Detections
Analytics

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-1661)

high Nessus Plugin ID 238408

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 net: gso: fix ownership in __udp_gso_segment(CVE-2025-21926)

 usbnet: gl620a: fix endpoint checking in genelink_bind().(CVE-2025-21877)

 net_sched: Prevent creation of classes with TC_H_ROOT(CVE-2025-21971)

 fbdev: hyperv_fb: Allow graceful removal of framebuffer(CVE-2025-21976)

 drm/nouveau: prime: fix refcount underflow(CVE-2024-43867)

 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu().(CVE-2025-21927)

 nvme-pci: add missing condition check for existence of mapped data(CVE-2024-42276)

 ipv6: mcast: add RCU protection to mld_newpack().(CVE-2025-21758)

 vlan: enforce underlying device type(CVE-2025-21920)

 usb: cdc-acm: Check control transfer buffer size before access(CVE-2025-21704)

 PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1(CVE-2025-21831)

 net: sched: Disallow replacing of child qdisc from one parent to another(CVE-2025-21702)

 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree().(CVE-2025-21959)

 ipv4: use RCU protection in __ip_rt_update_pmtu().(CVE-2025-21766)

 dm array: fix releasing a faulty array block twice in dm_array_cursor_end(CVE-2024-57929)

 hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio(CVE-2025-21931)

 cpufreq: governor: Use kobject release() method to free dbs_data(CVE-2022-49513)

 HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections(CVE-2024-57986)

 ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up(CVE-2025-21887)

 xsk: Fix race at socket teardown(CVE-2022-49215)

 acct: perform last write from workqueue(CVE-2025-21846)

 drop_monitor: fix incorrect initialization order(CVE-2025-21862)

 memcg: fix soft lockup in the OOM process(CVE-2024-57977)

 rdma/cxgb4: Prevent potential integer overflow on 32bit(CVE-2024-57973)

 iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic().(CVE-2025-21993)

 x86/kexec: fix memory leak of elf header buffer(CVE-2022-49546)

 proc: fix UAF in proc_get_inode().(CVE-2025-21999)

 tracing: Fix bad hist from corrupting named_triggers list(CVE-2025-21899)

 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers(CVE-2025-21885)

 net: let net.core.dev_weight always be non-zero(CVE-2025-21806)

 udp: Deal with race between UDP socket address change and rehash(CVE-2024-57974)

 NFSD: Fix the behavior of READ near OFFSET_MAX(CVE-2022-48827)

 dm thin: make get_first_thin use rcu-safe list first function(CVE-2025-21664)

 ipv6: use RCU protection in ip6_default_advmss().(CVE-2025-21765)

 xhci: Handle TD clearing for multiple streams case(CVE-2024-40927)

 ipmr: do not call mr_mfc_uses_dev() for unres entries(CVE-2025-21719)

 scsi: hisi_sas: Add cond_resched() for no forced preemption model(CVE-2024-56589)

 net_sched: sch_sfq: don't allow 1 packet limit(CVE-2024-57996)

 mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize().(CVE-2025-21861)

 efi: Don't map the entire mokvar table to determine its size(CVE-2025-21872)

 net: asix: add proper error handling of usb read errors(CVE-2022-49226)

 HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove().(CVE-2025-21928)

 igb: Fix potential invalid memory access in igb_init_module().(CVE-2024-52332)

 ftrace: Avoid potential division by zero in function_stat_show().(CVE-2025-21898)

 uprobes: Reject the shared zeropage in uprobe_write_opcode().(CVE-2025-21881)

 bnxt: Do not read past the end of test names(CVE-2023-53010)

 hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING(CVE-2025-21816)

 cifs: fix potential memory leaks in session setup(CVE-2023-53008)

 ovl: Use 'buf' flexible array for memcpy() destination(CVE-2022-49743)

 openvswitch: fix lockup on tx to unregistering netdev with carrier(CVE-2025-21681)

 rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read(CVE-2024-58069)

 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu().(CVE-2024-58083)

 ipv6: mcast: extend RCU protection in igmp6_send().(CVE-2025-21759)

 vsock: Keep the binding until socket destruction(CVE-2025-21756)

 pps: Fix a use-after-free(CVE-2024-57979)

 padata: fix UAF in padata_reorder(CVE-2025-21727)

 netfilter: nf_tables: avoid skb access on nf_stolen(CVE-2022-49622)

 srcu: Tighten cleanup_srcu_struct() GP checks(CVE-2022-49651)

 openvswitch: use RCU protection in ovs_vport_cmd_fill_info().(CVE-2025-21761)

 cgroup: Use separate src/dst nodes when preloading css_sets for migration(CVE-2022-49647)

 ice: arfs: fix use-after-free when freeing @rx_cpu_rmap(CVE-2022-49063)

 macsec: fix UAF bug for real_dev(CVE-2022-49390)

 ndisc: extend RCU protection in ndisc_send_skb().(CVE-2025-21760)

 nfsd: release svc_expkey(CVE-2024-53216)

 nfsd: make sure exp active before svc_export_show(CVE-2024-56558)

 net: sched: Disallow replacing of child qdisc from one parent to another(CVE-2025-21700)

 neighbour: use RCU protection in __neigh_notify().(CVE-2025-21763)

 nfsd: clear acl_access/acl_default after releasing them(CVE-2025-21796)

 ndisc: use RCU protection in ndisc_alloc_skb().(CVE-2025-21764)

 arp: use RCU protection in arp_xmit().(CVE-2025-21762)

 USB: hub: Ignore non-compliant devices with too many configs or interfaces(CVE-2025-21776)

 bpf: avoid holding freeze_mutex during mmap operation(CVE-2025-21853)

 nfp: bpf: Add check for nfp_app_ctrl_msg_alloc().(CVE-2025-21848)

 KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel(CVE-2025-21779)

 usb: xhci: Fix NULL pointer dereference on certain command aborts(CVE-2024-57981)

 mlxsw: spectrum: Guard against invalid local ports(CVE-2022-49134)

 icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.(CVE-2022-49632)

 kernel/resource: fix kfree() of bootmem memory again(CVE-2022-49190)

 vrf: use RCU protection in l3mdev_l3_out().(CVE-2025-21791)

 tcp: Fix a data-race around sysctl_tcp_ecn_fallback.(CVE-2022-49630)

 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX(CVE-2024-58017)

 i2c: dev: check return value when calling dev_set_name().(CVE-2022-49046)

 list: fix a data-race around ep-rdllist(CVE-2022-49443)

 drm/amd/display: Fix memory leak(CVE-2022-49135)

 media: uvcvideo: Fix double free in error path(CVE-2024-57980)

 io_uring: prevent opcode speculation(CVE-2025-21863)

 geneve: Fix use-after-free in geneve_find_dev().(CVE-2025-21858)

 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array(CVE-2025-21785)

 scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock(CVE-2022-49536)

 KVM: VMX: Prevent RSB underflow before vmenter(CVE-2022-49610)

 tpm: Change to kvalloc() in eventlog/acpi.c(CVE-2024-58005)

 media: uvcvideo: Remove dangling pointers(CVE-2024-58002)

 padata: avoid UAF for reorder_work(CVE-2025-21726)

 ptp: Ensure info-enable callback is always set(CVE-2025-21814)

 bpf: Send signals asynchronously if !preemptible(CVE-2025-21728)

 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI(CVE-2022-49535)

 crypto: qat - add param check for RSA(CVE-2022-49563)

 nbd: don't allow reconnect after disconnect(CVE-2025-21731)

 media: cx24116: prevent overflows on SNR calculus(CVE-2024-50290)

 crypto: qat - add param check for DH(CVE-2022-49564)

 net: usb: rtl8150: enable basic endpoint checking(CVE-2025-21708)

 scsi: qla2xxx: Fix crash during module load unload test(CVE-2022-49160)

 sctp: sysctl: rto_min/max: avoid using current-nsproxy(CVE-2025-21639)

 crypto: qat - fix memory leak in RSA(CVE-2022-49566)

 scsi: storvsc: Ratelimit warning logs to prevent VM denial of service(CVE-2025-21690)

 USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb().(CVE-2025-21689)

 ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init().(CVE-2024-53680)

 vsock/virtio: discard packets if the transport changes(CVE-2025-21669)

 vsock: prevent null-ptr-deref in vsock_*[has_data|has_space](CVE-2025-21666)

 eth: bnxt: always recalculate features after XDP clearing, fix null-deref(CVE-2025-21682)

 sched/deadline: Fix warning in migrate_enable for boosted tasks(CVE-2024-56583)

 vfio/platform: check the bounds of read/write syscalls(CVE-2025-21687)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?005ddbee

Plugin Details

Severity: High

ID: 238408

File Name: EulerOS_SA-2025-1661.nasl

Version: 1.1

Type: local

Published: 6/12/2025

Updated: 6/12/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-21928

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/12/2025

Vulnerability Publication Date: 7/15/2022

Reference Information

CVE: CVE-2022-48827, CVE-2022-49046, CVE-2022-49063, CVE-2022-49134, CVE-2022-49135, CVE-2022-49160, CVE-2022-49190, CVE-2022-49215, CVE-2022-49226, CVE-2022-49390, CVE-2022-49443, CVE-2022-49513, CVE-2022-49535, CVE-2022-49536, CVE-2022-49546, CVE-2022-49563, CVE-2022-49564, CVE-2022-49566, CVE-2022-49610, CVE-2022-49622, CVE-2022-49630, CVE-2022-49632, CVE-2022-49647, CVE-2022-49651, CVE-2022-49743, CVE-2023-53008, CVE-2023-53010, CVE-2024-40927, CVE-2024-42276, CVE-2024-43867, CVE-2024-50290, CVE-2024-52332, CVE-2024-53216, CVE-2024-53680, CVE-2024-56558, CVE-2024-56583, CVE-2024-56589, CVE-2024-57929, CVE-2024-57973, CVE-2024-57974, CVE-2024-57977, CVE-2024-57979, CVE-2024-57980, CVE-2024-57981, CVE-2024-57986, CVE-2024-57996, CVE-2024-58002, CVE-2024-58005, CVE-2024-58017, CVE-2024-58069, CVE-2024-58083, CVE-2025-21639, CVE-2025-21664, CVE-2025-21666, CVE-2025-21669, CVE-2025-21681, CVE-2025-21682, CVE-2025-21687, CVE-2025-21689, CVE-2025-21690, CVE-2025-21700, CVE-2025-21702, CVE-2025-21704, CVE-2025-21708, CVE-2025-21719, CVE-2025-21726, CVE-2025-21727, CVE-2025-21728, CVE-2025-21731, CVE-2025-21756, CVE-2025-21758, CVE-2025-21759, CVE-2025-21760, CVE-2025-21761, CVE-2025-21762, CVE-2025-21763, CVE-2025-21764, CVE-2025-21765, CVE-2025-21766, CVE-2025-21776, CVE-2025-21779, CVE-2025-21785, CVE-2025-21791, CVE-2025-21796, CVE-2025-21806, CVE-2025-21814, CVE-2025-21816, CVE-2025-21831, CVE-2025-21846, CVE-2025-21848, CVE-2025-21853, CVE-2025-21858, CVE-2025-21861, CVE-2025-21862, CVE-2025-21863, CVE-2025-21872, CVE-2025-21877, CVE-2025-21881, CVE-2025-21885, CVE-2025-21887, CVE-2025-21898, CVE-2025-21899, CVE-2025-21920, CVE-2025-21926, CVE-2025-21927, CVE-2025-21928, CVE-2025-21931, CVE-2025-21959, CVE-2025-21971, CVE-2025-21976, CVE-2025-21993, CVE-2025-21999