapped writable into the\npagetable. The BUG_ON() firing implies that such a writable page has been\nmapped into the pagetables of more than one process, which breaks\nanonymous memory/CoW semantics.\n\n[ 21.134473] kernel BUG at mm/page_table_check.c:118!\n[ 21.134497] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 21.135917] Modules linked in:\n[ 21.136085] CPU: 1 UID: 0 PID: 1735 Comm: dup-lazyfree Not tainted 7.0.0-rc1-00116-g018018a17770 #1028 PREEMPT\n[ 21.136858] Hardware name: linux,dummy-virt (DT)\n[ 21.137019] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 21.137308] pc : page_table_check_set+0x28c/0x2a8\n[ 21.137607] lr : page_table_check_set+0x134/0x2a8\n[ 21.137885] sp : ffff80008a3b3340\n[ 21.138124] x29: ffff80008a3b3340 x28: fffffdffc3d14400 x27: ffffd1a55e03d000\n[ 21.138623] x26: 0040000000000040 x25: ffffd1a55f7dd000 x24: 0000000000000001\n[ 21.139045] x23: 0000000000000001 x22: 0000000000000001 x21: ffffd1a55f217f30\n[ 21.139629] x20: 0000000000134521 x19: 0000000000134519 x18: 005c43e000040000\n[ 21.140027] x17: 0001400000000000 x16: 0001700000000000 x15: 000000000000ffff\n[ 21.140578] x14: 000000000000000c x13: 005c006000000000 x12: 0000000000000020\n[ 21.140828] x11: 0000000000000000 x10: 005c000000000000 x9 : ffffd1a55c079ee0\n[ 21.141077] x8 : 0000000000000001 x7 : 005c03e000040000 x6 : 000000004000ffff\n[ 21.141490] x5 : ffff00017fffce00 x4 : 0000000000000001 x3 : 0000000000000002\n[ 21.141741] x2 : 0000000000134510 x1 : 0000000000000000 x0 : ffff0000c08228c0\n[ 21.141991] Call trace:\n[ 21.142093] page_table_check_set+0x28c/0x2a8 (P)\n[ 21.142265] __page_table_check_ptes_set+0x144/0x1e8\n[ 21.142441] __set_ptes_anysz.constprop.0+0x160/0x1a8\n[ 21.142766] contpte_set_ptes+0xe8/0x140\n[ 21.142907] try_to_unmap_one+0x10c4/0x10d0\n[ 21.143177] rmap_walk_anon+0x100/0x250\n[ 21.143315] try_to_unmap+0xa0/0xc8\n[ 21.143441] shrink_folio_list+0x59c/0x18a8\n[ 21.143759] shrink_lruvec+0x664/0xbf0\n[ 21.144043] shrink_node+0x218/0x878\n[ 21.144285] __node_reclaim.constprop.0+0x98/0x338\n[ 21.144763] user_proactive_reclaim+0x2a4/0x340\n[ 21.145056] reclaim_store+0x3c/0x60\n[ 21.145216] dev_attr_store+0x20/0x40\n[ 21.145585] sysfs_kf_write+0x84/0xa8\n[ 21.145835] kernfs_fop_write_iter+0x130/0x1c8\n[ 21.145994] vfs_write+0x2b8/0x368\n[ 21.146119] ksys_write+0x70/0x110\n[ 21.146240] __arm64_sys_write+0x24/0x38\n[ 21.146380] invoke_syscall+0x50/0x120\n[ 21.146513] el0_svc_common.constprop.0+0x48/0xf8\n[ 21.146679] do_el0_svc+0x28/0x40\n[ 21.146798] el0_svc+0x34/0x110\n[ 21.146926] el0t\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31398" }, { "cve":"CVE-2026-31399", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm/bus: Fix potential use after free in asynchronous initialization\n\nDingisoul with KASAN reports a use after free if device_add() fails in\nnd_async_device_register().\n\nCommit b6eae0f61db2 (\"libnvdimm: Hold reference on parent while\nscheduling async init\") correctly added a reference on the parent device\nto be held until asynchronous initialization was complete. However, if\ndevice_add() results in an allocation failure the ref count of the\ndevice drops to 0 prior to the parent pointer being accessed. Thus\nresulting in use after free.\n\nThe bug bot AI correctly identified the fix. Save a reference to the\nparent pointer to be used to drop the parent reference regardless of the\noutcome of device_add().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31399" }, { "cve":"CVE-2026-31400", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix cache_request leak in cache_release\n\nWhen a reader's file descriptor is closed while in the middle of reading\na cache_request (rp->offset != 0), cache_release() decrements the\nrequest's readers count but never checks whether it should free the\nrequest.\n\nIn cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the\ncache_request is removed from the queue and freed along with its buffer\nand cache_head reference. cache_release() lacks this cleanup.\n\nThe only other path that frees requests with readers == 0 is\ncache_dequeue(), but it runs only when CACHE_PENDING transitions from\nset to clear. If that transition already happened while readers was\nstill non-zero, cache_dequeue() will have skipped the request, and no\nsubsequent call will clean it up.\n\nAdd the same cleanup logic from cache_read() to cache_release(): after\ndecrementing readers, check if it reached 0 with CACHE_PENDING clear,\nand if so, dequeue and free the cache_request.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31400" }, { "cve":"CVE-2026-31403", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd\n\nThe /proc/fs/nfs/exports proc entry is created at module init\nand persists for the module's lifetime. exports_proc_open()\ncaptures the caller's current network namespace and stores\nits svc_export_cache in seq->private, but takes no reference\non the namespace. If the namespace is subsequently torn down\n(e.g. container destruction after the opener does setns() to a\ndifferent namespace), nfsd_net_exit() calls nfsd_export_shutdown()\nwhich frees the cache. Subsequent reads on the still-open fd\ndereference the freed cache_detail, walking a freed hash table.\n\nHold a reference on the struct net for the lifetime of the open\nfile descriptor. This prevents nfsd_net_exit() from running --\nand thus prevents nfsd_export_shutdown() from freeing the cache\n-- while any exports fd is open. cache_detail already stores\nits net pointer (cd->net, set by cache_create_net()), so\nexports_release() can retrieve it without additional per-file\nstorage.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31403" }, { "cve":"CVE-2026-31408", "notes":[ { "text":"In the Linux kernel, the Bluetooth SCO module's sco_recv_frame() function contains a use-after-free vulnerability. The function reads conn->sk under sco_conn_lock() but immediately releases the lock without holding a reference to the socket. A concurrent close() operation can free the socket between the lock release and the subsequent sk->sk_state access, resulting in a use-after-free vulnerability. Other functions in the same file (sco_sock_timeout(), sco_conn_del()) correctly use sco_sock_hold() to safely hold references under the lock. The vulnerability is fixed by using sco_sock_hold() to acquire a reference before releasing the lock and adding sock_put() on all exit paths.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31408" }, { "cve":"CVE-2026-31421", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_fw: fix NULL pointer dereference on shared blocks\n\nThe old-method path in fw_classify() calls tcf_block_q() and\ndereferences q->handle. Shared blocks leave block->q NULL, causing a\nNULL deref when an empty cls_fw filter is attached to a shared block\nand a packet with a nonzero major skb mark is classified.\n\nReject the configuration in fw_change() when the old method (no\nTCA_OPTIONS) is used on a shared block, since fw_classify()'s\nold-method path needs block->q which is NULL for shared blocks.\n\nThe fixed null-ptr-deref calling stack:\n KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n RIP: 0010:fw_classify (net/sched/cls_fw.c:81)\n Call Trace:\n tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)\n tc_run (net/core/dev.c:4401)\n __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31421" }, { "cve":"CVE-2026-31422", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_flow: fix NULL pointer dereference on shared blocks\n\nflow_change() calls tcf_block_q() and dereferences q->handle to derive\na default baseclass. Shared blocks leave block->q NULL, causing a NULL\nderef when a flow filter without a fully qualified baseclass is created\non a shared block.\n\nCheck tcf_block_shared() before accessing block->q and return -EINVAL\nfor shared blocks. This avoids the null-deref shown below:\n\n=======================================================================\nKASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\nRIP: 0010:flow_change (net/sched/cls_flow.c:508)\nCall Trace:\n tc_new_tfilter (net/sched/cls_api.c:2432)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6980)\n [...]\n=======================================================================", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31422" }, { "cve":"CVE-2026-31426", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: EC: clean up handlers on probe failure in acpi_ec_setup()\n\nWhen ec_install_handlers() returns -EPROBE_DEFER on reduced-hardware\nplatforms, it has already started the EC and installed the address\nspace handler with the struct acpi_ec pointer as handler context.\nHowever, acpi_ec_setup() propagates the error without any cleanup.\n\nThe caller acpi_ec_add() then frees the struct acpi_ec for non-boot\ninstances, leaving a dangling handler context in ACPICA.\n\nAny subsequent AML evaluation that accesses an EC OpRegion field\ndispatches into acpi_ec_space_handler() with the freed pointer,\ncausing a use-after-free:\n\n BUG: KASAN: slab-use-after-free in mutex_lock (kernel/locking/mutex.c:289)\n Write of size 8 at addr ffff88800721de38 by task init/1\n Call Trace:\n \n mutex_lock (kernel/locking/mutex.c:289)\n acpi_ec_space_handler (drivers/acpi/ec.c:1362)\n acpi_ev_address_space_dispatch (drivers/acpi/acpica/evregion.c:293)\n acpi_ex_access_region (drivers/acpi/acpica/exfldio.c:246)\n acpi_ex_field_datum_io (drivers/acpi/acpica/exfldio.c:509)\n acpi_ex_extract_from_field (drivers/acpi/acpica/exfldio.c:700)\n acpi_ex_read_data_from_field (drivers/acpi/acpica/exfield.c:327)\n acpi_ex_resolve_node_to_value (drivers/acpi/acpica/exresolv.c:392)\n \n\n Allocated by task 1:\n acpi_ec_alloc (drivers/acpi/ec.c:1424)\n acpi_ec_add (drivers/acpi/ec.c:1692)\n\n Freed by task 1:\n kfree (mm/slub.c:6876)\n acpi_ec_add (drivers/acpi/ec.c:1751)\n\nThe bug triggers on reduced-hardware EC platforms (ec->gpe < 0)\nwhen the GPIO IRQ provider defers probing. Once the stale handler\nexists, any unprivileged sysfs read that causes AML to touch an\nEC OpRegion (battery, thermal, backlight) exercises the dangling\npointer.\n\nFix this by calling ec_remove_handlers() in the error path of\nacpi_ec_setup() before clearing first_ec. ec_remove_handlers()\nchecks each EC_FLAGS_* bit before acting, so it is safe to call\nregardless of how far ec_install_handlers() progressed:\n\n -ENODEV (handler not installed): only calls acpi_ec_stop()\n -EPROBE_DEFER (handler installed): removes handler, stops EC", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31426" }, { "cve":"CVE-2026-31429", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skb: fix cross-cache free of KFENCE-allocated skb head\n\nSKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2\nvalue (e.g. 704 on x86_64) to avoid collisions with generic kmalloc\nbucket sizes. This ensures that skb_kfree_head() can reliably use\nskb_end_offset to distinguish skb heads allocated from\nskb_small_head_cache vs. generic kmalloc caches.\n\nHowever, when KFENCE is enabled, kfence_ksize() returns the exact\nrequested allocation size instead of the slab bucket size. If a caller\n(e.g. bpf_test_init) allocates skb head data via kzalloc() and the\nrequested size happens to equal SKB_SMALL_HEAD_CACHE_SIZE, then\nslab_build_skb() -> ksize() returns that exact value. After subtracting\nskb_shared_info overhead, skb_end_offset ends up matching\nSKB_SMALL_HEAD_HEADROOM, causing skb_kfree_head() to incorrectly free\nthe object to skb_small_head_cache instead of back to the original\nkmalloc cache, resulting in a slab cross-cache free:\n\n kmem_cache_free(skbuff_small_head): Wrong slab cache. Expected\n skbuff_small_head but got kmalloc-1k\n\nFix this by always calling kfree(head) in skb_kfree_head(). This keeps\nthe free path generic and avoids allocator-specific misclassification\nfor KFENCE objects.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31429" }, { "cve":"CVE-2026-31430", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nX.509: Fix out-of-bounds access when parsing extensions\n\nLeo reports an out-of-bounds access when parsing a certificate with\nempty Basic Constraints or Key Usage extension because the first byte of\nthe extension is read before checking its length. Fix it.\n\nThe bug can be triggered by an unprivileged user by submitting a\nspecially crafted certificate to the kernel through the keyrings(7) API.\nLeo has demonstrated this with a proof-of-concept program responsibly\ndisclosed off-list.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31430" }, { "cve":"CVE-2026-31441", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix memory leak when a wq is reset\n\nidxd_wq_disable_cleanup() which is called from the reset path for a\nworkqueue, sets the wq type to NONE, which for other parts of the\ndriver mean that the wq is empty (all its resources were released).\n\nOnly set the wq type to NONE after its resources are released.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31441" }, { "cve":"CVE-2026-31442", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's possible for a invalid memory\naccess to happen.\n\nAlways set the deallocated scratch area to NULL after FLR completes.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31442" }, { "cve":"CVE-2026-31446", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free in update_super_work when racing with umount\n\nCommit b98535d09179 (\"ext4: fix bug_on in start_this_handle during umount\nfilesystem\") moved ext4_unregister_sysfs() before flushing s_sb_upd_work\nto prevent new error work from being queued via /proc/fs/ext4/xx/mb_groups\nreads during unmount. However, this introduced a use-after-free because\nupdate_super_work calls ext4_notify_error_sysfs() -> sysfs_notify() which\naccesses the kobject's kernfs_node after it has been freed by kobject_del()\nin ext4_unregister_sysfs():\n\n update_super_work ext4_put_super\n ----------------- --------------\n ext4_unregister_sysfs(sb)\n kobject_del(&sbi->s_kobj)\n __kobject_del()\n sysfs_remove_dir()\n kobj->sd = NULL\n sysfs_put(sd)\n kernfs_put() // RCU free\n ext4_notify_error_sysfs(sbi)\n sysfs_notify(&sbi->s_kobj)\n kn = kobj->sd // stale pointer\n kernfs_get(kn) // UAF on freed kernfs_node\n ext4_journal_destroy()\n flush_work(&sbi->s_sb_upd_work)\n\nInstead of reordering the teardown sequence, fix this by making\next4_notify_error_sysfs() detect that sysfs has already been torn down\nby checking s_kobj.state_in_sysfs, and skipping the sysfs_notify() call\nin that case. A dedicated mutex (s_error_notify_mutex) serializes\next4_notify_error_sysfs() against kobject_del() in ext4_unregister_sysfs()\nto prevent TOCTOU races where the kobject could be deleted between the\nstate_in_sysfs check and the sysfs_notify() call.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31446" }, { "cve":"CVE-2026-31449", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: validate p_idx bounds in ext4_ext_correct_indexes\n\next4_ext_correct_indexes() walks up the extent tree correcting\nindex entries when the first extent in a leaf is modified. Before\naccessing path[k].p_idx->ei_block, there is no validation that\np_idx falls within the valid range of index entries for that\nlevel.\n\nIf the on-disk extent header contains a corrupted or crafted\neh_entries value, p_idx can point past the end of the allocated\nbuffer, causing a slab-out-of-bounds read.\n\nFix this by validating path[k].p_idx against EXT_LAST_INDEX() at\nboth access sites: before the while loop and inside it. Return\n-EFSCORRUPTED if the index pointer is out of range, consistent\nwith how other bounds violations are handled in the ext4 extent\ntree code.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31449" }, { "cve":"CVE-2026-31450", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: publish jinode after initialization\n\next4_inode_attach_jinode() publishes ei->jinode to concurrent users.\nIt used to set ei->jinode before jbd2_journal_init_jbd_inode(),\nallowing a reader to observe a non-NULL jinode with i_vfs_inode\nstill unset.\n\nThe fast commit flush path can then pass this jinode to\njbd2_wait_inode_data(), which dereferences i_vfs_inode->i_mapping and\nmay crash.\n\nBelow is the crash I observe:\n```\nBUG: unable to handle page fault for address: 000000010beb47f4\nPGD 110e51067 P4D 110e51067 PUD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 1 UID: 0 PID: 4850 Comm: fc_fsync_bench_ Not tainted 6.18.0-00764-g795a690c06a5 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.17.0-2-2 04/01/2014\nRIP: 0010:xas_find_marked+0x3d/0x2e0\nCode: e0 03 48 83 f8 02 0f 84 f0 01 00 00 48 8b 47 08 48 89 c3 48 39 c6 0f 82 fd 01 00 00 48 85 c9 74 3d 48 83 f9 03 77 63 4c 8b 0f <49> 8b 71 08 48 c7 47 18 00 00 00 00 48 89 f1 83 e1 03 48 83 f9 02\nRSP: 0018:ffffbbee806e7bf0 EFLAGS: 00010246\nRAX: 000000000010beb4 RBX: 000000000010beb4 RCX: 0000000000000003\nRDX: 0000000000000001 RSI: 0000002000300000 RDI: ffffbbee806e7c10\nRBP: 0000000000000001 R08: 0000002000300000 R09: 000000010beb47ec\nR10: ffff9ea494590090 R11: 0000000000000000 R12: 0000002000300000\nR13: ffffbbee806e7c90 R14: ffff9ea494513788 R15: ffffbbee806e7c88\nFS: 00007fc2f9e3e6c0(0000) GS:ffff9ea6b1444000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000010beb47f4 CR3: 0000000119ac5000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n\nfilemap_get_folios_tag+0x87/0x2a0\n__filemap_fdatawait_range+0x5f/0xd0\n? srso_alias_return_thunk+0x5/0xfbef5\n? __schedule+0x3e7/0x10c0\n? srso_alias_return_thunk+0x5/0xfbef5\n? srso_alias_return_thunk+0x5/0xfbef5\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\n? srso_alias_return_thunk+0x5/0xfbef5\n? cap_safe_nice+0x37/0x70\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\n? srso_alias_return_thunk+0x5/0xfbef5\nfilemap_fdatawait_range_keep_errors+0x12/0x40\next4_fc_commit+0x697/0x8b0\n? ext4_file_write_iter+0x64b/0x950\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\n? srso_alias_return_thunk+0x5/0xfbef5\n? vfs_write+0x356/0x480\n? srso_alias_return_thunk+0x5/0xfbef5\n? preempt_count_sub+0x5f/0x80\next4_sync_file+0xf7/0x370\ndo_fsync+0x3b/0x80\n? syscall_trace_enter+0x108/0x1d0\n__x64_sys_fdatasync+0x16/0x20\ndo_syscall_64+0x62/0x2c0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n...\n```\n\nFix this by initializing the jbd2_inode first.\nUse smp_wmb() and WRITE_ONCE() to publish ei->jinode after\ninitialization. Readers use READ_ONCE() to fetch the pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31450" }, { "cve":"CVE-2026-31451", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running while properly reporting the filesystem corruption.\n\nThe error is logged via ext4_error_inode(), the buffer head is released\nto prevent memory leak, and -EFSCORRUPTED is returned to indicate\nfilesystem corruption.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31451" }, { "cve":"CVE-2026-31452", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: convert inline data to extents when truncate exceeds inline size\n\nAdd a check in ext4_setattr() to convert files from inline data storage\nto extent-based storage when truncate() grows the file size beyond the\ninline capacity. This prevents the filesystem from entering an\ninconsistent state where the inline data flag is set but the file size\nexceeds what can be stored inline.\n\nWithout this fix, the following sequence causes a kernel BUG_ON():\n\n1. Mount filesystem with inode that has inline flag set and small size\n2. truncate(file, 50MB) - grows size but inline flag remains set\n3. sendfile() attempts to write data\n4. ext4_write_inline_data() hits BUG_ON(write_size > inline_capacity)\n\nThe crash occurs because ext4_write_inline_data() expects inline storage\nto accommodate the write, but the actual inline capacity (~60 bytes for\ni_block + ~96 bytes for xattrs) is far smaller than the file size and\nwrite request.\n\nThe fix checks if the new size from setattr exceeds the inode's actual\ninline capacity (EXT4_I(inode)->i_inline_size) and converts the file to\nextent-based storage before proceeding with the size change.\n\nThis addresses the root cause by ensuring the inline data flag and file\nsize remain consistent during truncate operations.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31452" }, { "cve":"CVE-2026-31467", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: add GFP_NOIO in the bio completion if needed\n\nThe bio completion path in the process context (e.g. dm-verity)\nwill directly call into decompression rather than trigger another\nworkqueue context for minimal scheduling latencies, which can\nthen call vm_map_ram() with GFP_KERNEL.\n\nDue to insufficient memory, vm_map_ram() may generate memory\nswapping I/O, which can cause submit_bio_wait to deadlock\nin some scenarios.\n\nTrimmed down the call stack, as follows:\n\nf2fs_submit_read_io\n submit_bio //bio_list is initialized.\n mmc_blk_mq_recovery\n z_erofs_endio\n vm_map_ram\n __pte_alloc_kernel\n __alloc_pages_direct_reclaim\n shrink_folio_list\n __swap_writepage\n submit_bio_wait //bio_list is non-NULL, hang!!!\n\nUse memalloc_noio_{save,restore}() to wrap up this path.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31467" }, { "cve":"CVE-2026-31469", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false\n\nA UAF issue occurs when the virtio_net driver is configured with napi_tx=N\nand the device's IFF_XMIT_DST_RELEASE flag is cleared\n(e.g., during the configuration of tc route filter rules).\n\nWhen IFF_XMIT_DST_RELEASE is removed from the net_device, the network stack\nexpects the driver to hold the reference to skb->dst until the packet\nis fully transmitted and freed. In virtio_net with napi_tx=N,\nskbs may remain in the virtio transmit ring for an extended period.\n\nIf the network namespace is destroyed while these skbs are still pending,\nthe corresponding dst_ops structure has freed. When a subsequent packet\nis transmitted, free_old_xmit() is triggered to clean up old skbs.\nIt then calls dst_release() on the skb associated with the stale dst_entry.\nSince the dst_ops (referenced by the dst_entry) has already been freed,\na UAF kernel paging request occurs.\n\nfix it by adds skb_dst_drop(skb) in start_xmit to explicitly release\nthe dst reference before the skb is queued in virtio_net.\n\nCall Trace:\n Unable to handle kernel paging request at virtual address ffff80007e150000\n CPU: 2 UID: 0 PID: 6236 Comm: ping Kdump: loaded Not tainted 7.0.0-rc1+ #6 PREEMPT\n ...\n percpu_counter_add_batch+0x3c/0x158 lib/percpu_counter.c:98 (P)\n dst_release+0xe0/0x110 net/core/dst.c:177\n skb_release_head_state+0xe8/0x108 net/core/skbuff.c:1177\n sk_skb_reason_drop+0x54/0x2d8 net/core/skbuff.c:1255\n dev_kfree_skb_any_reason+0x64/0x78 net/core/dev.c:3469\n napi_consume_skb+0x1c4/0x3a0 net/core/skbuff.c:1527\n __free_old_xmit+0x164/0x230 drivers/net/virtio_net.c:611 [virtio_net]\n free_old_xmit drivers/net/virtio_net.c:1081 [virtio_net]\n start_xmit+0x7c/0x530 drivers/net/virtio_net.c:3329 [virtio_net]\n ...\n\nReproduction Steps:\nNETDEV=\"enp3s0\"\n\nconfig_qdisc_route_filter() {\n tc qdisc del dev $NETDEV root\n tc qdisc add dev $NETDEV root handle 1: prio\n tc filter add dev $NETDEV parent 1:0 \\\n\tprotocol ip prio 100 route to 100 flowid 1:1\n ip route add 192.168.1.100/32 dev $NETDEV realm 100\n}\n\ntest_ns() {\n ip netns add testns\n ip link set $NETDEV netns testns\n ip netns exec testns ifconfig $NETDEV 10.0.32.46/24\n ip netns exec testns ping -c 1 10.0.32.1\n ip netns del testns\n}\n\nconfig_qdisc_route_filter\n\ntest_ns\nsleep 2\ntest_ns", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31469" }, { "cve":"CVE-2026-31487", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]\n\nAlso note that we do not enable the driver_override feature of struct\nbus_type, as SPI - in contrast to most other buses - passes \"\" to\nsysfs_emit() when the driver_override pointer is NULL. Thus, printing\n\"\\n\" instead of \"(null)\\n\".", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31487" }, { "cve":"CVE-2026-31495", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use netlink policy range checks\n\nReplace manual range and mask validations with netlink policy\nannotations in ctnetlink code paths, so that the netlink core rejects\ninvalid values early and can generate extack errors.\n\n- CTA_PROTOINFO_TCP_STATE: reject values > TCP_CONNTRACK_SYN_SENT2 at\n policy level, removing the manual >= TCP_CONNTRACK_MAX check.\n- CTA_PROTOINFO_TCP_WSCALE_ORIGINAL/REPLY: reject values > TCP_MAX_WSCALE\n (14). The normal TCP option parsing path already clamps to this value,\n but the ctnetlink path accepted 0-255, causing undefined behavior when\n used as a u32 shift count.\n- CTA_FILTER_ORIG_FLAGS/REPLY_FLAGS: use NLA_POLICY_MASK with\n CTA_FILTER_F_ALL, removing the manual mask checks.\n- CTA_EXPECT_FLAGS: use NLA_POLICY_MASK with NF_CT_EXPECT_MASK, adding\n a new mask define grouping all valid expect flags.\n\nExtracted from a broader nf-next patch by Florian Westphal, scoped to\nctnetlink for the fixes tree.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31495" }, { "cve":"CVE-2026-31496", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: skip expectations in other netns via proc\n\nSkip expectations that do not reside in this netns.\n\nSimilar to e77e6ff502ea (\"netfilter: conntrack: do not dump other netns's\nconntrack entries via proc\").", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31496" }, { "cve":"CVE-2026-31498", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop\n\nl2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED\nstate to support L2CAP reconfiguration (e.g. MTU changes). However,\nsince both CONF_INPUT_DONE and CONF_OUTPUT_DONE are already set from\nthe initial configuration, the reconfiguration path falls through to\nl2cap_ertm_init(), which re-initializes tx_q, srej_q, srej_list, and\nretrans_list without freeing the previous allocations and sets\nchan->sdu to NULL without freeing the existing skb. This leaks all\npreviously allocated ERTM resources.\n\nAdditionally, l2cap_parse_conf_req() does not validate the minimum\nvalue of remote_mps derived from the RFC max_pdu_size option. A zero\nvalue propagates to l2cap_segment_sdu() where pdu_len becomes zero,\ncausing the while loop to never terminate since len is never\ndecremented, exhausting all available memory.\n\nFix the double-init by skipping l2cap_ertm_init() and\nl2cap_chan_ready() when the channel is already in BT_CONNECTED state,\nwhile still allowing the reconfiguration parameters to be updated\nthrough l2cap_parse_conf_req(). Also add a pdu_len zero check in\nl2cap_segment_sdu() as a safeguard.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31498" }, { "cve":"CVE-2026-31499", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix deadlock in l2cap_conn_del()\n\nl2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer\nand id_addr_timer while holding conn->lock. However, the work functions\nl2cap_info_timeout() and l2cap_conn_update_id_addr() both acquire\nconn->lock, creating a potential AB-BA deadlock if the work is already\nexecuting when l2cap_conn_del() takes the lock.\n\nMove the work cancellations before acquiring conn->lock and use\ndisable_delayed_work_sync() to additionally prevent the works from\nbeing rearmed after cancellation, consistent with the pattern used in\nhci_conn_del().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31499" }, { "cve":"CVE-2026-31505", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix out-of-bounds writes in iavf_get_ethtool_stats()\n\niavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the\nvalue could change in runtime, we should use num_tx_queues instead.\n\nMoreover iavf_get_ethtool_stats() uses num_active_queues while\niavf_get_sset_count() and iavf_get_stat_strings() use\nreal_num_tx_queues, which triggers out-of-bounds writes when we do\n\"ethtool -L\" and \"ethtool -S\" simultaneously [1].\n\nFor example when we change channels from 1 to 8, Thread 3 could be\nscheduled before Thread 2, and out-of-bounds writes could be triggered\nin Thread 3:\n\nThread 1 (ethtool -L) Thread 2 (work) Thread 3 (ethtool -S)\niavf_set_channels()\n...\niavf_alloc_queues()\n-> num_active_queues = 8\niavf_schedule_finish_config()\n iavf_get_sset_count()\n real_num_tx_queues: 1\n -> buffer for 1 queue\n iavf_get_ethtool_stats()\n num_active_queues: 8\n -> out-of-bounds!\n iavf_finish_config()\n -> real_num_tx_queues = 8\n\nUse immutable num_tx_queues in all related functions to avoid the issue.\n\n[1]\n BUG: KASAN: vmalloc-out-of-bounds in iavf_add_one_ethtool_stat+0x200/0x270\n Write of size 8 at addr ffffc900031c9080 by task ethtool/5800\n\n CPU: 1 UID: 0 PID: 5800 Comm: ethtool Not tainted 6.19.0-enjuk-08403-g8137e3db7f1c #241 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x6f/0xb0\n print_report+0x170/0x4f3\n kasan_report+0xe1/0x180\n iavf_add_one_ethtool_stat+0x200/0x270\n iavf_get_ethtool_stats+0x14c/0x2e0\n __dev_ethtool+0x3d0c/0x5830\n dev_ethtool+0x12d/0x270\n dev_ioctl+0x53c/0xe30\n sock_do_ioctl+0x1a9/0x270\n sock_ioctl+0x3d4/0x5e0\n __x64_sys_ioctl+0x137/0x1c0\n do_syscall_64+0xf3/0x690\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7da0e6e36d\n ...\n \n\n The buggy address belongs to a 1-page vmalloc region starting at 0xffffc900031c9000 allocated at __dev_ethtool+0x3cc9/0x5830\n The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000\n index:0xffff88813a013de0 pfn:0x13a013\n flags: 0x200000000000000(node=0|zone=2)\n raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000\n raw: ffff88813a013de0 0000000000000000 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffffc900031c8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900031c9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffffc900031c9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900031c9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900031c9180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31505" }, { "cve":"CVE-2026-31510", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025\n Workqueue: events l2cap_info_timeout\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n veth0_macvtap: entered promiscuous mode\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS: 0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Call Trace:\n \n __kasan_check_byte+0x12/0x40\n lock_acquire+0x79/0x2e0\n lock_sock_nested+0x48/0x100\n ? l2cap_sock_ready_cb+0x46/0x160\n l2cap_sock_ready_cb+0x46/0x160\n l2cap_conn_start+0x779/0xff0\n ? __pfx_l2cap_conn_start+0x10/0x10\n ? l2cap_info_timeout+0x60/0xa0\n ? __pfx___mutex_lock+0x10/0x10\n l2cap_info_timeout+0x68/0xa0\n ? process_scheduled_works+0xa8d/0x18c0\n process_scheduled_works+0xb6e/0x18c0\n ? __pfx_process_scheduled_works+0x10/0x10\n ? assign_work+0x3d5/0x5e0\n worker_thread+0xa53/0xfc0\n kthread+0x388/0x470\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x51e/0xb90\n ? __pfx_ret_from_fork+0x10/0x10\n veth1_macvtap: entered promiscuous mode\n ? __switch_to+0xc7d/0x1450\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n batman_adv: batadv0: Interface activated: batadv_slave_0\n batman_adv: batadv0: Interface activated: batadv_slave_1\n netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS: 0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31510" }, { "cve":"CVE-2026-31511", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete\n\nThis fixes the condition checking so mgmt_pending_valid is executed\nwhenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd)\nwould kfree(cmd) without unlinking it from the list first, leaving a\ndangling pointer. Any subsequent list traversal (e.g.,\nmgmt_pending_foreach during __mgmt_power_off, or another\nmgmt_pending_valid call) would dereference freed memory.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31511" }, { "cve":"CVE-2026-31512", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()\n\nl2cap_ecred_data_rcv() reads the SDU length field from skb->data using\nget_unaligned_le16() without first verifying that skb contains at least\nL2CAP_SDULEN_SIZE (2) bytes. When skb->len is less than 2, this reads\npast the valid data in the skb.\n\nThe ERTM reassembly path correctly calls pskb_may_pull() before reading\nthe SDU length (l2cap_reassemble_sdu, L2CAP_SAR_START case). Apply the\nsame validation to the Enhanced Credit Based Flow Control data path.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31512" }, { "cve":"CVE-2026-31516", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: prevent policy_hthresh.work from racing with netns teardown\n\nA XFRM_MSG_NEWSPDINFO request can queue the per-net work item\npolicy_hthresh.work onto the system workqueue.\n\nThe queued callback, xfrm_hash_rebuild(), retrieves the enclosing\nstruct net via container_of(). If the net namespace is torn down\nbefore that work runs, the associated struct net may already have\nbeen freed, and xfrm_hash_rebuild() may then dereference stale memory.\n\nxfrm_policy_fini() already flushes policy_hash_work during teardown,\nbut it does not synchronize policy_hthresh.work.\n\nSynchronize policy_hthresh.work in xfrm_policy_fini() as well, so the\nqueued work cannot outlive the net namespace teardown and access a\nfreed struct net.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31516" }, { "cve":"CVE-2026-31518", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nesp: fix skb leak with espintcp and async crypto\n\nWhen the TX queue for espintcp is full, esp_output_tail_tcp will\nreturn an error and not free the skb, because with synchronous crypto,\nthe common xfrm output code will drop the packet for us.\n\nWith async crypto (esp_output_done), we need to drop the skb when\nesp_output_tail_tcp returns an error.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31518" }, { "cve":"CVE-2026-31525", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN\n\nThe BPF interpreter's signed 32-bit division and modulo handlers use\nthe kernel abs() macro on s32 operands. The abs() macro documentation\n(include/linux/math.h) explicitly states the result is undefined when\nthe input is the type minimum. When DST contains S32_MIN (0x80000000),\nabs((s32)DST) triggers undefined behavior and returns S32_MIN unchanged\non arm64/x86. This value is then sign-extended to u64 as\n0xFFFFFFFF80000000, causing do_div() to compute the wrong result.\n\nThe verifier's abstract interpretation (scalar32_min_max_sdiv) computes\nthe mathematically correct result for range tracking, creating a\nverifier/interpreter mismatch that can be exploited for out-of-bounds\nmap value access.\n\nIntroduce abs_s32() which handles S32_MIN correctly by casting to u32\nbefore negating, avoiding signed overflow entirely. Replace all 8\nabs((s32)...) call sites in the interpreter's sdiv32/smod32 handlers.\n\ns32 is the only affected case -- the s64 division/modulo handlers do\nnot use abs().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31525" }, { "cve":"CVE-2026-31528", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Make sure to use pmu_ctx->pmu for groups\n\nOliver reported that x86_pmu_del() ended up doing an out-of-bound memory access\nwhen group_sched_in() fails and needs to roll back.\n\nThis *should* be handled by the transaction callbacks, but he found that when\nthe group leader is a software event, the transaction handlers of the wrong PMU\nare used. Despite the move_group case in perf_event_open() and group_sched_in()\nusing pmu_ctx->pmu.\n\nTurns out, inherit uses event->pmu to clone the events, effectively undoing the\nmove_group case for all inherited contexts. Fix this by also making inherit use\npmu_ctx->pmu, ensuring all inherited counters end up in the same pmu context.\n\nSimilarly, __perf_event_read() should use equally use pmu_ctx->pmu for the\ngroup case.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31528" }, { "cve":"CVE-2026-31531", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()\n\nWhen querying a nexthop object via RTM_GETNEXTHOP, the kernel currently\nallocates a fixed-size skb using NLMSG_GOODSIZE. While sufficient for\nsingle nexthops and small Equal-Cost Multi-Path groups, this fixed\nallocation fails for large nexthop groups like 512 nexthops.\n\nThis results in the following warning splat:\n\n WARNING: net/ipv4/nexthop.c:3395 at rtm_get_nexthop+0x176/0x1c0, CPU#20: rep/4608\n [...]\n RIP: 0010:rtm_get_nexthop (net/ipv4/nexthop.c:3395)\n [...]\n Call Trace:\n \n rtnetlink_rcv_msg (net/core/rtnetlink.c:6989)\n netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\n netlink_sendmsg (net/netlink/af_netlink.c:1894)\n ____sys_sendmsg (net/socket.c:721 net/socket.c:736 net/socket.c:2585)\n ___sys_sendmsg (net/socket.c:2641)\n __sys_sendmsg (net/socket.c:2671)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \n\nFix this by allocating the size dynamically using nh_nlmsg_size() and\nusing nlmsg_new(), this is consistent with nexthop_notify() behavior. In\naddition, adjust nh_nlmsg_size_grp() so it calculates the size needed\nbased on flags passed. While at it, also add the size of NHA_FDB for\nnexthop group size calculation as it was missing too.\n\nThis cannot be reproduced via iproute2 as the group size is currently\nlimited and the command fails as follows:\n\naddattr_l ERROR: message exceeded bound of 1048", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31531" }, { "cve":"CVE-2026-31532", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: raw: fix ro->uniq use-after-free in raw_rcv()\n\nraw_release() unregisters raw CAN receive filters via can_rx_unregister(),\nbut receiver deletion is deferred with call_rcu(). This leaves a window\nwhere raw_rcv() may still be running in an RCU read-side critical section\nafter raw_release() frees ro->uniq, leading to a use-after-free of the\npercpu uniq storage.\n\nMove free_percpu(ro->uniq) out of raw_release() and into a raw-specific\nsocket destructor. can_rx_unregister() takes an extra reference to the\nsocket and only drops it from the RCU callback, so freeing uniq from\nsk_destruct ensures the percpu area is not released until the relevant\ncallbacks have drained.\n\n[mkl: applied manually]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31532" }, { "cve":"CVE-2026-31533", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix use-after-free in -EBUSY error path of tls_do_encryption\n\nThe -EBUSY handling in tls_do_encryption(), introduced by commit\n859054147318 (\"net: tls: handle backlogging of crypto requests\"), has\na use-after-free due to double cleanup of encrypt_pending and the\nscatterlist entry.\n\nWhen crypto_aead_encrypt() returns -EBUSY, the request is enqueued to\nthe cryptd backlog and the async callback tls_encrypt_done() will be\ninvoked upon completion. That callback unconditionally restores the\nscatterlist entry (sge->offset, sge->length) and decrements\nctx->encrypt_pending. However, if tls_encrypt_async_wait() returns an\nerror, the synchronous error path in tls_do_encryption() performs the\nsame cleanup again, double-decrementing encrypt_pending and\ndouble-restoring the scatterlist.\n\nThe double-decrement corrupts the encrypt_pending sentinel (initialized\nto 1), making tls_encrypt_async_wait() permanently skip the wait for\npending async callbacks. A subsequent sendmsg can then free the\ntls_rec via bpf_exec_tx_verdict() while a cryptd callback is still\npending, resulting in a use-after-free when the callback fires on the\nfreed record.\n\nFix this by skipping the synchronous cleanup when the -EBUSY async\nwait returns an error, since the callback has already handled\nencrypt_pending and sge restoration.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-31533" }, { "cve":"CVE-2026-31540", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Check set_default_submission() before deferencing\n\nWhen the i915 driver firmware binaries are not present, the\nset_default_submission pointer is not set. This pointer is\ndereferenced during suspend anyways.\n\nAdd a check to make sure it is set before dereferencing.\n\n[ 23.289926] PM: suspend entry (deep)\n[ 23.293558] Filesystems sync: 0.000 seconds\n[ 23.298010] Freezing user space processes\n[ 23.302771] Freezing user space processes completed (elapsed 0.000 seconds)\n[ 23.309766] OOM killer disabled.\n[ 23.313027] Freezing remaining freezable tasks\n[ 23.318540] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)\n[ 23.342038] serial 00:05: disabled\n[ 23.345719] serial 00:02: disabled\n[ 23.349342] serial 00:01: disabled\n[ 23.353782] sd 0:0:0:0: [sda] Synchronizing SCSI cache\n[ 23.358993] sd 1:0:0:0: [sdb] Synchronizing SCSI cache\n[ 23.361635] ata1.00: Entering standby power mode\n[ 23.368863] ata2.00: Entering standby power mode\n[ 23.445187] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 23.452194] #PF: supervisor instruction fetch in kernel mode\n[ 23.457896] #PF: error_code(0x0010) - not-present page\n[ 23.463065] PGD 0 P4D 0\n[ 23.465640] Oops: Oops: 0010 [#1] SMP NOPTI\n[ 23.469869] CPU: 8 UID: 0 PID: 211 Comm: kworker/u48:18 Tainted: G S W 6.19.0-rc4-00020-gf0b9d8eb98df #10 PREEMPT(voluntary)\n[ 23.482512] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 23.496511] Workqueue: async async_run_entry_fn\n[ 23.501087] RIP: 0010:0x0\n[ 23.503755] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 23.510324] RSP: 0018:ffffb4a60065fca8 EFLAGS: 00010246\n[ 23.515592] RAX: 0000000000000000 RBX: ffff9f428290e000 RCX: 000000000000000f\n[ 23.522765] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff9f428290e000\n[ 23.529937] RBP: ffff9f4282907070 R08: ffff9f4281130428 R09: 00000000ffffffff\n[ 23.537111] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f42829070f8\n[ 23.544284] R13: ffff9f4282906028 R14: ffff9f4282900000 R15: ffff9f4282906b68\n[ 23.551457] FS: 0000000000000000(0000) GS:ffff9f466b2cf000(0000) knlGS:0000000000000000\n[ 23.559588] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 23.565365] CR2: ffffffffffffffd6 CR3: 000000031c230001 CR4: 0000000000f70ef0\n[ 23.572539] PKRU: 55555554\n[ 23.575281] Call Trace:\n[ 23.577770] \n[ 23.579905] intel_engines_reset_default_submission+0x42/0x60\n[ 23.585695] __intel_gt_unset_wedged+0x191/0x200\n[ 23.590360] intel_gt_unset_wedged+0x20/0x40\n[ 23.594675] gt_sanitize+0x15e/0x170\n[ 23.598290] i915_gem_suspend_late+0x6b/0x180\n[ 23.602692] i915_drm_suspend_late+0x35/0xf0\n[ 23.607008] ? __pfx_pci_pm_suspend_late+0x10/0x10\n[ 23.611843] dpm_run_callback+0x78/0x1c0\n[ 23.615817] device_suspend_late+0xde/0x2e0\n[ 23.620037] async_suspend_late+0x18/0x30\n[ 23.624082] async_run_entry_fn+0x25/0xa0\n[ 23.628129] process_one_work+0x15b/0x380\n[ 23.632182] worker_thread+0x2a5/0x3c0\n[ 23.635973] ? __pfx_worker_thread+0x10/0x10\n[ 23.640279] kthread+0xf6/0x1f0\n[ 23.643464] ? __pfx_kthread+0x10/0x10\n[ 23.647263] ? __pfx_kthread+0x10/0x10\n[ 23.651045] ret_from_fork+0x131/0x190\n[ 23.654837] ? __pfx_kthread+0x10/0x10\n[ 23.658634] ret_from_fork_asm+0x1a/0x30\n[ 23.662597] \n[ 23.664826] Modules linked in:\n[ 23.667914] CR2: 0000000000000000\n[ 23.671271] ------------[ cut here ]------------\n\n(cherry picked from commit daa199abc3d3d1740c9e3a2c3e9216ae5b447cad)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31540" }, { "cve":"CVE-2026-31542", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/platform/uv: Handle deconfigured sockets\n\nWhen a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes\na panic while allocating UV hub info structures.\n\nFix this by using NUMA_NO_NODE, allowing UV hub info structures to be\nallocated on valid nodes.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31542" }, { "cve":"CVE-2026-31546", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix NULL deref in bond_debug_rlb_hash_show\n\nrlb_clear_slave intentionally keeps RLB hash-table entries on\nthe rx_hashtbl_used_head list with slave set to NULL when no\nreplacement slave is available. However, bond_debug_rlb_hash_show\nvisites client_info->slave without checking if it's NULL.\n\nOther used-list iterators in bond_alb.c already handle this NULL-slave\nstate safely:\n\n- rlb_update_client returns early on !client_info->slave\n- rlb_req_update_slave_clients, rlb_clear_slave, and rlb_rebalance\ncompare slave values before visiting\n- lb_req_update_subnet_clients continues if slave is NULL\n\nThe following NULL deref crash can be trigger in\nbond_debug_rlb_hash_show:\n\n[ 1.289791] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.292058] RIP: 0010:bond_debug_rlb_hash_show (drivers/net/bonding/bond_debugfs.c:41)\n[ 1.293101] RSP: 0018:ffffc900004a7d00 EFLAGS: 00010286\n[ 1.293333] RAX: 0000000000000000 RBX: ffff888102b48200 RCX: ffff888102b48204\n[ 1.293631] RDX: ffff888102b48200 RSI: ffffffff839daad5 RDI: ffff888102815078\n[ 1.293924] RBP: ffff888102815078 R08: ffff888102b4820e R09: 0000000000000000\n[ 1.294267] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100f929c0\n[ 1.294564] R13: ffff888100f92a00 R14: 0000000000000001 R15: ffffc900004a7ed8\n[ 1.294864] FS: 0000000001395380(0000) GS:ffff888196e75000(0000) knlGS:0000000000000000\n[ 1.295239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1.295480] CR2: 0000000000000000 CR3: 0000000102adc004 CR4: 0000000000772ef0\n[ 1.295897] Call Trace:\n[ 1.296134] seq_read_iter (fs/seq_file.c:231)\n[ 1.296341] seq_read (fs/seq_file.c:164)\n[ 1.296493] full_proxy_read (fs/debugfs/file.c:378 (discriminator 1))\n[ 1.296658] vfs_read (fs/read_write.c:572)\n[ 1.296981] ksys_read (fs/read_write.c:717)\n[ 1.297132] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n[ 1.297325] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nAdd a NULL check and print \"(none)\" for entries with no assigned slave.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31546" }, { "cve":"CVE-2026-31555", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Clear stale exiting pointer in futex_lock_pi() retry path\n\nFuzzying/stressing futexes triggered:\n\n WARNING: kernel/futex/core.c:825 at wait_for_owner_exiting+0x7a/0x80, CPU#11: futex_lock_pi_s/524\n\nWhen futex_lock_pi_atomic() sees the owner is exiting, it returns -EBUSY\nand stores a refcounted task pointer in 'exiting'.\n\nAfter wait_for_owner_exiting() consumes that reference, the local pointer\nis never reset to nil. Upon a retry, if futex_lock_pi_atomic() returns a\ndifferent error, the bogus pointer is passed to wait_for_owner_exiting().\n\n CPU0\t\t\t CPU1\t\t CPU2\n futex_lock_pi(uaddr)\n // acquires the PI futex\n exit()\n futex_cleanup_begin()\n futex_state = EXITING;\n\t\t\t futex_lock_pi(uaddr)\n\t\t\t futex_lock_pi_atomic()\n\t\t\t\t attach_to_pi_owner()\n\t\t\t\t // observes EXITING\n\t\t\t\t *exiting = owner; // takes ref\n\t\t\t\t return -EBUSY\n\t\t\t wait_for_owner_exiting(-EBUSY, owner)\n\t\t\t\t put_task_struct(); // drops ref\n\t\t\t // exiting still points to owner\n\t\t\t goto retry;\n\t\t\t futex_lock_pi_atomic()\n\t\t\t\t lock_pi_update_atomic()\n\t\t\t\t cmpxchg(uaddr)\n\t\t\t\t\t*uaddr ^= WAITERS // whatever\n\t\t\t\t // value changed\n\t\t\t\t return -EAGAIN;\n\t\t\t wait_for_owner_exiting(-EAGAIN, exiting) // stale\n\t\t\t\t WARN_ON_ONCE(exiting)\n\nFix this by resetting upon retry, essentially aligning it with requeue_pi.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31555" }, { "cve":"CVE-2026-31566", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib\n\namdgpu_amdkfd_submit_ib() submits a GPU job and gets a fence\nfrom amdgpu_ib_schedule(). This fence is used to wait for job\ncompletion.\n\nCurrently, the code drops the fence reference using dma_fence_put()\nbefore calling dma_fence_wait().\n\nIf dma_fence_put() releases the last reference, the fence may be\nfreed before dma_fence_wait() is called. This can lead to a\nuse-after-free.\n\nFix this by waiting on the fence first and releasing the reference\nonly after dma_fence_wait() completes.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c:697 amdgpu_amdkfd_submit_ib() warn: passing freed memory 'f' (line 696)\n\n(cherry picked from commit 8b9e5259adc385b61a6590a13b82ae0ac2bd3482)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31566" }, { "cve":"CVE-2026-31570", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gw: fix OOB heap access in cgw_csum_crc8_rel()\n\ncgw_csum_crc8_rel() correctly computes bounds-safe indices via calc_idx():\n\n int from = calc_idx(crc8->from_idx, cf->len);\n int to = calc_idx(crc8->to_idx, cf->len);\n int res = calc_idx(crc8->result_idx, cf->len);\n\n if (from < 0 || to < 0 || res < 0)\n return;\n\nHowever, the loop and the result write then use the raw s8 fields directly\ninstead of the computed variables:\n\n for (i = crc8->from_idx; ...) /* BUG: raw negative index */\n cf->data[crc8->result_idx] = ...; /* BUG: raw negative index */\n\nWith from_idx = to_idx = result_idx = -64 on a 64-byte CAN FD frame,\ncalc_idx(-64, 64) = 0 so the guard passes, but the loop iterates with\ni = -64, reading cf->data[-64], and the write goes to cf->data[-64].\nThis write might end up to 56 (7.0-rc) or 40 (<= 6.19) bytes before the\nstart of the canfd_frame on the heap.\n\nThe companion function cgw_csum_xor_rel() uses `from`/`to`/`res`\ncorrectly throughout; fix cgw_csum_crc8_rel() to match.\n\nConfirmed with KASAN on linux-7.0-rc2:\n BUG: KASAN: slab-out-of-bounds in cgw_csum_crc8_rel+0x515/0x5b0\n Read of size 1 at addr ffff8880076619c8 by task poc_cgw_oob/62\n\nTo configure the can-gw crc8 checksums CAP_NET_ADMIN is needed.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31570" }, { "cve":"CVE-2026-31590", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION\n\nDrop the WARN in sev_pin_memory() on npages overflowing an int, as the\nWARN is comically trivially to trigger from userspace, e.g. by doing:\n\n struct kvm_enc_region range = {\n .addr = 0,\n .size = -1ul,\n };\n\n __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range);\n\nNote, the checks in sev_mem_enc_register_region() that presumably exist to\nverify the incoming address+size are completely worthless, as both \"addr\"\nand \"size\" are u64s and SEV is 64-bit only, i.e. they _can't_ be greater\nthan ULONG_MAX. That wart will be cleaned up in the near future.\n\n\tif (range->addr > ULONG_MAX || range->size > ULONG_MAX)\n\t\treturn -EINVAL;\n\nOpportunistically add a comment to explain why the code calculates the\nnumber of pages the \"hard\" way, e.g. instead of just shifting @ulen.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31590" }, { "cve":"CVE-2026-31595", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup\n\nDisable the delayed work before clearing BAR mappings and doorbells to\navoid running the handler after resources have been torn down.\n\n Unable to handle kernel paging request at virtual address ffff800083f46004\n [...]\n Internal error: Oops: 0000000096000007 [#1] SMP\n [...]\n Call trace:\n epf_ntb_cmd_handler+0x54/0x200 [pci_epf_vntb] (P)\n process_one_work+0x154/0x3b0\n worker_thread+0x2c8/0x400\n kthread+0x148/0x210\n ret_from_fork+0x10/0x20", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31595" }, { "cve":"CVE-2026-31628", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU: Fix FPDSS on Zen1\n\nZen1's hardware divider can leave, under certain circumstances, partial\nresults from previous operations. Those results can be leaked by\nanother, attacker thread.\n\nFix that with a chicken bit.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31628" }, { "cve":"CVE-2026-31630", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: proc: size address buffers for %pISpc output\n\nThe AF_RXRPC procfs helpers format local and remote socket addresses into\nfixed 50-byte stack buffers with \"%pISpc\".\n\nThat is too small for the longest current-tree IPv6-with-port form the\nformatter can produce. In lib/vsprintf.c, the compressed IPv6 path uses a\ndotted-quad tail not only for v4mapped addresses, but also for ISATAP\naddresses via ipv6_addr_is_isatap().\n\nAs a result, a case such as\n\n [ffff:ffff:ffff:ffff:0:5efe:255.255.255.255]:65535\n\nis possible with the current formatter. That is 50 visible characters, so\n51 bytes including the trailing NUL, which does not fit in the existing\nchar[50] buffers used by net/rxrpc/proc.c.\n\nSize the buffers from the formatter's maximum textual form and switch the\ncall sites to scnprintf().\n\nChanges since v1:\n- correct the changelog to cite the actual maximum current-tree case\n explicitly\n- frame the proof around the ISATAP formatting path instead of the earlier\n mapped-v4 example", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31630" }, { "cve":"CVE-2026-31651", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: vub300: fix NULL-deref on disconnect\n\nMake sure to deregister the controller before dropping the reference to\nthe driver data on disconnect to avoid NULL-pointer dereferences or\nuse-after-free.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31651" }, { "cve":"CVE-2026-31665", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: fix use-after-free in timeout object destroy\n\nnft_ct_timeout_obj_destroy() frees the timeout object with kfree()\nimmediately after nf_ct_untimeout(), without waiting for an RCU grace\nperiod. Concurrent packet processing on other CPUs may still hold\nRCU-protected references to the timeout object obtained via\nrcu_dereference() in nf_ct_timeout_data().\n\nAdd an rcu_head to struct nf_ct_timeout and use kfree_rcu() to defer\nfreeing until after an RCU grace period, matching the approach already\nused in nfnetlink_cttimeout.c.\n\nKASAN report:\n BUG: KASAN: slab-use-after-free in nf_conntrack_tcp_packet+0x1381/0x29d0\n Read of size 4 at addr ffff8881035fe19c by task exploit/80\n\n Call Trace:\n nf_conntrack_tcp_packet+0x1381/0x29d0\n nf_conntrack_in+0x612/0x8b0\n nf_hook_slow+0x70/0x100\n __ip_local_out+0x1b2/0x210\n tcp_sendmsg_locked+0x722/0x1580\n __sys_sendto+0x2d8/0x320\n\n Allocated by task 75:\n nft_ct_timeout_obj_init+0xf6/0x290\n nft_obj_init+0x107/0x1b0\n nf_tables_newobj+0x680/0x9c0\n nfnetlink_rcv_batch+0xc29/0xe00\n\n Freed by task 26:\n nft_obj_destroy+0x3f/0xa0\n nf_tables_trans_destroy_work+0x51c/0x5c0\n process_one_work+0x2c4/0x5a0", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31665" }, { "cve":"CVE-2026-31667", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - fix circular locking dependency with ff-core\n\nA lockdep circular locking dependency warning can be triggered\nreproducibly when using a force-feedback gamepad with uinput (for\nexample, playing ELDEN RING under Wine with a Flydigi Vader 5\ncontroller):\n\n ff->mutex -> udev->mutex -> input_mutex -> dev->mutex -> ff->mutex\n\nThe cycle is caused by four lock acquisition paths:\n\n1. ff upload: input_ff_upload() holds ff->mutex and calls\n uinput_dev_upload_effect() -> uinput_request_submit() ->\n uinput_request_send(), which acquires udev->mutex.\n\n2. device create: uinput_ioctl_handler() holds udev->mutex and calls\n uinput_create_device() -> input_register_device(), which acquires\n input_mutex.\n\n3. device register: input_register_device() holds input_mutex and\n calls kbd_connect() -> input_register_handle(), which acquires\n dev->mutex.\n\n4. evdev release: evdev_release() calls input_flush_device() under\n dev->mutex, which calls input_ff_flush() acquiring ff->mutex.\n\nFix this by introducing a new state_lock spinlock to protect\nudev->state and udev->dev access in uinput_request_send() instead of\nacquiring udev->mutex. The function only needs to atomically check\ndevice state and queue an input event into the ring buffer via\nuinput_dev_event() -- both operations are safe under a spinlock\n(ktime_get_ts64() and wake_up_interruptible() do not sleep). This\nbreaks the ff->mutex -> udev->mutex link since a spinlock is a leaf in\nthe lock ordering and cannot form cycles with mutexes.\n\nTo keep state transitions visible to uinput_request_send(), protect\nwrites to udev->state in uinput_create_device() and\nuinput_destroy_device() with the same state_lock spinlock.\n\nAdditionally, move init_completion(&request->done) from\nuinput_request_send() to uinput_request_submit() before\nuinput_request_reserve_slot(). Once the slot is allocated,\nuinput_flush_requests() may call complete() on it at any time from\nthe destroy path, so the completion must be initialised before the\nrequest becomes visible.\n\nLock ordering after the fix:\n\n ff->mutex -> state_lock (spinlock, leaf)\n udev->mutex -> state_lock (spinlock, leaf)\n udev->mutex -> input_mutex -> dev->mutex -> ff->mutex (no back-edge)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31667" }, { "cve":"CVE-2026-31675", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_netem: fix out-of-bounds access in packet corruption\n\nIn netem_enqueue(), the packet corruption logic uses\nget_random_u32_below(skb_headlen(skb)) to select an index for\nmodifying skb->data. When an AF_PACKET TX_RING sends fully non-linear\npackets over an IPIP tunnel, skb_headlen(skb) evaluates to 0.\n\nPassing 0 to get_random_u32_below() takes the variable-ceil slow path\nwhich returns an unconstrained 32-bit random integer. Using this\nunconstrained value as an offset into skb->data results in an\nout-of-bounds memory access.\n\nFix this by verifying skb_headlen(skb) is non-zero before attempting\nto corrupt the linear data area. Fully non-linear packets will silently\nbypass the corruption logic.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31675" }, { "cve":"CVE-2026-31677", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - limit RX SG extraction by receive buffer budget\n\nMake af_alg_get_rsgl() limit each RX scatterlist extraction to the\nremaining receive buffer budget.\n\naf_alg_get_rsgl() currently uses af_alg_readable() only as a gate\nbefore extracting data into the RX scatterlist. Limit each extraction\nto the remaining af_alg_rcvbuf(sk) budget so that receive-side\naccounting matches the amount of data attached to the request.\n\nIf skcipher cannot obtain enough RX space for at least one chunk while\nmore data remains to be processed, reject the recvmsg call instead of\nrounding the request length down to zero.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31677" }, { "cve":"CVE-2026-31678", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: defer tunnel netdev_put to RCU release\n\novs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already\ndetached the device. Dropping the netdev reference in destroy can race\nwith concurrent readers that still observe vport->dev.\n\nDo not release vport->dev in ovs_netdev_tunnel_destroy(). Instead, let\nvport_netdev_free() drop the reference from the RCU callback, matching\nthe non-tunnel destroy path and avoiding additional synchronization\nunder RTNL.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31678" }, { "cve":"CVE-2026-31684", "notes":[ { "text":"In the Linux kernel, a memory out-of-bounds access vulnerability exists in the act_csum module's tcf_csum_act() function when processing nested VLAN headers. When an skb still carries in-payload VLAN tags, the function walks nested VLAN headers directly from skb->data. The current code reads vlan->h_vlan_encapsulated_proto and then pulls VLAN_HLEN bytes without first ensuring that the full VLAN header is present in the linear area. If only part of an inner VLAN header is linearized, accessing h_vlan_encapsulated_proto reads past the linear area, and the following skb_pull(VLAN_HLEN) may violate skb invariants.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31684" }, { "cve":"CVE-2026-31685", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ip6t_eui64: reject invalid MAC header for all packets\n\n`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address\nand compares it with the low 64 bits of the IPv6 source address.\n\nThe existing guard only rejects an invalid MAC header when\n`par->fragoff != 0`. For packets with `par->fragoff == 0`, `eui64_mt6()`\ncan still reach `eth_hdr(skb)` even when the MAC header is not valid.\n\nFix this by removing the `par->fragoff != 0` condition so that packets\nwith an invalid MAC header are rejected before accessing `eth_hdr(skb)`.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-31685" }, { "cve":"CVE-2026-31689", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/mc: Fix error path ordering in edac_mc_alloc()\n\nWhen the mci->pvt_info allocation in edac_mc_alloc() fails, the error path\nwill call put_device() which will end up calling the device's release\nfunction.\n\nHowever, the init ordering is wrong such that device_initialize() happens\n*after* the failed allocation and thus the device itself and the release\nfunction pointer are not initialized yet when they're called:\n\n MCE: In-kernel MCE decoding enabled.\n ------------[ cut here ]------------\n kobject: '(null)': is not initialized, yet kobject_put() is being called.\n WARNING: lib/kobject.c:734 at kobject_put, CPU#22: systemd-udevd\n CPU: 22 UID: 0 PID: 538 Comm: systemd-udevd Not tainted 7.0.0-rc1+ #2 PREEMPT(full)\n RIP: 0010:kobject_put\n Call Trace:\n \n edac_mc_alloc+0xbe/0xe0 [edac_core]\n amd64_edac_init+0x7a4/0xff0 [amd64_edac]\n ? __pfx_amd64_edac_init+0x10/0x10 [amd64_edac]\n do_one_initcall\n ...\n\nReorder the calling sequence so that the device is initialized and thus the\nrelease function pointer is properly set before it can be used.\n\nThis was found by Claude while reviewing another EDAC patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31689" }, { "cve":"CVE-2026-31697", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy ID to userspace if PSP command failed\n\nWhen retrieving the ID for the CPU, don't attempt to copy the ID blob to\nuserspace if the firmware command failed. If the failure was due to an\ninvalid length, i.e. the userspace buffer+length was too small, copying\nthe number of bytes _firmware_ requires will overflow the kernel-allocated\nbuffer and leak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 64 at addr ffff8881867f5960 by task syz.0.906/24388\n\n CPU: 130 UID: 0 PID: 24388 Comm: syz.0.906 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.62.0-0 11/19/2025\n Call Trace:\n \n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_get_id2+0x361/0x490 ../drivers/crypto/ccp/sev-dev.c:2222\n sev_ioctl+0x25f/0x490 ../drivers/crypto/ccp/sev-dev.c:2575\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31697" }, { "cve":"CVE-2026-31698", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed\n\nWhen retrieving the PDH cert, don't attempt to copy the blobs to userspace\nif the firmware command failed. If the failure was due to an invalid\nlength, i.e. the userspace buffer+length was too small, copying the number\nof bytes _firmware_ requires will overflow the kernel-allocated buffer and\nleak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 2084 at addr ffff8885c4ab8aa0 by task syz.0.186/21033\n\n CPU: 51 UID: 0 PID: 21033 Comm: syz.0.186 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.84.12-0 11/17/2025\n Call Trace:\n \n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_pdh_export+0x3d3/0x7c0 ../drivers/crypto/ccp/sev-dev.c:2347\n sev_ioctl+0x2a2/0x490 ../drivers/crypto/ccp/sev-dev.c:2568\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31698" }, { "cve":"CVE-2026-31699", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed\n\nWhen retrieving the PEK CSR, don't attempt to copy the blob to userspace\nif the firmware command failed. If the failure was due to an invalid\nlength, i.e. the userspace buffer+length was too small, copying the number\nof bytes _firmware_ requires will overflow the kernel-allocated buffer and\nleak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 2084 at addr ffff898144612e20 by task syz.9.219/21405\n\n CPU: 14 UID: 0 PID: 21405 Comm: syz.9.219 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.62.0-0 11/19/2025\n Call Trace:\n \n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_pek_csr+0x31f/0x590 ../drivers/crypto/ccp/sev-dev.c:1872\n sev_ioctl+0x3a4/0x490 ../drivers/crypto/ccp/sev-dev.c:2562\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31699" }, { "cve":"CVE-2026-31708", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path\n\nsmb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL\nand the default QUERY_INFO path. The QUERY_INFO branch clamps\nqi.input_buffer_length to the server-reported OutputBufferLength and then\ncopies qi.input_buffer_length bytes from qi_rsp->Buffer to userspace, but\nit never verifies that the flexible-array payload actually fits within\nrsp_iov[1].iov_len.\n\nA malicious server can return OutputBufferLength larger than the actual\nQUERY_INFO response, causing copy_to_user() to walk past the response\nbuffer and expose adjacent kernel heap to userspace.\n\nGuard the QUERY_INFO copy with a bounds check on the actual Buffer\npayload. Use struct_size(qi_rsp, Buffer, qi.input_buffer_length)\nrather than an open-coded addition so the guard cannot overflow on\n32-bit builds.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31708" }, { "cve":"CVE-2026-31738", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: validate ND option lengths in vxlan_na_create\n\nvxlan_na_create() walks ND options according to option-provided\nlengths. A malformed option can make the parser advance beyond the\ncomputed option span or use a too-short source LLADDR option payload.\n\nValidate option lengths against the remaining NS option area before\nadvancing, and only read source LLADDR when the option is large enough\nfor an Ethernet address.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31738" }, { "cve":"CVE-2026-31752", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: br_nd_send: validate ND option lengths\n\nbr_nd_send() walks ND options according to option-provided lengths.\nA malformed option can make the parser advance beyond the computed\noption span or use a too-short source LLADDR option payload.\n\nValidate option lengths against the remaining NS option area before\nadvancing, and only read source LLADDR when the option is large enough\nfor an Ethernet address.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31752" }, { "cve":"CVE-2026-31755", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: gadget: fix NULL pointer dereference in ep_queue\n\nWhen the gadget endpoint is disabled or not yet configured, the ep->desc\npointer can be NULL. This leads to a NULL pointer dereference when\n__cdns3_gadget_ep_queue() is called, causing a kernel crash.\n\nAdd a check to return -ESHUTDOWN if ep->desc is NULL, which is the\nstandard return code for unconfigured endpoints.\n\nThis prevents potential crashes when ep_queue is called on endpoints\nthat are not ready.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31755" }, { "cve":"CVE-2026-31771", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: move wake reason storage into validated event handlers\n\nhci_store_wake_reason() is called from hci_event_packet() immediately\nafter stripping the HCI event header but before hci_event_func()\nenforces the per-event minimum payload length from hci_ev_table.\nThis means a short HCI event frame can reach bacpy() before any bounds\ncheck runs.\n\nRather than duplicating skb parsing and per-event length checks inside\nhci_store_wake_reason(), move wake-address storage into the individual\nevent handlers after their existing event-length validation has\nsucceeded. Convert hci_store_wake_reason() into a small helper that only\nstores an already-validated bdaddr while the caller holds hci_dev_lock().\nUse the same helper after hci_event_func() with a NULL address to\npreserve the existing unexpected-wake fallback semantics when no\nvalidated event handler records a wake address.\n\nAnnotate the helper with __must_hold(&hdev->lock) and add\nlockdep_assert_held(&hdev->lock) so future call paths keep the lock\ncontract explicit.\n\nCall the helper from hci_conn_request_evt(), hci_conn_complete_evt(),\nhci_sync_conn_complete_evt(), le_conn_complete_evt(),\nhci_le_adv_report_evt(), hci_le_ext_adv_report_evt(),\nhci_le_direct_adv_report_evt(), hci_le_pa_sync_established_evt(), and\nhci_le_past_received_evt().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31771" }, { "cve":"CVE-2026-31773", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SMP: derive legacy responder STK authentication from MITM state\n\nThe legacy responder path in smp_random() currently labels the stored\nSTK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH.\nThat reflects what the local service requested, not what the pairing\nflow actually achieved.\n\nFor Just Works/Confirm legacy pairing, SMP_FLAG_MITM_AUTH stays clear\nand the resulting STK should remain unauthenticated even if the local\nside requested HIGH security. Use the established MITM state when\nstoring the responder STK so the key metadata matches the pairing result.\n\nThis also keeps the legacy path aligned with the Secure Connections code,\nwhich already treats JUST_WORKS/JUST_CFM as unauthenticated.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31773" }, { "cve":"CVE-2026-31779", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()\n\nThe memcpy function assumes the dynamic array notif->matches is at least\nas large as the number of bytes to copy. Otherwise, results->matches may\ncontain unwanted data. To guarantee safety, extend the validation in one\nof the checks to ensure sufficient packet length.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-31779" }, { "cve":"CVE-2026-31781", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ioc32: stop speculation on the drm_compat_ioctl path\n\nThe drm compat ioctl path takes a user controlled pointer, and then\ndereferences it into a table of function pointers, the signature method\nof spectre problems. Fix this up by calling array_index_nospec() on the\nindex to the function pointer list.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-31781" }, { "cve":"CVE-2026-43020", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: validate LTK enc_size on load\n\nLoad Long Term Keys stores the user-provided enc_size and later uses\nit to size fixed-size stack operations when replying to LE LTK\nrequests. An enc_size larger than the 16-byte key buffer can therefore\noverflow the reply stack buffer.\n\nReject oversized enc_size values while validating the management LTK\nrecord so invalid keys never reach the stored key state.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43020" }, { "cve":"CVE-2026-43036", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use skb_header_pointer() for TCPv4 GSO frag_off check\n\nSyzbot reported a KMSAN uninit-value warning in gso_features_check()\ncalled from netif_skb_features() [1].\n\ngso_features_check() reads iph->frag_off to decide whether to clear\nmangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr()\ncan rely on skb header offsets that are not always safe for direct\ndereference on packets injected from PF_PACKET paths.\n\nUse skb_header_pointer() for the TCPv4 frag_off check so the header read\nis robust whether data is already linear or needs copying.\n\n[1] https://syzkaller.appspot.com/bug?extid=1543a7d954d9c6d00407", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43036" }, { "cve":"CVE-2026-43040", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak\n\nWhen processing Router Advertisements with user options the kernel\nbuilds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct\nhas three padding fields that are never zeroed and can leak kernel data\n\nThe fix is simple, just zeroes the padding fields.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43040" }, { "cve":"CVE-2026-43043", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af-alg - fix NULL pointer dereference in scatterwalk\n\nThe AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)\nwhen chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL\nexactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent\nsendmsg() allocates a new SGL and chains it, but fails to clear the end\nmarker on the previous SGL's last data entry.\n\nThis causes the crypto scatterwalk to hit a premature end, returning NULL\non sg_next() and leading to a kernel panic during dereference.\n\nFix this by explicitly unmarking the end of the previous SGL when\nperforming sg_chain() in af_alg_alloc_tsgl().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43043" }, { "cve":"CVE-2026-43061", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Fix TX deadlock when using DMA\n\n`dmaengine_terminate_async` does not guarantee that the\n`__dma_tx_complete` callback will run. The callback is currently the\nonly place where `dma->tx_running` gets cleared. If the transaction is\ncanceled and the callback never runs, then `dma->tx_running` will never\nget cleared and we will never schedule new TX DMA transactions again.\n\nThis change makes it so we clear `dma->tx_running` after we terminate\nthe DMA transaction. This is \"safe\" because `serial8250_tx_dma_flush`\nis holding the UART port lock. The first thing the callback does is also\ngrab the UART port lock, so access to `dma->tx_running` is serialized.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43061" }, { "cve":"CVE-2026-43064", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix not releasing workqueue on .release()\n\nThe workqueue associated with an DSA/IAA device is not released when\nthe object is freed.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43064" }, { "cve":"CVE-2026-43079", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Skip discovery table for offline dies\n\nThis warning can be triggered if NUMA is disabled and the system\nboots with fewer CPUs than the number of CPUs in die 0.\n\nWARNING: CPU: 9 PID: 7257 at uncore.c:1157 uncore_pci_pmu_register+0x136/0x160 [intel_uncore]\n\nCurrently, the discovery table continues to be parsed even if all CPUs\nin the associated die are offline. This can lead to an array overflow\nat \"pmu->boxes[die] = box\" in uncore_pci_pmu_register(), which may\ntrigger the warning above or cause other issues.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43079" }, { "cve":"CVE-2026-43099", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: fix null-ptr-deref in icmp_build_probe()\n\nipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the\nIPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing\nthis error pointer to dev_hold() will cause a kernel crash with\nnull-ptr-deref.\n\nInstead, silently discard the request. RFC 8335 does not appear to\ndefine a specific response for the case where an IPv6 interface\nidentifier is syntactically valid but the implementation cannot perform\nthe lookup at runtime, and silently dropping the request may safer than\nmisreporting \"No Such Interface\".", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43099" }, { "cve":"CVE-2026-43148", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/smp: Add check for kcalloc() failure in parse_thread_groups()\n\nAs kcalloc() may fail, check its return value to avoid a NULL pointer\ndereference when passing it to of_property_read_u32_array().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43148" }, { "cve":"CVE-2026-43156", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: enable basic endpoint checking\n\npegasus_probe() fills URBs with hardcoded endpoint pipes without\nverifying the endpoint descriptors:\n\n - usb_rcvbulkpipe(dev, 1) for RX data\n - usb_sndbulkpipe(dev, 2) for TX data\n - usb_rcvintpipe(dev, 3) for status interrupts\n\nA malformed USB device can present these endpoints with transfer types\nthat differ from what the driver assumes.\n\nAdd a pegasus_usb_ep enum for endpoint numbers, replacing magic\nconstants throughout. Add usb_check_bulk_endpoints() and\nusb_check_int_endpoints() calls before any resource allocation to\nverify endpoint types before use, rejecting devices with mismatched\ndescriptors at probe time, and avoid triggering assertion.\n\nSimilar fix to\n- commit 90b7f2961798 (\"net: usb: rtl8150: enable basic endpoint checking\")\n- commit 9e7021d2aeae (\"net: usb: catc: enable basic endpoint checking\")", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43156" }, { "cve":"CVE-2026-43163", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/bitmap: fix GPF in write_page caused by resize race\n\nA General Protection Fault occurs in write_page() during array resize:\nRIP: 0010:write_page+0x22b/0x3c0 [md_mod]\n\nThis is a use-after-free race between bitmap_daemon_work() and\n__bitmap_resize(). The daemon iterates over `bitmap->storage.filemap`\nwithout locking, while the resize path frees that storage via\nmd_bitmap_file_unmap(). `quiesce()` does not stop the md thread,\nallowing concurrent access to freed pages.\n\nFix by holding `mddev->bitmap_info.mutex` during the bitmap update.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43163" }, { "cve":"CVE-2026-43186", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()\n\nOn the receive path, __ioam6_fill_trace_data() uses trace->nodelen\nto decide how much data to write for each node. It trusts this field\nas-is from the incoming packet, with no consistency check against\ntrace->type (the 24-bit field that tells which data items are\npresent). A crafted packet can set nodelen=0 while setting type bits\n0-21, causing the function to write ~100 bytes past the allocated\nregion (into skb_shared_info), which corrupts adjacent heap memory\nand leads to a kernel panic.\n\nAdd a shared helper ioam6_trace_compute_nodelen() in ioam6.c to\nderive the expected nodelen from the type field, and use it:\n\n - in ioam6_iptunnel.c (send path, existing validation) to replace\n the open-coded computation;\n - in exthdrs.c (receive path, ipv6_hop_ioam) to drop packets whose\n nodelen is inconsistent with the type field, before any data is\n written.\n\nPer RFC 9197, bits 12-21 are each short (4-octet) fields, so they\nare included in IOAM6_MASK_SHORT_FIELDS (changed from 0xff100000 to\n0xff1ffc00).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-43186" }, { "cve":"CVE-2026-43212", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE\n\nThe arch definition of cpumask_of_node() cannot handle NUMA_NO_NODE -\nwhich is a valid index - so add a check for this.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43212" }, { "cve":"CVE-2026-43240", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: add a sanity check on previous kernel's ima kexec buffer\n\nWhen the second-stage kernel is booted via kexec with a limiting command\nline such as \"mem=\", the physical range that contains the carried\nover IMA measurement list may fall outside the truncated RAM leading to a\nkernel panic.\n\n BUG: unable to handle page fault for address: ffff97793ff47000\n RIP: ima_restore_measurement_list+0xdc/0x45a\n #PF: error_code(0x0000) – not-present page\n\nOther architectures already validate the range with page_is_ram(), as done\nin commit cbf9c4b9617b (\"of: check previous kernel's ima-kexec-buffer\nagainst memory bounds\") do a similar check on x86.\n\nWithout carrying the measurement list across kexec, the attestation\nwould fail.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43240" }, { "cve":"CVE-2026-43262", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: fiemap page fault fix\n\nIn gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode\nglock. This can lead to recursive glock taking if the fiemap buffer is\nmemory mapped to the same inode and accessing it triggers a page fault.\n\nFix by disabling page faults for iomap_fiemap() and faulting in the\nbuffer by hand if necessary.\n\nFixes xfstest generic/742.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43262" }, { "cve":"CVE-2026-43273", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nceph: supply snapshot context in ceph_zero_partial_object()\n\nThe ceph_zero_partial_object function was missing proper snapshot\ncontext for its OSD write operations, which could lead to data\ninconsistencies in snapshots.\n\nReproducer:\n../src/vstart.sh --new -x --localhost --bluestore\n./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a'\nmount -t ceph ", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43273" }, { "cve":"CVE-2026-43288", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: move ext4_percpu_param_init() before ext4_mb_init()\n\nWhen running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the\n`DOUBLE_CHECK` macro defined, the following panic is triggered:\n\n==================================================================\nEXT4-fs error (device vdc): ext4_validate_block_bitmap:423:\n comm mount: bg 0: bad block bitmap checksum\nBUG: unable to handle page fault for address: ff110000fa2cc000\nPGD 3e01067 P4D 3e02067 PUD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 0 UID: 0 PID: 2386 Comm: mount Tainted: G W\n 6.18.0-gba65a4e7120a-dirty #1152 PREEMPT(none)\nRIP: 0010:percpu_counter_add_batch+0x13/0xa0\nCall Trace:\n \n ext4_mark_group_bitmap_corrupted+0xcb/0xe0\n ext4_validate_block_bitmap+0x2a1/0x2f0\n ext4_read_block_bitmap+0x33/0x50\n mb_group_bb_bitmap_alloc+0x33/0x80\n ext4_mb_add_groupinfo+0x190/0x250\n ext4_mb_init_backend+0x87/0x290\n ext4_mb_init+0x456/0x640\n __ext4_fill_super+0x1072/0x1680\n ext4_fill_super+0xd3/0x280\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x29/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4f6/0x6b0\n do_syscall_64+0x50/0x1f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n==================================================================\n\nThis issue can be reproduced using the following commands:\n mkfs.ext4 -F -q -b 1024 /dev/sda 5G\n tune2fs -O quota,project /dev/sda\n mount /dev/sda /tmp/test\n\nWith DOUBLE_CHECK defined, mb_group_bb_bitmap_alloc() reads\nand validates the block bitmap. When the validation fails,\next4_mark_group_bitmap_corrupted() attempts to update\nsbi->s_freeclusters_counter. However, this percpu_counter has not been\ninitialized yet at this point, which leads to the panic described above.\n\nFix this by moving the execution of ext4_percpu_param_init() to occur\nbefore ext4_mb_init(), ensuring the per-CPU counters are initialized\nbefore they are used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43288" }, { "cve":"CVE-2026-43292", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node\n\nWhen CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during\nvmalloc cleanup triggers expensive stack unwinding that acquires RCU read\nlocks. Processing a large purge_list without rescheduling can cause the\ntask to hold CPU for extended periods (10+ seconds), leading to RCU stalls\nand potential OOM conditions.\n\nThe issue manifests in purge_vmap_node() -> kasan_release_vmalloc_node()\nwhere iterating through hundreds or thousands of vmap_area entries and\nfreeing their associated shadow pages causes:\n\n rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:\n rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6229/1:b..l\n ...\n task:kworker/0:17 state:R running task stack:28840 pid:6229\n ...\n kasan_release_vmalloc_node+0x1ba/0xad0 mm/vmalloc.c:2299\n purge_vmap_node+0x1ba/0xad0 mm/vmalloc.c:2299\n\nEach call to kasan_release_vmalloc() can free many pages, and with\npage_owner tracking, each free triggers save_stack() which performs stack\nunwinding under RCU read lock. Without yielding, this creates an\nunbounded RCU critical section.\n\nAdd periodic cond_resched() calls within the loop to allow:\n- RCU grace periods to complete\n- Other tasks to run\n- Scheduler to preempt when needed\n\nThe fix uses need_resched() for immediate response under load, with a\nbatch count of 32 as a guaranteed upper bound to prevent worst-case stalls\neven under light load.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43292" }, { "cve":"CVE-2026-43345", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipa: fix event ring index not programmed for IPA v5.0+\n\nFor IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to\nCH_C_CNTXT_1. The v5.0 register definition intended to define this\nfield in the CH_C_CNTXT_1 fmask array but used the old identifier of\nERINDEX instead of CH_ERINDEX.\n\nWithout a valid event ring, GSI channels could never signal transfer\ncompletions. This caused gsi_channel_trans_quiesce() to block\nforever in wait_for_completion().\n\nAt least for IPA v5.2 this resolves an issue seen where runtime\nsuspend, system suspend, and remoteproc stop all hanged forever. It\nalso meant the IPA data path was completely non functional.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43345" }, { "cve":"CVE-2026-43366", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: check if target buffer list is still legacy on recycle\n\nThere's a gap between when the buffer was grabbed and when it\npotentially gets recycled, where if the list is empty, someone could've\nupgraded it to a ring provided type. This can happen if the request\nis forced via io-wq. The legacy recycling is missing checking if the\nbuffer_list still exists, and if it's of the correct type. Add those\nchecks.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43366" }, { "cve":"CVE-2026-43406", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds reads in process_message_header()\n\nIf the message frame is (maliciously) corrupted in a way that the\nlength of the control segment ends up being less than the size of the\nmessage header or a different frame is made to look like a message\nframe, out-of-bounds reads may ensue in process_message_header().\n\nPerform an explicit bounds check before decoding the message header.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-43406" }, { "cve":"CVE-2026-43419", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leaks in ceph_mdsc_build_path()\n\nAdd __putname() calls to error code paths that did not free the \"path\"\npointer obtained by __getname(). If ownership of this pointer is not\npassed to the caller via path_info.path, the function must free it\nbefore returning.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43419" }, { "cve":"CVE-2026-43427", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: class: cdc-wdm: fix reordering issue in read code path\n\nQuoting the bug report:\n\nDue to compiler optimization or CPU out-of-order execution, the\ndesc->length update can be reordered before the memmove. If this\nhappens, wdm_read() can see the new length and call copy_to_user() on\nuninitialized memory. This also violates LKMM data race rules [1].\n\nFix it by using WRITE_ONCE and memory barriers.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43427" }, { "cve":"CVE-2026-43428", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Limit the length of unkillable synchronous timeouts\n\nThe usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in\nusbcore allow unlimited timeout durations. And since they use\nuninterruptible waits, this leaves open the possibility of hanging a\ntask for an indefinitely long time, with no way to kill it short of\nunplugging the target device.\n\nTo prevent this sort of problem, enforce a maximum limit on the length\nof these unkillable timeouts. The limit chosen here, somewhat\narbitrarily, is 60 seconds. On many systems (although not all) this\nis short enough to avoid triggering the kernel's hung-task detector.\n\nIn addition, clear up the ambiguity of negative timeout values by\ntreating them the same as 0, i.e., using the maximum allowed timeout.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43428" }, { "cve":"CVE-2026-43468", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix deadlock between devlink lock and esw->wq\n\nesw->work_queue executes esw_functions_changed_event_handler ->\nesw_vfs_changed_event_handler and acquires the devlink lock.\n\n.eswitch_mode_set (acquires devlink lock in devlink_nl_pre_doit) ->\nmlx5_devlink_eswitch_mode_set -> mlx5_eswitch_disable_locked ->\nmlx5_eswitch_event_handler_unregister -> flush_workqueue deadlocks\nwhen esw_vfs_changed_event_handler executes.\n\nFix that by no longer flushing the work to avoid the deadlock, and using\na generation counter to keep track of work relevance. This avoids an old\nhandler manipulating an esw that has undergone one or more mode changes:\n- the counter is incremented in mlx5_eswitch_event_handler_unregister.\n- the counter is read and passed to the ephemeral mlx5_host_work struct.\n- the work handler takes the devlink lock and bails out if the current\n generation is different than the one it was scheduled to operate on.\n- mlx5_eswitch_cleanup does the final draining before destroying the wq.\n\nNo longer flushing the workqueue has the side effect of maybe no longer\ncancelling pending vport_change_handler work items, but that's ok since\nthose are disabled elsewhere:\n- mlx5_eswitch_disable_locked disables the vport eq notifier.\n- mlx5_esw_vport_disable disarms the HW EQ notification and marks\n vport->enabled under state_lock to false to prevent pending vport\n handler from doing anything.\n- mlx5_eswitch_cleanup destroys the workqueue and makes sure all events\n are disabled/finished.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-43468" }, { "cve":"CVE-2026-43493", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications. The Linux kernel CVE team has assigned CVE-2026-43493 to this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-43493" }, { "cve":"CVE-2026-43503", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()->flags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft 'dup to ' rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()'d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb's frag descriptors into the\naccumulator's last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p's frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)->flags, and skb_segment_list() reuses each sub-skb's\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb's flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb's flag into nskb. Fold frag_skb's flag at both sites\nso segments drawing frags from frag_list members carry the marker.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-43503" }, { "cve":"CVE-2026-45834", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()\n\nAdd the same NULL guard already present in\nl2cap_sock_resume_cb() and l2cap_sock_ready_cb().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-45834" }, { "cve":"CVE-2026-45861", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix slab-use-after-free in qd_put\n\nCommit a475c5dd16e5 (\"gfs2: Free quota data objects synchronously\")\nstarted freeing quota data objects during filesystem shutdown instead of\nputting them back onto the LRU list, but it failed to remove these\nobjects from the LRU list, causing LRU list corruption. This caused\nuse-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access\nalready-freed objects on the LRU list.\n\nFix this by removing qd objects from the LRU list before freeing them in\nqd_put().\n\nInitial fix from Deepanshu Kartikey <", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-45861" }, { "cve":"CVE-2026-45911", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix role switching during resume\n\nIf the role change while we are suspended, the cdns3 driver switches to the\nnew mode during resume. However, switching to host mode in this context\ncauses a NULL pointer dereference.\n\nThe host role's start() operation registers a xhci-hcd device, but its\nprobe is deferred while we are in the resume path. The host role's resume()\noperation assumes the xhci-hcd device is already probed, which is not the\ncase, leading to the dereference. Since the start() operation of the new\nrole is already called, the resume operation can be skipped.\n\nSo skip the resume operation for the new role if a role switch occurs\nduring resume. Once the resume sequence is complete, the xhci-hcd device\ncan be probed in case of host mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000208\nMem abort info:\n...\nData abort info:\n...\n[0000000000000208] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in:\nCPU: 0 UID: 0 PID: 146 Comm: sh Not tainted\n6.19.0-rc7-00013-g6e64f4aabfae-dirty #135 PREEMPT\nHardware name: Texas Instruments J7200 EVM (DT)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usb_hcd_is_primary_hcd+0x0/0x1c\nlr : cdns_host_resume+0x24/0x5c\n...\nCall trace:\n usb_hcd_is_primary_hcd+0x0/0x1c (P)\n cdns_resume+0x6c/0xbc\n cdns3_controller_resume.isra.0+0xe8/0x17c\n cdns3_plat_resume+0x18/0x24\n platform_pm_resume+0x2c/0x68\n dpm_run_callback+0x90/0x248\n device_resume+0x100/0x24c\n dpm_resume+0x190/0x2ec\n dpm_resume_end+0x18/0x34\n suspend_devices_and_enter+0x2b0/0xa44\n pm_suspend+0x16c/0x5fc\n state_store+0x80/0xec\n kobj_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x130/0x1dc\n vfs_write+0x240/0x370\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0x108\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\nCode: 52800003 f9407ca5 d63f00a0 17ffffe4 (f9410401)\n---[ end trace 0000000000000000 ]---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-45911" }, { "cve":"CVE-2026-45943", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inline data read failure for ztailpacking pclusters\n\nCompressed folios for ztailpacking pclusters must be valid before adding\nthese pclusters to I/O chains. Otherwise, z_erofs_decompress_pcluster()\nmay assume they are already valid and then trigger a NULL pointer\ndereference.\n\nIt is somewhat hard to reproduce because the inline data is in the same\nblock as the tail of the compressed indexes, which are usually read just\nbefore. However, it may still happen if a fatal signal arrives while\nread_mapping_folio() is running, as shown below:\n\n erofs: (device dm-1): z_erofs_pcluster_begin: failed to get inline data -4\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n\n ...\n\n pc : z_erofs_decompress_queue+0x4c8/0xa14\n lr : z_erofs_decompress_queue+0x160/0xa14\n sp : ffffffc08b3eb3a0\n x29: ffffffc08b3eb570 x28: ffffffc08b3eb418 x27: 0000000000001000\n x26: ffffff8086ebdbb8 x25: ffffff8086ebdbb8 x24: 0000000000000001\n x23: 0000000000000008 x22: 00000000fffffffb x21: dead000000000700\n x20: 00000000000015e7 x19: ffffff808babb400 x18: ffffffc089edc098\n x17: 00000000c006287d x16: 00000000c006287d x15: 0000000000000004\n x14: ffffff80ba8f8000 x13: 0000000000000004 x12: 00000006589a77c9\n x11: 0000000000000015 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\n x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020\n x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n z_erofs_decompress_queue+0x4c8/0xa14\n z_erofs_runqueue+0x908/0x97c\n z_erofs_read_folio+0x128/0x228\n filemap_read_folio+0x68/0x128\n filemap_get_pages+0x44c/0x8b4\n filemap_read+0x12c/0x5b8\n generic_file_read_iter+0x4c/0x15c\n do_iter_readv_writev+0x188/0x1e0\n vfs_iter_read+0xac/0x1a4\n backing_file_read_iter+0x170/0x34c\n ovl_read_iter+0xf0/0x140\n vfs_read+0x28c/0x344\n ksys_read+0x80/0xf0\n __arm64_sys_read+0x24/0x34\n invoke_syscall+0x60/0x114\n el0_svc_common+0x88/0xe4\n do_el0_svc+0x24/0x30\n el0_svc+0x40/0xa8\n el0t_64_sync_handler+0x70/0xbc\n el0t_64_sync+0x1bc/0x1c0\n\nFix this by reading the inline data before allocating and adding\nthe pclusters to the I/O chains.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-45943" }, { "cve":"CVE-2026-45947", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()\n\nIn amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM,\nthe function returns directly without releasing the allocated xcc_info,\nresulting in a memory leak.\n\nFix this by ensuring that xcc_info is properly freed in the error paths.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-45947" }, { "cve":"CVE-2026-45961", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: fix memory leaks in gfs2_fill_super error path\n\nFix two memory leaks in the gfs2_fill_super() error handling path when\ntransitioning a filesystem to read-write mode fails.\n\nFirst leak: kthread objects (thread_struct, task_struct, etc.)\nWhen gfs2_freeze_lock_shared() fails after init_threads() succeeds, the\ncreated kernel threads (logd and quotad) are never destroyed. This\noccurs because the fail_per_node label doesn't call\ngfs2_destroy_threads().\n\nSecond leak: quota bitmap buffer (8192 bytes)\nWhen gfs2_make_fs_rw() fails after gfs2_quota_init() succeeds but\nbefore other operations complete, the allocated quota bitmap is never\nfreed.\n\nThe fix moves thread cleanup to the fail_per_node label to handle all\nerror paths uniformly. gfs2_destroy_threads() is safe to call\nunconditionally as it checks for NULL pointers. Quota cleanup is added\nin gfs2_make_fs_rw() to properly handle the withdrawal case where\nquota initialization succeeds but the filesystem is then withdrawn.\n\nThread leak backtrace (gfs2_freeze_lock_shared failure):\n unreferenced object 0xffff88801d7bca80 (size 4480):\n copy_process+0x3a1/0x4670 kernel/fork.c:2422\n kernel_clone+0xf3/0x6e0 kernel/fork.c:2779\n kthread_create_on_node+0x100/0x150 kernel/kthread.c:478\n init_threads+0xab/0x350 fs/gfs2/ops_fstype.c:611\n gfs2_fill_super+0xe5c/0x1240 fs/gfs2/ops_fstype.c:1265\n\nQuota leak backtrace (gfs2_make_fs_rw failure):\n unreferenced object 0xffff88812de7c000 (size 8192):\n gfs2_quota_init+0xe5/0x820 fs/gfs2/quota.c:1409\n gfs2_make_fs_rw+0x7a/0xe0 fs/gfs2/super.c:149\n gfs2_fill_super+0xfbb/0x1240 fs/gfs2/ops_fstype.c:1275", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-45961" }, { "cve":"CVE-2026-45982", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()\n\nCover a missed execution path with a new check.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-45982" }, { "cve":"CVE-2026-45999", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()\n\nSome crafted images can have illegal (!partial_decoding &&\nm_llen < m_plen) extents, and the LZ4 inplace decompression path\ncan be wrongly hit, but it cannot handle (outpages < inpages)\nproperly: \"outpages - inpages\" wraps to a large value and\nthe subsequent rq->out[] access reads past the decompressed_pages\narray.\n\nHowever, such crafted cases can correctly result in a corruption\nreport in the normal LZ4 non-inplace path.\n\nLet's add an additional check to fix this for backporting.\n\nReproducible image (base64-encoded gzipped blob):\n\nH4sIAJGR12kCA+3SPUoDQRgG4MkmkkZk8QRbRFIIi9hbpEjrHQI5ghfwCN5BLCzTGtLbBI+g\ndilSJo1CnIm7GEXFxhT6PDDwfrs73/ywIQD/1ePD4r7Ou6ETsrq4mu7XcWfj++Pb58nJU/9i\nPNtbjhan04/9GtX4qVYc814WDqt6FaX5s+ZwXXeq52lndT6IuVvlblytLMvh4Gzwaf90nsvz\n2DF/21+20T/ldgp5s1jXRaN4t/8izsy/OUB6e/Qa79r+JwAAAAAAAL52vQVuGQAAAP6+my1w\nywAAAAAAAADwu14ATsEYtgBQAAA=\n\n$ mount -t erofs -o cache_strategy=disabled foo.erofs /mnt\n$ dd if=/mnt/data of=/dev/null bs=4096 count=1", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-45999" }, { "cve":"CVE-2026-46044", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped. So make sure the kthread is stopped on an error condition if it is running. The Linux kernel CVE team has assigned CVE-2026-46044 to this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-46044" }, { "cve":"CVE-2026-46051", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retry_aligned_read() When retry_aligned_read() encounters an overlapped stripe, it releases the stripe via raid5_release_stripe() which puts it on the lockless released_stripes llist. In the next raid5d loop iteration, release_stripe_list() drains the stripe onto handle_list (since STRIPE_HANDLE is set by the original IO), but retry_aligned_read() runs before handle_active_stripes() and removes the stripe from handle_list via find_get_stripe() -> list_del_init(). This prevents handle_stripe() from ever processing the stripe to resolve the overlap, causing an infinite loop and soft lockup. Fix this by using __release_stripe() with temp_inactive_list instead of raid5_release_stripe() in the failure path, so the stripe does not go through the released_stripes llist. This allows raid5d to break out of its loop, and the overlap will be resolved when the stripe is eventually processed by handle_stripe(). The Linux kernel CVE team has assigned CVE-2026-46051 to this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-46051" }, { "cve":"CVE-2026-46076", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the hypercall is something other than one of the supported Hyper-V hypercalls. When all of the above conditions are met, KVM will intercept VMMCALL but never forward it to L1, i.e. will let L2 make hypercalls as if it were L1. The TLFS says a whole lot of nothing about this scenario, so go with the architectural behavior, which says that VMMCALL #UDs if it's not intercepted. Opportunistically do a 2-for-1 stub trade by stub-ifying the new API instead of the helpers it uses. The last remaining \"single\" stub will soon be dropped as well. [sean: rewrite changelog and comment, tag for stable, remove defunct stubs] The Linux kernel CVE team has assigned CVE-2026-46076 to this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.9, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-46076" }, { "cve":"CVE-2026-46078", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen() with unchecked nameoffs. If a crafted EROFS has a trailing dirent with nameoff >= maxsize, maxsize - nameoff can underflow, causing strnlen() to read past the directory block. nameoff0 should also be verified to be a multiple of `sizeof(struct erofs_dirent)` as well [1]. [1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com The Linux kernel CVE team has assigned CVE-2026-46078 to this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-46078" }, { "cve":"CVE-2026-46082", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inject #UD when EFER.SVME=0. [sean: tag for stable@] The Linux kernel CVE team has assigned CVE-2026-46082 to this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-46082" }, { "cve":"CVE-2026-46093", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users. The Linux kernel CVE team has assigned CVE-2026-46093 to this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-46093" }, { "cve":"CVE-2026-46121", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lockPatch series \"mm/damon/sysfs-schemes: fix use-after-free for [memcg_]path\".Reads of 'memcg_path' and 'path' files in DAMON sysfs interface could racewith their writes, results in use-after-free. Fix those.This patch (of 2):damon_sysfs_scheme_filter->mmecg_path can be read and written by users,via DAMON sysfs memcg_path file. It can also be indirectly read, for theparameters {on,off}line committing to DAMON. The reads for parameterscommitting are protected by damon_sysfs_lock to avoid the sysfs filesbeing destroyed while any of the parameters are being read. But theuser-driven direct reads and writes are not protected by any lock, whilethe write is deallocating the memcg_path-pointing buffer. As a result,the readers could read the already freed buffer (user-after-free). Notethat the user-reads don't race when the same open file is used by thewriter, due to kernfs's open file locking. Nonetheless, doing the readsand writes with separate open files would be common. Fix it by protectingboth the user-direct reads and writes with damon_sysfs_lock.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-46121" }, { "cve":"CVE-2026-46138", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt\n\nhci_le_create_big_complete_evt() iterates over BT_BOUND connections for\na BIG handle using a while loop, accessing ev->bis_handle[i++] on each\niteration. However, there is no check that i stays within ev->num_bis\nbefore the array access.\n\nWhen a controller sends a LE_Create_BIG_Complete event with fewer\nbis_handle entries than there are BT_BOUND connections for that BIG,\nor with num_bis=0, the loop reads beyond the valid bis_handle[] flex\narray into adjacent heap memory. Since the out-of-bounds values\ntypically exceed HCI_CONN_HANDLE_MAX (0x0EFF), hci_conn_set_handle()\nrejects them and the connection remains in BT_BOUND state. The same\nconnection is then found again by hci_conn_hash_lookup_big_state(),\ncreating an infinite loop with hci_dev_lock held.\n\nFix this by terminating the BIG if in case not all BIS could be setup\nproperly.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-46138" }, { "cve":"CVE-2026-46165", "notes":[ { "text":"In the Linux kernel, vports are used concurrently and protected by RCU, so netdev_put() must happen after the RCU grace period. The rtnl_delete_link() must happen under RTNL and cannot be executed in RCU context. Calling synchronize_net() while holding RTNL is not good for performance and system stability, so calling netdev_put() in RCU call is the right solution. However, when the device is deleted, rtnl_unlock() calls netdev_run_todo() and blocks until all references are gone. In the current code, this means that call_rcu() is never reached, the vport is never freed, and the reference is never released, causing a self-deadlock on device removal. The fix moves the rcu_call() before rtnl_unlock(), so the scheduled RCU callback will be executed when synchronize_net() is called from rtnl_unlock()->netdev_run_todo() while RTNL itself is already released.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-46165" }, { "cve":"CVE-2026-46171", "notes":[ { "text":"In the Linux kernel's RISC-V KVM subsystem, when the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is not freed, causing a memory leak. An attacker can trigger this via ioctl(vm_fd, KVM_CREATE_VCPU), potentially leading to resource exhaustion.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-46171" }, { "cve":"CVE-2026-46178", "notes":[ { "text":"In the Linux kernel, the mlx4_ib_create_srq() function fails to release resources allocated by mlx4_srq_alloc() in error handling paths, leading to a resource leak. An attacker could exploit this vulnerability to cause resource exhaustion or denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-46178" }, { "cve":"CVE-2026-46190", "notes":[ { "text":"In the Linux kernel, the spi_nor_params_show() function uses sizeof(snor_f_names) to calculate the array length. Since snor_f_names is an array of pointers, sizeof returns the total byte size of the pointer array (element_count sizeof(void )), which on 64-bit systems is 8 times larger than intended. This causes an out-of-bounds read when a flag bit is set that exceeds the actual element count but falls within the inflated byte-size count. The fix replaces sizeof with ARRAY_SIZE to pass the actual number of elements.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2582" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:bpftool-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:bpftool-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-debugsource-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-extra-modules-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-headers-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-source-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-tools-devel-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:python3-perf-debuginfo-6.6.0-145.3.14.145.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:kernel-6.6.0-145.3.14.145.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-46190" } ] }