Detections
Analytics

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2296)

high Nessus Plugin ID 271298

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 ipv6: fix panic when forwarding a pkt with no in6 dev(CVE-2022-49048)

 netfilter: conntrack: revisit gc autotuning(CVE-2022-49110)

 bpf, sockmap: Fix memleak in sk_psock_queue_msg(CVE-2022-49207)

 block: fix rq-qos breakage from skipping rq_qos_done_bio()(CVE-2022-49266)

 tcp: add accessors to read/set tp-snd_cwnd(CVE-2022-49325)

 ip_gre: test csum_start instead of transport header(CVE-2022-49340)

 netfilter: nf_tables: double hook unregistration in netns path(CVE-2022-49558)

 tcp: Fix data-races around sysctl_tcp_recovery.(CVE-2022-49574)

 igmp: Fix data-races around sysctl_igmp_llm_reports.(CVE-2022-49590)

 tcp: Fix a data-race around sysctl_tcp_probe_interval.(CVE-2022-49593)

 ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()(CVE-2022-49772)

 macvlan: enforce a consistent minimal mtu(CVE-2022-49776)

 x86/sgx: Add overflow check in sgx_validate_offset_length()(CVE-2022-49785)

 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()(CVE-2022-49787)

 tracing: Fix memory leak in tracing_read_pipe()(CVE-2022-49801)

 netdevsim: Fix memory leak of nsim_dev-fa_cookie(CVE-2022-49803)

 bridge: switchdev: Fix memory leaks when changing VLAN protocol(CVE-2022-49812)

 net: ena: Fix error handling in ena_init()(CVE-2022-49813)

 sctp: clear out_curr if all frag chunks of current msg are pruned(CVE-2022-49838)

 ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network(CVE-2022-49865)

 net: gso: fix panic on frag_list with mixed head alloc types(CVE-2022-49872)

 bpf, sockmap: Fix the sk-sk_forward_alloc warning of sk_stream_kill_queues(CVE-2022-49877)

 ipv6: fix WARNING in ip6_route_net_exit_late()(CVE-2022-49903)

 net, neigh: Fix null-ptr-deref in neigh_table_clear()(CVE-2022-49904)

 net: mdio: fix undefined behavior in bit shift for __mdiobus_register(CVE-2022-49907)

 ipvs: fix WARNING in ip_vs_app_net_cleanup()(CVE-2022-49917)

 ipvs: fix WARNING in __ip_vs_cleanup_batch()(CVE-2022-49918)

 netfilter: nf_tables: release flow rule object from commit path(CVE-2022-49919)

 tty: n_gsm: add sanity check for gsm-receive in gsm_receive_buf()(CVE-2022-49940)

 vt: Clear selection before changing the font(CVE-2022-49948)

 bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO(CVE-2022-49961)

 arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level(CVE-2022-49964)

 bpf: Fix a data-race around bpf_jit_limit.(CVE-2022-49967)

 ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead(CVE-2022-49977)

 net: fix refcount bug in sk_psock_get (2)(CVE-2022-49979)

 media: pvrusb2: fix memory leak in pvr_probe(CVE-2022-49982)

 bpf: Don't use tnum_range on array range checking for poke descriptors(CVE-2022-49985)

 ice: xsk: prohibit usage of non-balanced queue id(CVE-2022-50003)

 kprobes: don't call disarm_kprobe() for disabled kprobes(CVE-2022-50008)

 ext4: avoid resizing to a partial cluster size(CVE-2022-50020)

 ext4: block range must be validated before use in ext4_mb_clear_bb()(CVE-2022-50021)

 iavf: Fix adminq error handling(CVE-2022-50055)

 virtio_net: fix memory leak inside XPD_TX with mergeable(CVE-2022-50065)

 net: atlantic: fix aq_vec index out of range error(CVE-2022-50066)

 BPF: Fix potential bad pointer dereference in bpf_sys_bpf()(CVE-2022-50069)

 net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-dev is null(CVE-2022-50073)

 apparmor: Fix memleak in aa_simple_write_to_buffer()(CVE-2022-50074)

 resolved: apparmor: fix reference count leak in aa_pivotroot() (CVE-2022-50077)

 ext4: fix warning in ext4_iomap_begin as race between bmap and write(CVE-2022-50082)

 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.(CVE-2022-50083)

 block: don't allow the same type rq_qos add more than once(CVE-2022-50086)

 jbd2: fix assertion 'jh-b_frozen_data == NULL' failure when journal aborted(CVE-2022-50126)

 RDMA/srpt: Fix a use-after-free(CVE-2022-50129)

 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()(CVE-2022-50134)

 RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()(CVE-2022-50138)

 bpf: fix potential 32-bit overflow when accessing ARRAY map element(CVE-2022-50167)

 virtio-gpu: fix a missing check to avoid NULL dereference(CVE-2022-50181)

 selinux: Add boundary check in put_entry()(CVE-2022-50200)

 PM: hibernate: defer device probing when resuming from hibernation(CVE-2022-50202)

 arm64: fix oops in concurrently setting insn_emulation sysctls(CVE-2022-50206)

 netfilter: nf_tables: do not allow SET_ID to refer to another table(CVE-2022-50213)

 scsi: sg: Allow waiting for commands to complete on removed device(CVE-2022-50215)

 bpf: Fix KASAN use-after-free Read in compute_effective_progs(CVE-2022-50219)

 usbnet: Fix linkwatch use-after-free on disconnect(CVE-2022-50220)

 tty: vt: initialize unicode screen buffer(CVE-2022-50222)

 KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0(CVE-2022-50228)

 arm64: set UXN on swapper page tables(CVE-2022-50230)

 crypto: arm64/poly1305 - fix a read out-of-bound(CVE-2022-50231)

 arm64: set UXN on swapper page tables(CVE-2022-50232)

 netfilter: nf_tables: don't fail inserts if duplicate has expired(CVE-2023-52925)

 netfilter: allow exp not to be removed in nf_ct_find_expectation(CVE-2023-52927)

 dm crypt: add cond_resched() to dmcrypt_write()(CVE-2023-53051)

 erspan: do not use skb_mac_header() in ndo_start_xmit()(CVE-2023-53053)

 net/mlx5: E-Switch, Fix an Oops in error handling code(CVE-2023-53058)

 net: usb: smsc95xx: Limit packet length to skb-len(CVE-2023-53062)

 qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info(CVE-2023-53066)

 net: usb: lan78xx: Limit packet length to skb-len(CVE-2023-53068)

 net/mlx5: Fix steering rules cleanup(CVE-2023-53079)

 xsk: Add missing overflow check in xdp_umem_reg(CVE-2023-53080)

 ice: xsk: disable txq irq before flushing hw(CVE-2023-53102)

 bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails(CVE-2023-53103)

 net: tunnels: annotate lockless accesses to dev-needed_headroom(CVE-2023-53109)

 i40e: Fix kernel crash during reboot when adapter is in recovery mode(CVE-2023-53114)

 tcp: tcp_make_synack() can be called from process context(CVE-2023-53121)

 net: usb: smsc75xx: Limit packet length to skb-len(CVE-2023-53125)

 SUNRPC: Fix a server shutdown leak(CVE-2023-53131)

 bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()(CVE-2023-53133)

 bpf: consider that tail calls invalidate packet pointers(CVE-2024-58237)

 net: avoid race between device unregistration and ethnl ops(CVE-2025-21701)

 ata: libata-sff: Ensure that we cannot write outside the allocated buffer(CVE-2025-21738)

 block: mark GFP_NOIO around sysfs -store()(CVE-2025-21817)

 netfilter: nf_tables: reject mismatching sum of field_len with set key length(CVE-2025-21826)

 netfilter: socket: Lookup orig tuple for IPv6 SNAT(CVE-2025-22021)

 net: fix geneve_opt length integer overflow(CVE-2025-22055)

 net: decrease cached dst counters in dst_release(CVE-2025-22057)

 rtnetlink: Allocate vfinfo size for VF GUIDs when supported(CVE-2025-22075)

 RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow(CVE-2025-22086)

 net: fix NULL pointer dereference in l3mdev_l3_rcv(CVE-2025-22103)

 sctp: detect and prevent references to a freed transport in sendmsg(CVE-2025-23142)

 net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes.(CVE-2025-37749)

 net: tls: explicitly disallow disconnect(CVE-2025-37756)

 tipc: fix memory leak in tipc_link_xmit(CVE-2025-37757)

 cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path(CVE-2025-37788)

 net: openvswitch: fix nested key length validation in the set() action(CVE-2025-37789)

 net_sched: hfsc: Fix a UAF vulnerability in class handling(CVE-2025-37797)

 codel: remove sch-q.qlen check before qdisc_tree_reduce_backlog()(CVE-2025-37798)

 net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too(CVE-2025-37823)

 tipc: fix NULL pointer dereference in tipc_mon_reinit_self()(CVE-2025-37824)

 page_pool: avoid infinite loop to schedule delayed worker(CVE-2025-37859)

 HID: pidff: Fix null pointer dereference in pidff_find_fields(CVE-2025-37862)

 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc(CVE-2025-37890)

 net_sched: qfq: Fix double list add in class with netem as child qdisc(CVE-2025-37913)

 net_sched: drr: Fix double list add in class with netem as child qdisc(CVE-2025-37915)

 xsk: Fix race condition in AF_XDP generic RX path(CVE-2025-37920)

 sch_htb: make htb_qlen_notify() idempotent(CVE-2025-37932)

 bpf: Scrub packet on bpf_redirect_peer(CVE-2025-37959)

 ipvs: fix uninit-value for saddr in do_output_route4(CVE-2025-37961)

 net: phy: leds: fix memory leak(CVE-2025-37989)

 net_sched: Flush gso_skb list too during -change()(CVE-2025-37992)

 netfilter: ipset: fix region locking in hash types(CVE-2025-37997)

 openvswitch: Fix unsafe attribute parsing in output_userspace()(CVE-2025-37998)

 sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()(CVE-2025-38000)

 net_sched: hfsc: Address reentrant enqueue adding class to eltree twice(CVE-2025-38001)

 dmaengine: idxd: Refactor remove call with idxd_cleanup() helper(CVE-2025-38014)

 serial: mctrl_gpio: split disable_ms into sync and no_sync APIs(CVE-2025-38040)

 media: cx231xx: set device_caps for 417(CVE-2025-38044)

 net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done(CVE-2025-38052)

 net: pktgen: fix access outside of user given buffer in pktgen_thread_write()(CVE-2025-38061)

 dm: fix unconditional IO throttle caused by REQ_PREFLUSH(CVE-2025-38063)

 dm cache: prevent BUG_ON by blocking retries on failed device resumes(CVE-2025-38066)

 crypto: lzo - Fix compression buffer overrun(CVE-2025-38068)

 vhost-scsi: protect vq-log_used with vq-mutex(CVE-2025-38074)

 scsi: target: iscsi: Fix timeout on deleted connection(CVE-2025-38075)

 net_sched: prio: fix a race in prio_tune()(CVE-2025-38083)

 mm/hugetlb: unshare page tables during VMA split, not before(CVE-2025-38084)

 net: ch9200: fix uninitialised access during mii_nway_restart(CVE-2025-38086)

 x86/iopl: Cure TIF_IO_BITMAP inconsistencies(CVE-2025-38100)

 VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify(CVE-2025-38102)

 net_sched: red: fix a race in __red_change()(CVE-2025-38108)

 net/mdiobus: Fix potential out-of-bounds read/write access(CVE-2025-38111)

 net: Fix TOCTOU issue in sk_is_readable()(CVE-2025-38112)

 net_sched: sch_sfq: fix a potential crash on gso_skb handling(CVE-2025-38115)

 netfilter: nf_set_pipapo_avx2: fix initial map fill(CVE-2025-38120)

 net: fix udp gso skb_segment after pull from frag_list(CVE-2025-38124)

 ice: fix Tx scheduler error handling in XDP callback(CVE-2025-38127)

 page_pool: Fix use-after-free in page_pool_recycle_in_ring(CVE-2025-38129)

 bpf, sockmap: Avoid using sk_socket after free when sending(CVE-2025-38154)

 netfilter: nft_set_pipapo: prevent overflow in lookup table allocation(CVE-2025-38162)

 bpf, sockmap: Fix panic when calling skb_linearize(CVE-2025-38165)

 bpf: fix ktls panic with sockmap(CVE-2025-38166)

 RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction(CVE-2025-38211)

 fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var(CVE-2025-38214)

 ext4: inline: fix len overflow in ext4_prepare_inline_data(CVE-2025-38222)

 media: cxusb: no longer judge rbuf when the write fails(CVE-2025-38229)

 bpf: Avoid __bpf_prog_ret0_warn when jit fails(CVE-2025-38280)

 bpf: Fix WARN() in get_bpf_raw_tp_regs(CVE-2025-38285)

 EDAC/skx_common: Fix general protection fault(CVE-2025-38298)

 mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().(CVE-2025-38324)

 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()(CVE-2025-38337)

 ACPICA: fix acpi operand cache leak in dswstate.c(CVE-2025-38345)

 ftrace: Fix UAF when lookup kallsym after ftrace disabled(CVE-2025-38346)

 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()(CVE-2025-38352)

 ACPICA: Refuse to evaluate a method if arguments are missing(CVE-2025-38386)

 usb: typec: altmodes/displayport: do not index invalid pin_assignments(CVE-2025-38391)

 fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass(CVE-2025-38396)

 scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()(CVE-2025-38399)

 drm/gem: Acquire references on GEM handles for framebuffers(CVE-2025-38449)

 HID: core: ensure the allocated report buffer can contain the reserved report ID(CVE-2025-38495)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?df9da606

Plugin Details

Severity: High

ID: 271298

File Name: EulerOS_SA-2025-2296.nasl

Version: 1.1

Type: local

Published: 10/24/2025

Updated: 10/24/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 5

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-49919

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.5

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/23/2025

Vulnerability Publication Date: 9/4/2021

CISA Known Exploited Vulnerability Due Dates: 9/25/2025

Reference Information

CVE: CVE-2022-49048, CVE-2022-49110, CVE-2022-49207, CVE-2022-49266, CVE-2022-49325, CVE-2022-49340, CVE-2022-49558, CVE-2022-49574, CVE-2022-49590, CVE-2022-49593, CVE-2022-49772, CVE-2022-49776, CVE-2022-49785, CVE-2022-49787, CVE-2022-49801, CVE-2022-49803, CVE-2022-49812, CVE-2022-49813, CVE-2022-49838, CVE-2022-49865, CVE-2022-49872, CVE-2022-49877, CVE-2022-49903, CVE-2022-49904, CVE-2022-49907, CVE-2022-49917, CVE-2022-49918, CVE-2022-49919, CVE-2022-49940, CVE-2022-49948, CVE-2022-49961, CVE-2022-49964, CVE-2022-49967, CVE-2022-49977, CVE-2022-49979, CVE-2022-49982, CVE-2022-49985, CVE-2022-50003, CVE-2022-50008, CVE-2022-50020, CVE-2022-50021, CVE-2022-50055, CVE-2022-50065, CVE-2022-50066, CVE-2022-50069, CVE-2022-50073, CVE-2022-50074, CVE-2022-50077, CVE-2022-50082, CVE-2022-50086, CVE-2022-50126, CVE-2022-50129, CVE-2022-50134, CVE-2022-50138, CVE-2022-50167, CVE-2022-50181, CVE-2022-50200, CVE-2022-50202, CVE-2022-50206, CVE-2022-50213, CVE-2022-50215, CVE-2022-50219, CVE-2022-50220, CVE-2022-50222, CVE-2022-50228, CVE-2022-50230, CVE-2022-50231, CVE-2022-50232, CVE-2023-52925, CVE-2023-52927, CVE-2023-53051, CVE-2023-53053, CVE-2023-53058, CVE-2023-53062, CVE-2023-53066, CVE-2023-53068, CVE-2023-53079, CVE-2023-53080, CVE-2023-53102, CVE-2023-53103, CVE-2023-53109, CVE-2023-53114, CVE-2023-53121, CVE-2023-53125, CVE-2023-53131, CVE-2023-53133, CVE-2024-58237, CVE-2025-21701, CVE-2025-21738, CVE-2025-21817, CVE-2025-21826, CVE-2025-22021, CVE-2025-22055, CVE-2025-22057, CVE-2025-22075, CVE-2025-22086, CVE-2025-22103, CVE-2025-23142, CVE-2025-37749, CVE-2025-37756, CVE-2025-37757, CVE-2025-37788, CVE-2025-37789, CVE-2025-37797, CVE-2025-37798, CVE-2025-37823, CVE-2025-37824, CVE-2025-37859, CVE-2025-37862, CVE-2025-37890, CVE-2025-37913, CVE-2025-37915, CVE-2025-37920, CVE-2025-37932, CVE-2025-37959, CVE-2025-37961, CVE-2025-37989, CVE-2025-37992, CVE-2025-37997, CVE-2025-37998, CVE-2025-38000, CVE-2025-38001, CVE-2025-38014, CVE-2025-38040, CVE-2025-38044, CVE-2025-38052, CVE-2025-38061, CVE-2025-38063, CVE-2025-38066, CVE-2025-38068, CVE-2025-38074, CVE-2025-38075, CVE-2025-38083, CVE-2025-38084, CVE-2025-38086, CVE-2025-38100, CVE-2025-38102, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112, CVE-2025-38115, CVE-2025-38120, CVE-2025-38124, CVE-2025-38127, CVE-2025-38129, CVE-2025-38154, CVE-2025-38162, CVE-2025-38165, CVE-2025-38166, CVE-2025-38211, CVE-2025-38214, CVE-2025-38222, CVE-2025-38229, CVE-2025-38280, CVE-2025-38285, CVE-2025-38298, CVE-2025-38324, CVE-2025-38337, CVE-2025-38345, CVE-2025-38346, CVE-2025-38352, CVE-2025-38386, CVE-2025-38391, CVE-2025-38396, CVE-2025-38399, CVE-2025-38449, CVE-2025-38495