An update for kernel is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2175 Final 1.0 1.0 2026-05-03 Initial 2026-05-03 2026-05-03 openEuler SA Tool V1.0 2026-05-03 kernel security update An update for kernel is now available for openEuler-22.03-LTS-SP4 The Linux Kernel, the operating system core itself. Security Fix(es): IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.(CVE-2025-27558) In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of the associated data.\n\nThere is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.(CVE-2026-31431) In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex MEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0) queue teardown paths. This can race request object cleanup against vb2 queue cancellation and lead to use-after-free reports. We already serialize request queueing against STREAMON/OFF with req_queue_mutex. Extend that serialization to REQBUFS, and also take the same mutex in media_request_ioctl_reinit() so REINIT is in the same exclusion domain. This keeps request cleanup and queue cancellation from running in parallel for request-capable devices.(CVE-2026-31473) An update for kernel is now available for openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical kernel https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2175 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-27558 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31431 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-31473 https://nvd.nist.gov/vuln/detail/CVE-2025-27558 https://nvd.nist.gov/vuln/detail/CVE-2026-31431 https://nvd.nist.gov/vuln/detail/CVE-2026-31473 openEuler-22.03-LTS-SP4 bpftool-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm bpftool-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-debugsource-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-devel-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-headers-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-source-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-tools-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-tools-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm kernel-tools-devel-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm perf-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm python3-perf-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm python3-perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm bpftool-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm bpftool-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-debugsource-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-devel-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-headers-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-source-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-tools-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-tools-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-tools-devel-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm perf-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm python3-perf-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm python3-perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm kernel-5.10.0-312.0.0.215.oe2203sp4.src.rpm IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard. 2026-05-03 CVE-2025-27558 openEuler-22.03-LTS-SP4 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N kernel security update 2026-05-03 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2175 In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of the associated data.\n\nThere is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. 2026-05-03 CVE-2026-31431 openEuler-22.03-LTS-SP4 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2026-05-03 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2175 In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex MEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0) queue teardown paths. This can race request object cleanup against vb2 queue cancellation and lead to use-after-free reports. We already serialize request queueing against STREAMON/OFF with req_queue_mutex. Extend that serialization to REQBUFS, and also take the same mutex in media_request_ioctl_reinit() so REINIT is in the same exclusion domain. This keeps request cleanup and queue cancellation from running in parallel for request-capable devices. 2026-05-03 CVE-2026-31473 openEuler-22.03-LTS-SP4 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2026-05-03 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2175