Detections
Analytics

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2198)

medium Nessus Plugin ID 270035

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 do_change_type(): refuse to operate on unmounted/not ours mounts(CVE-2025-38498)

 HID: core: ensure the allocated report buffer can contain the reserved report ID(CVE-2025-38495)

 perf: Revert to requiring CAP_SYS_ADMIN for uprobes(CVE-2025-38466)

 tipc: Fix use-after-free in tipc_conn_close().(CVE-2025-38464)

 net/sched: Abort __tc_modify_qdisc if parent class does not exist(CVE-2025-38457)

 drm/gem: Acquire references on GEM handles for framebuffers(CVE-2025-38449)

 scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()(CVE-2025-38399)

 usb: typec: altmodes/displayport: do not index invalid pin_assignments(CVE-2025-38391)

 ACPICA: Refuse to evaluate a method if arguments are missing(CVE-2025-38386)

 virtio-net: ensure the received length does not exceed allocated size(CVE-2025-38375)

 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()(CVE-2025-38352)

 ftrace: Fix UAF when lookup kallsym after ftrace disabled(CVE-2025-38346)

 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()(CVE-2025-38337)

 mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().(CVE-2025-38324)

 arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()(CVE-2025-38320)

 bpf: Fix WARN() in get_bpf_raw_tp_regs(CVE-2025-38285)

 net: tipc: fix refcount warning in tipc_aead_encrypt(CVE-2025-38273)

 media: cxusb: no longer judge rbuf when the write fails(CVE-2025-38229)

 ext4: inline: fix len overflow in ext4_prepare_inline_data(CVE-2025-38222)

 fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var(CVE-2025-38215)

 fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var(CVE-2025-38214)

 RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction(CVE-2025-38211)

 net: clear the dst when changing skb protocol(CVE-2025-38192)

 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer(CVE-2025-38184)

 bpf: fix ktls panic with sockmap(CVE-2025-38166)

 netfilter: nft_set_pipapo: prevent overflow in lookup table allocation(CVE-2025-38162)

 ice: fix Tx scheduler error handling in XDP callback(CVE-2025-38127)

 net: fix udp gso skb_segment after pull from frag_list(CVE-2025-38124)

 netfilter: nf_set_pipapo_avx2: fix initial map fill(CVE-2025-38120)

 net_sched: sch_sfq: fix a potential crash on gso_skb handling(CVE-2025-38115)

 net/mdiobus: Fix potential out-of-bounds read/write access(CVE-2025-38111)

 net_sched: red: fix a race in __red_change()(CVE-2025-38108)

 VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify(CVE-2025-38102)

 x86/iopl: Cure TIF_IO_BITMAP inconsistencies(CVE-2025-38100)

 net: ch9200: fix uninitialised access during mii_nway_restart(CVE-2025-38086)

 mm/hugetlb: unshare page tables during VMA split, not before(CVE-2025-38084)

 net_sched: prio: fix a race in prio_tune()(CVE-2025-38083)

 scsi: target: iscsi: Fix timeout on deleted connection(CVE-2025-38075)

 vhost-scsi: protect vq-log_used with vq-mutex(CVE-2025-38074)

 libnvdimm/labels: Fix divide error in nd_label_data_init()(CVE-2025-38072)

 crypto: lzo - Fix compression buffer overrun(CVE-2025-38068)

 rseq: Fix segfault on registration when rseq_cs is non-zero(CVE-2025-38067)

 dm cache: prevent BUG_ON by blocking retries on failed device resumes(CVE-2025-38066)

 dm: fix unconditional IO throttle caused by REQ_PREFLUSH(CVE-2025-38063)

 net: pktgen: fix access outside of user given buffer in pktgen_thread_write()(CVE-2025-38061)

 net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done(CVE-2025-38052)

 media: cx231xx: set device_caps for 417(CVE-2025-38044)

 dmaengine: idxd: Refactor remove call with idxd_cleanup() helper(CVE-2025-38014)

 net_sched: hfsc: Address reentrant enqueue adding class to eltree twice(CVE-2025-38001)

 sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()(CVE-2025-38000)

 openvswitch: Fix unsafe attribute parsing in output_userspace()(CVE-2025-37998)

 netfilter: ipset: fix region locking in hash types(CVE-2025-37997)

 net_sched: Flush gso_skb list too during -change()(CVE-2025-37992)

 net: phy: leds: fix memory leak(CVE-2025-37989)

 ipvs: fix uninit-value for saddr in do_output_route4(CVE-2025-37961)

 bpf: Scrub packet on bpf_redirect_peer(CVE-2025-37959)

 arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs(CVE-2025-37948)

 sch_htb: make htb_qlen_notify() idempotent(CVE-2025-37932)

 xsk: Fix race condition in AF_XDP generic RX path(CVE-2025-37920)

 net_sched: drr: Fix double list add in class with netem as child qdisc(CVE-2025-37915)

 net_sched: qfq: Fix double list add in class with netem as child qdisc(CVE-2025-37913)

 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc(CVE-2025-37890)

 HID: pidff: Fix null pointer dereference in pidff_find_fields(CVE-2025-37862)

 page_pool: avoid infinite loop to schedule delayed worker(CVE-2025-37859)

 tipc: fix NULL pointer dereference in tipc_mon_reinit_self()(CVE-2025-37824)

 net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too(CVE-2025-37823)

 codel: remove sch-q.qlen check before qdisc_tree_reduce_backlog()(CVE-2025-37798)

 net_sched: hfsc: Fix a UAF vulnerability in class handling(CVE-2025-37797)

 net: openvswitch: fix nested key length validation in the set() action(CVE-2025-37789)

 cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path(CVE-2025-37788)

 tipc: fix memory leak in tipc_link_xmit(CVE-2025-37757)

 net: tls: explicitly disallow disconnect(CVE-2025-37756)

 net: ppp: Add bound checking for skb data on ppp_sync_txmung(CVE-2025-37749)

 sctp: detect and prevent references to a freed transport in sendmsg(CVE-2025-23142)

 net: fix NULL pointer dereference in l3mdev_l3_rcv(CVE-2025-22103)

 RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow(CVE-2025-22086)

 rtnetlink: Allocate vfinfo size for VF GUIDs when supported(CVE-2025-22075)

 net: decrease cached dst counters in dst_release(CVE-2025-22057)

 net: fix geneve_opt length integer overflow(CVE-2025-22055)

 netfilter: socket: Lookup orig tuple for IPv6 SNAT(CVE-2025-22021)

 regulator: check that dummy regulator has been probed before using it(CVE-2025-22008)

 block: mark GFP_NOIO around sysfs -store()(CVE-2025-21817)

 ata: libata-sff: Ensure that we cannot write outside the allocated buffer(CVE-2025-21738)

 net: avoid race between device unregistration and ethnl ops(CVE-2025-21701)

 bpf: check changes_pkt_data property for extension programs(CVE-2024-58100)

 bpf: track changes_pkt_data property for global functions(CVE-2024-58098)

 net: fix memory leak in tcp_conn_request()(CVE-2024-57841)

 A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.(CVE-2024-2201)

 net/mlx5e: Fix cleanup null-ptr deref on encap lock(CVE-2023-53105)

 net: usb: lan78xx: Limit packet length to skb-len(CVE-2023-53068)

 HID: intel-ish-hid: ipc: Fix potential use-after-free in work function(CVE-2023-53039)

 netfilter: allow exp not to be removed in nf_ct_find_expectation(CVE-2023-52927)

 arm64: set UXN on swapper page tables(CVE-2022-50232)

 arm64: set UXN on swapper page tables(CVE-2022-50230)

 bpf: fix potential 32-bit overflow when accessing ARRAY map element(CVE-2022-50167)

 sched/core: Do not requeue task on CPU excluded from cpus_mask(CVE-2022-50100)

 scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts(CVE-2022-50098)

 bpf: Fix a data-race around bpf_jit_limit.(CVE-2022-49967)

 netdevsim: Fix memory leak of nsim_dev-fa_cookie(CVE-2022-49803)

 x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave)(CVE-2022-49557)

 block: fix rq-qos breakage from skipping rq_qos_done_bio()(CVE-2022-49266)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?9dc3d4f5

Plugin Details

Severity: Medium

ID: 270035

File Name: EulerOS_SA-2025-2198.nasl

Version: 1.1

Type: local

Published: 10/11/2025

Updated: 10/11/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-57841

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, p-cpe:/a:huawei:euleros:kernel, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/11/2025

Vulnerability Publication Date: 7/21/2022

CISA Known Exploited Vulnerability Due Dates: 9/25/2025

Reference Information

CVE: CVE-2022-49266, CVE-2022-49557, CVE-2022-49803, CVE-2022-49967, CVE-2022-50098, CVE-2022-50100, CVE-2022-50167, CVE-2022-50230, CVE-2022-50232, CVE-2023-52927, CVE-2023-53039, CVE-2023-53068, CVE-2023-53105, CVE-2024-2201, CVE-2024-57841, CVE-2024-58098, CVE-2024-58100, CVE-2025-21701, CVE-2025-21738, CVE-2025-21817, CVE-2025-22008, CVE-2025-22021, CVE-2025-22055, CVE-2025-22057, CVE-2025-22075, CVE-2025-22086, CVE-2025-22103, CVE-2025-23142, CVE-2025-37749, CVE-2025-37756, CVE-2025-37757, CVE-2025-37788, CVE-2025-37789, CVE-2025-37797, CVE-2025-37798, CVE-2025-37823, CVE-2025-37824, CVE-2025-37859, CVE-2025-37862, CVE-2025-37890, CVE-2025-37913, CVE-2025-37915, CVE-2025-37920, CVE-2025-37932, CVE-2025-37948, CVE-2025-37959, CVE-2025-37961, CVE-2025-37989, CVE-2025-37992, CVE-2025-37997, CVE-2025-37998, CVE-2025-38000, CVE-2025-38001, CVE-2025-38014, CVE-2025-38044, CVE-2025-38052, CVE-2025-38061, CVE-2025-38063, CVE-2025-38066, CVE-2025-38067, CVE-2025-38068, CVE-2025-38072, CVE-2025-38074, CVE-2025-38075, CVE-2025-38083, CVE-2025-38084, CVE-2025-38086, CVE-2025-38100, CVE-2025-38102, CVE-2025-38108, CVE-2025-38111, CVE-2025-38115, CVE-2025-38120, CVE-2025-38124, CVE-2025-38127, CVE-2025-38162, CVE-2025-38166, CVE-2025-38184, CVE-2025-38192, CVE-2025-38211, CVE-2025-38214, CVE-2025-38215, CVE-2025-38222, CVE-2025-38229, CVE-2025-38273, CVE-2025-38285, CVE-2025-38320, CVE-2025-38324, CVE-2025-38337, CVE-2025-38346, CVE-2025-38352, CVE-2025-38375, CVE-2025-38386, CVE-2025-38391, CVE-2025-38399, CVE-2025-38449, CVE-2025-38457, CVE-2025-38464, CVE-2025-38466, CVE-2025-38495, CVE-2025-38498