Detections
Analytics

EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2025-2623)

high Nessus Plugin ID 281563

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 x86/mce: Work around an erratum on fast string copy instructions(CVE-2022-49124)

 net: preserve skb_end_offset() in skb_unclone_keeptruesize()(CVE-2022-49142)

 scsi: qla2xxx: Fix premature hw access after PCI error(CVE-2022-49157)

 scsi: qla2xxx: Fix warning message due to adisc being flushed(CVE-2022-49158)

 scsi: qla2xxx: Implement ref count for SRB(CVE-2022-49159)

 USB: core: Prevent nested device-reset calls(CVE-2022-49936)

 mmc: vub300: fix return value check of mmc_add_host()(CVE-2022-50251)

 tracing: Fix reading strings from synthetic events(CVE-2022-50255)

 kprobes: Fix check for probe enabled in kill_kprobe()(CVE-2022-50266)

 mmc: rtsx_pci: fix return value check of mmc_add_host()(CVE-2022-50267)

 pnode: terminate at peers of source(CVE-2022-50280)

 ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline(CVE-2022-50286)

 ext4: fix potential out of bound read in ext4_fc_replay_scan()(CVE-2022-50306)

 drivers: serial: jsm: fix some leaks in probe(CVE-2022-50312)

 erofs: fix order = MAX_ORDER warning due to crafted negative i_size(CVE-2022-50313)

 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS(CVE-2022-50315)

 perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()(CVE-2022-50318)

 net: do not sense pfmemalloc status in skb_append_pagefrags()(CVE-2022-50323)

 jbd2: fix potential use-after-free in jbd2_fc_wait_bufs(CVE-2022-50328)

 crypto: cavium - prevent integer overflow loading firmware(CVE-2022-50330)

 ext4: fix null-ptr-deref in ext4_write_info(CVE-2022-50344)

 ext4: init quota for 'old.inode' in 'ext4_rename'(CVE-2022-50346)

 scsi: target: iscsi: Fix a race condition between login_work and the login thread(CVE-2022-50350)

 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.(CVE-2022-50377)

 padata: Always leave BHs disabled when running -parallel()(CVE-2022-50382)

 nvme: fix multipath crash caused by flush request when blktrace is enabled(CVE-2022-50388)

 tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak(CVE-2022-50389)

 drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED(CVE-2022-50390)

 i2c: ismt: Fix an out-of-bounds bug in ismt_access()(CVE-2022-50394)

 ACPICA: Fix error code path in acpi_ds_call_control_method()(CVE-2022-50411)

 x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly(CVE-2022-50425)

 mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING(CVE-2022-50430)

 drm/vmwgfx: Validate the box size for the snooped cursor(CVE-2022-50440)

 cpufreq: Init completion before kobject_init_and_add()(CVE-2022-50473)

 ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode(CVE-2022-50485)

 scsi: qla2xxx: Fix crash when I/O abort times out(CVE-2022-50493)

 binfmt_misc: fix shift-out-of-bounds in check_special_flags(CVE-2022-50497)

 perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()(CVE-2022-50510)

 tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'(CVE-2022-50553)

 ext4: avoid deadlock in fs reclaim with page writeback(CVE-2023-53149)

 tracing: Fix null pointer dereference in tracing_err_log_open()(CVE-2023-53167)

 vfio/type1: prevent underflow of locked_vm via exec()(CVE-2023-53171)

 serial: 8250: Reinit port-pm on port specific driver unbind(CVE-2023-53176)

 mm: fix zswap writeback race condition(CVE-2023-53178)

 sched/fair: Don't balance task to its current running CPU(CVE-2023-53215)

 arm64: efi: Make efi_rt_lock a raw_spinlock(CVE-2023-53216)

 media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()(CVE-2023-53220)

 bpf: Fix memleak due to fentry attach failure(CVE-2023-53221)

 thermal/drivers/hisi: Drop second sensor hi3660(CVE-2023-53242)

 firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle(CVE-2023-53250)

 VMCI: check context-notify_page after call to get_user_pages_fast() to avoid GPF(CVE-2023-53259)

 ext4: fix i_disksize exceeding i_size problem in paritally written case(CVE-2023-53270)

 scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue(CVE-2023-53280)

 ext4: add bounds checking in get_max_inline_xattr_value_size()(CVE-2023-53285)

 drm/client: Fix memory leak in drm_client_modeset_probe(CVE-2023-53288)

 ext4: fix WARNING in mb_find_extent(CVE-2023-53317)

 recordmcount: Fix memory leaks in the uwrite function(CVE-2023-53318)

 genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()(CVE-2023-53332)

 tracing: Fix race issue between cpu buffer write and swap(CVE-2023-53368)

 crypto: seqiv - Handle EBUSY correctly(CVE-2023-53373)

 tracing: Free error logs of tracing instances(CVE-2023-53375)

 ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer(CVE-2023-53395)

 mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()(CVE-2023-53401)

 blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()(CVE-2023-53421)

 media: uvcvideo: Handle cameras with invalid descriptors(CVE-2023-53437)

 bpf: cpumap: Fix memory leak in cpu_map_update_elem(CVE-2023-53441)

 ext4: remove a BUG_ON in ext4_mb_release_group_pa()(CVE-2023-53450)

 scsi: qla4xxx: Add length check when parsing nlattrs(CVE-2023-53456)

 kobject: Add sanity check for kset-kobj.ktype in kset_register()(CVE-2023-53480)

 ext4: allow ext4_get_group_info() to fail(CVE-2023-53503)

 udf: Do not bother merging very long extents(CVE-2023-53506)

 virtio-mmio: don't break lifecycle of vm_dev(CVE-2023-53515)

 scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()(CVE-2023-53521)

 scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()(CVE-2023-53530)

 tracing/histograms: Add histograms to hist_vars if they have referenced variables(CVE-2023-53560)

 null_blk: Always check queue mode setting from configfs(CVE-2023-53576)

 bpf, cpumap: Make sure kthread is running before map update returns(CVE-2023-53577)

 ring-buffer: Sync IRQ works before buffer destruction(CVE-2023-53587)

 ipmi_si: fix a memleak in try_smi_init()(CVE-2023-53611)

 ext4: fix possible double unlock when moving a directory(CVE-2023-53626)

 bnxt: avoid overflow in bnxt_get_nvram_directory()(CVE-2023-53661)

 ring-buffer: Fix deadloop issue on reading trace_pipe(CVE-2023-53668)

 A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.(CVE-2024-36357)

 drm/dp_mst: Fix MST sideband message body length check(CVE-2024-56616)

 tls: stop recv() if initial process_rx_list gave us non-DATA(CVE-2024-58239)

 crypto: algif_hash - fix double free in hash_accept(CVE-2025-38079)

 thunderbolt: Do not double dequeue a configuration request(CVE-2025-38174)

 mm: fix uprobe pte be overwritten when expanding vma(CVE-2025-38207)

 scsi: lpfc: Use memcpy() for BIOS version(CVE-2025-38332)

 x86/sgx: Prevent attempts to reclaim poisoned pages(CVE-2025-38334)

 HID: core: do not bypass hid_hw_raw_request(CVE-2025-38494)

 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns(CVE-2025-38499)

 bpf: Fix oob access in cgroup local storage(CVE-2025-38502)

 drm/sched: Increment job count before swapping tail spsc queue(CVE-2025-38515)

 pinctrl: qcom: msm: mark certain pins as invalid for interrupts(CVE-2025-38516)

 HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras(CVE-2025-38540)

 net/sched: Restrict conditions for adding duplicating netems to qdisc tree(CVE-2025-38553)

 crypto: ccp - Fix crash when rebind ccp device for ccp.ko(CVE-2025-38581)

 padata: Fix pd UAF once and for all(CVE-2025-38584)

 net: drop UFO packets in udp_rcv_segment()(CVE-2025-38622)

 regulator: core: fix NULL dereference on unbind due to stale coupling data(CVE-2025-38668)

 media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()(CVE-2025-38680)

 fbdev: Fix vmalloc out-of-bounds write in fast_imageblit(CVE-2025-38685)

 media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar(CVE-2025-38693)

 scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure(CVE-2025-38695)

 ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr(CVE-2025-38701)

 x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper(CVE-2025-39681)

 tracing: Limit access to parser-buffer when trace_get_user failed(CVE-2025-39683)

 ftrace: Also allocate and copy hash for reading of filter files(CVE-2025-39689)

 fs/buffer: fix use-after-free when call bh_read() helper(CVE-2025-39691)

 serial: 8250: fix panic due to PSLVERR(CVE-2025-39724)

 rcu: Fix rcu_read_unlock() deadloop due to IRQ work(CVE-2025-39744)

 rcu: Protect -defer_qs_iw_pending from data race(CVE-2025-39749)

 usb: core: config: Prevent OOB read in SS endpoint companion parsing(CVE-2025-39760)

 jbd2: prevent softlockup in jbd2_log_do_checkpoint()(CVE-2025-39782)

 ftrace: Fix potential warning in trace_printk_seq during ftrace_dump(CVE-2025-39813)

 trace/fgraph: Fix the warning caused by missing unregister notifier(CVE-2025-39829)

 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects(CVE-2025-39850)

 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object(CVE-2025-39851)

 tee: fix NULL pointer dereference in tee_shm_put(CVE-2025-39865)

 fs: writeback: fix use-after-free in __mark_inode_dirty()(CVE-2025-39866)

 cgroup: split cgroup_destroy_wq into 3 workqueues(CVE-2025-39953)

 fbcon: fix integer overflow in fbcon_do_set_font(CVE-2025-39967)

 i40e: add max boundary check for VF filters(CVE-2025-39968)

 i40e: fix idx validation in config queues msg(CVE-2025-39971)

 i40e: add validation for ring_len param(CVE-2025-39973)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?45664f8f

Plugin Details

Severity: High

ID: 281563

File Name: EulerOS_SA-2025-2623.nasl

Version: 1.1

Type: local

Published: 12/31/2025

Updated: 12/31/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-38584

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:uvp:2.13.1, p-cpe:/a:huawei:euleros:kernel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/31/2025

Vulnerability Publication Date: 9/4/2021

Reference Information

CVE: CVE-2022-49124, CVE-2022-49142, CVE-2022-49157, CVE-2022-49158, CVE-2022-49159, CVE-2022-49936, CVE-2022-50251, CVE-2022-50255, CVE-2022-50266, CVE-2022-50267, CVE-2022-50280, CVE-2022-50286, CVE-2022-50306, CVE-2022-50312, CVE-2022-50313, CVE-2022-50315, CVE-2022-50318, CVE-2022-50323, CVE-2022-50328, CVE-2022-50330, CVE-2022-50344, CVE-2022-50346, CVE-2022-50350, CVE-2022-50382, CVE-2022-50388, CVE-2022-50389, CVE-2022-50390, CVE-2022-50394, CVE-2022-50411, CVE-2022-50425, CVE-2022-50430, CVE-2022-50440, CVE-2022-50473, CVE-2022-50485, CVE-2022-50493, CVE-2022-50497, CVE-2022-50510, CVE-2022-50553, CVE-2023-53149, CVE-2023-53167, CVE-2023-53171, CVE-2023-53176, CVE-2023-53178, CVE-2023-53215, CVE-2023-53216, CVE-2023-53220, CVE-2023-53221, CVE-2023-53242, CVE-2023-53250, CVE-2023-53259, CVE-2023-53270, CVE-2023-53280, CVE-2023-53285, CVE-2023-53288, CVE-2023-53317, CVE-2023-53318, CVE-2023-53332, CVE-2023-53368, CVE-2023-53373, CVE-2023-53375, CVE-2023-53395, CVE-2023-53401, CVE-2023-53421, CVE-2023-53437, CVE-2023-53441, CVE-2023-53450, CVE-2023-53456, CVE-2023-53480, CVE-2023-53503, CVE-2023-53506, CVE-2023-53515, CVE-2023-53521, CVE-2023-53530, CVE-2023-53560, CVE-2023-53576, CVE-2023-53577, CVE-2023-53587, CVE-2023-53611, CVE-2023-53626, CVE-2023-53661, CVE-2023-53668, CVE-2024-36357, CVE-2024-56616, CVE-2024-58239, CVE-2025-38079, CVE-2025-38174, CVE-2025-38207, CVE-2025-38332, CVE-2025-38334, CVE-2025-38494, CVE-2025-38499, CVE-2025-38502, CVE-2025-38515, CVE-2025-38516, CVE-2025-38540, CVE-2025-38553, CVE-2025-38581, CVE-2025-38584, CVE-2025-38622, CVE-2025-38668, CVE-2025-38680, CVE-2025-38685, CVE-2025-38693, CVE-2025-38695, CVE-2025-38701, CVE-2025-39681, CVE-2025-39683, CVE-2025-39689, CVE-2025-39691, CVE-2025-39724, CVE-2025-39744, CVE-2025-39749, CVE-2025-39760, CVE-2025-39782, CVE-2025-39813, CVE-2025-39829, CVE-2025-39850, CVE-2025-39851, CVE-2025-39865, CVE-2025-39866, CVE-2025-39953, CVE-2025-39967, CVE-2025-39968, CVE-2025-39971, CVE-2025-39973