Detections
Analytics
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2025-1777)
high Nessus Plugin ID 241806
Synopsis
The remote EulerOS host is missing multiple security updates.Description
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :drm/plane: Move range check for format_count earlier(CVE-2021-47659)
trace_events_hist: add check for return value of 'create_hist_field'(CVE-2023-53005)
tracing: Make sure trace_printk() can output as soon as it can be used(CVE-2023-53007)
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation(CVE-2023-53024)
sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket(CVE-2024-53168)
tracing/histograms: Fix memory leak problem(CVE-2022-49648)
vrf: use RCU protection in l3mdev_l3_out().(CVE-2025-21791)
net_sched: sch_sfq: don't allow 1 packet limit(CVE-2024-57996)
net: sched: Disallow replacing of child qdisc from one parent to another(CVE-2025-21700)
geneve: Fix use-after-free in geneve_find_dev().(CVE-2025-21858)
macsec: fix UAF bug for real_dev(CVE-2022-49390)
net: let net.core.dev_weight always be non-zero(CVE-2025-21806)
net: mdio: unexport __init-annotated mdio_bus_init().(CVE-2022-49350)
ip: Fix data-races around sysctl_ip_fwd_update_priority.(CVE-2022-49603)
mmc: sdio: fix possible resource leaks in some error paths(CVE-2023-52730)
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert().(CVE-2023-52997)
net: sched: Disallow replacing of child qdisc from one parent to another(CVE-2025-21702)
net/sched: act_skbmod: prevent kernel-infoleak(CVE-2024-35893)
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.(CVE-2023-53032)
net: openvswitch: fix leak of nested actions(CVE-2022-49086)
net: mdio: validate parameter addr in mdiobus_get_phy().(CVE-2023-53019)
selinux: ignore unknown extended permissions(CVE-2024-57931)
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF(CVE-2023-52973)
driver: base: fix UAF when driver_attach failed(CVE-2022-49385)
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put().(CVE-2022-48758)
rxrpc: Fix listen() setting the bar too high for the prealloc rings(CVE-2022-49450)
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl(CVE-2021-47634)
media: uvcvideo: Fix double free in error path(CVE-2024-57980)
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI(CVE-2022-49535)
dmaengine: Fix double increment of client_count in dma_chan_get().(CVE-2022-49753)
memcg: fix soft lockup in the OOM process(CVE-2024-57977)
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle(CVE-2022-49370)
dm raid: fix accesses beyond end of raid member array(CVE-2022-49674)
nfsd: clear acl_access/acl_default after releasing them(CVE-2025-21796)
Input: MT - limit max slots(CVE-2024-45008)(CVE-2024-45008)
ubi: ubi_create_volume: Fix use-after-free when volume creation failed(CVE-2022-49388)
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair().(CVE-2022-49155)
NFSD: prevent underflow in nfssvc_decode_writeargs().(CVE-2022-49280)
dm integrity: fix memory corruption when tag_size is less than digest size(CVE-2022-49044)
cpufreq: governor: Use kobject release() method to free dbs_data(CVE-2022-49513)
virtio_console: eliminate anonymous module_init module_exit(CVE-2022-49100)
mm/khugepaged: fix -anon_vma race(CVE-2023-52935)
tty: fix deadlock caused by calling printk() under tty_port-lock(CVE-2022-49441)
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean().(CVE-2022-49307)
dyndbg: fix old BUG_ON in control parser(CVE-2024-35947)(CVE-2024-35947)
ext4: fix OOB read when checking dotdot dir(CVE-2025-37785)
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array(CVE-2025-21785)
net_sched: sch_sfq: move the limit validation(CVE-2025-37752)
Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel packages.See Also
Plugin Details
Severity: High
ID: 241806
File Name: EulerOS_SA-2025-1777.nasl
Version: 1.1
Type: local
Family: Huawei Local Security Checks
Published: 7/10/2025
Updated: 7/10/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-21858
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:huawei:euleros:kernel-headers, p-cpe:/a:huawei:euleros:kernel-tools-libs-devel, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-devel, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:perf, cpe:/o:huawei:euleros:2.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp
Excluded KB Items: Host/EulerOS/uvp_version
Exploit Ease: No known exploits are available
Patch Publication Date: 7/10/2025
Vulnerability Publication Date: 7/21/2021
Reference Information
CVE: CVE-2021-47634, CVE-2021-47659, CVE-2022-48758, CVE-2022-49044, CVE-2022-49086, CVE-2022-49100, CVE-2022-49155, CVE-2022-49280, CVE-2022-49307, CVE-2022-49350, CVE-2022-49370, CVE-2022-49385, CVE-2022-49388, CVE-2022-49390, CVE-2022-49441, CVE-2022-49450, CVE-2022-49513, CVE-2022-49535, CVE-2022-49603, CVE-2022-49648, CVE-2022-49674, CVE-2022-49753, CVE-2023-52730, CVE-2023-52935, CVE-2023-52973, CVE-2023-52997, CVE-2023-53005, CVE-2023-53007, CVE-2023-53019, CVE-2023-53024, CVE-2023-53032, CVE-2024-35893, CVE-2024-35947, CVE-2024-45008, CVE-2024-53168, CVE-2024-57931, CVE-2024-57977, CVE-2024-57980, CVE-2024-57996, CVE-2025-21700, CVE-2025-21702, CVE-2025-21785, CVE-2025-21791, CVE-2025-21796, CVE-2025-21806, CVE-2025-21858, CVE-2025-37752, CVE-2025-37785