{"schema_version":"1.7.2","id":"OESA-2026-2175","modified":"2026-05-03T09:57:22Z","published":"2026-05-03T09:57:22Z","upstream":["CVE-2025-27558","CVE-2026-31431","CVE-2026-31473"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.(CVE-2025-27558)\n\nIn the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: algif_aead - Revert to operating out-of-place\\n\\nThis mostly reverts commit 72548b093ee3 except for the copying of the associated data.\\n\\nThere is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.(CVE-2026-31431)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex\n\nMEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0)\nqueue teardown paths. This can race request object cleanup against vb2\nqueue cancellation and lead to use-after-free reports.\n\nWe already serialize request queueing against STREAMON/OFF with\nreq_queue_mutex. Extend that serialization to REQBUFS, and also take\nthe same mutex in media_request_ioctl_reinit() so REINIT is in the\nsame exclusion domain.\n\nThis keeps request cleanup and queue cancellation from running in\nparallel for request-capable devices.(CVE-2026-31473)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-312.0.0.215.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","bpftool-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-debugsource-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-devel-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-headers-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-source-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-tools-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-tools-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","kernel-tools-devel-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","perf-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","python3-perf-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm","python3-perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.aarch64.rpm"],"src":["kernel-5.10.0-312.0.0.215.oe2203sp4.src.rpm"],"x86_64":["bpftool-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","bpftool-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-debugsource-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-devel-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-headers-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-source-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-tools-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-tools-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","kernel-tools-devel-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","perf-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","python3-perf-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm","python3-perf-debuginfo-5.10.0-312.0.0.215.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2175"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27558"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31431"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31473"}],"database_specific":{"severity":"Critical"}}