Detections
Analytics

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1071)

high Nessus Plugin ID 284730

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 net: drop UFO packets in udp_rcv_segment()(CVE-2025-38622)

 A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.(CVE-2024-36357)

 x86/mce: Work around an erratum on fast string copy instructions(CVE-2022-49124)

 scsi: qla2xxx: Implement ref count for SRB(CVE-2022-49159)

 rcu: Fix rcu_read_unlock() deadloop due to IRQ work(CVE-2025-39744)

 jbd2: prevent softlockup in jbd2_log_do_checkpoint()(CVE-2025-39782)

 drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED(CVE-2022-50390)

 crypto: essiv - Check ssize for decryption and in-place encryption(CVE-2025-40019)

 media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar(CVE-2025-38693)

 rcu: Protect -defer_qs_iw_pending from data race(CVE-2025-39749)

 fbdev: Fix vmalloc out-of-bounds write in fast_imageblit(CVE-2025-38685)

 media: rc: fix races with imon_disconnect()(CVE-2025-39993)

 mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()(CVE-2023-53401)

 scsi: lpfc: Use memcpy() for BIOS version(CVE-2025-38332)

 usb: core: config: Prevent OOB read in SS endpoint companion parsing(CVE-2025-39760)

 scsi: qla2xxx: Fix premature hw access after PCI error(CVE-2022-49157)

 fbcon: fix integer overflow in fbcon_do_set_font(CVE-2025-39967)

 scsi: target: iscsi: Fix a race condition between login_work and the login thread(CVE-2022-50350)

 mm: fix uprobe pte be overwritten when expanding vma(CVE-2025-38207)

 scsi: qla2xxx: Fix crash when I/O abort times out(CVE-2022-50493)

 media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()(CVE-2025-38680)

 scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()(CVE-2023-53530)

 fs/buffer: fix use-after-free when call bh_read() helper(CVE-2025-39691)

 HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras(CVE-2025-38540)

 mmc: rtsx_pci: fix return value check of mmc_add_host()(CVE-2022-50267)

 RDMA/mlx5: Initialize obj_event-obj_sub_list before xa_insert(CVE-2025-38387)

 i40e: fix validation of VF state in get resources(CVE-2025-39969)

 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object(CVE-2025-39851)

 tracing: Limit access to parser-buffer when trace_get_user failed(CVE-2025-39683)

 firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle(CVE-2023-53250)

 perf: arm_spe: Prevent overflow in PERF_IDX2OFF()(CVE-2025-40081)

 ARM: rockchip: fix kernel hang during smp initialization(CVE-2025-39752)

 x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper(CVE-2025-39681)

 i40e: Fix potential invalid access when MAC list is empty(CVE-2025-39853)

 drm/dp_mst: Fix MST sideband message body length check(CVE-2024-56616)

 vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint(CVE-2025-22083)

 bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT(CVE-2025-38439)

 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference(CVE-2025-40042)

 PCI/ASPM: Fix link state exit during switch upstream function removal(CVE-2024-58093)

 ext4: detect invalid INLINE_DATA + EXTENTS flag combination(CVE-2025-40167)

 scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()(CVE-2023-53696)

 qed: Don't collect too many protection override GRC elements(CVE-2025-39949)

 partitions: mac: fix handling of bogus partition table(CVE-2025-21772)

 usb: xhci: Apply the link chain quirk on NEC isoc endpoints(CVE-2025-22022)

 start_kernel: Add __no_stack_protector function attribute(CVE-2023-53491)

 isofs: Prevent the use of too small fid(CVE-2025-37780)

 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg(CVE-2025-39964)

 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl(CVE-2025-22044)

 KVM: x86: Reset IRTE to host control if *new* route isn't postable(CVE-2025-37885)

 i40e: fix MMIO write access to an invalid page in i40e_clear_hw(CVE-2025-38200)

 net/sched: sch_qfq: Fix null-deref in agg_dequeue(CVE-2025-40083)

 net/sched: sch_qfq: Fix race condition on qfq_aggregate(CVE-2025-38477)

 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O(CVE-2025-40026)

 fs: udf: fix OOB read in lengthAllocDescs handling(CVE-2025-40044)

 x86/vmscape: Add conditional IBPB mitigation(CVE-2025-40300)

 ppp: fix memory leak in pad_compress_skb(CVE-2025-39847)

 benet: fix BUG when creating VFs(CVE-2025-38569)

 uio_hv_generic: Let userspace take care of interrupt mask(CVE-2025-40048)

 HID: ignore non-functional sensor in HP 5MP Camera(CVE-2025-21992)

 Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access(CVE-2024-21823)

 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels(CVE-2023-53254)

 usb: net: sierra: check for no status endpoint(CVE-2025-38474)

 NFSD: Define a proc_layoutcommit for the FlexFiles layout type(CVE-2025-40087)

 vfs: Don't leak disconnected dentries on umount(CVE-2025-40105)

 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX(CVE-2025-38201)

 firewire: net: fix use after free in fwnet_finish_incoming_packet()(CVE-2023-53432)

 serial: 8250: fix panic due to PSLVERR(CVE-2025-39724)

 HID: core: Harden s32ton() against conversion to 0 bits(CVE-2025-38556)

 tracing: dynevent: Add a missing lockdown check on dynevent(CVE-2025-40021)

 NFS: Fix the setting of capabilities when automounting a new filesystem(CVE-2025-39798)

 RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem(CVE-2025-38022)

 hv_netvsc: Fix panic during namespace deletion with VF(CVE-2025-38683)

 mm/slub: avoid accessing metadata when pointer is invalid in object_err()(CVE-2025-39902)

 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().(CVE-2025-38181)

 crypto: rng - Ensure set_ent is always present(CVE-2025-40109)

 ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr(CVE-2025-38701)

 RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()(CVE-2025-39742)

 ice: Fix a null pointer dereference in ice_copy_and_init_pkg()(CVE-2025-38664)

 netfilter: nf_tables: reject duplicate device on updates(CVE-2025-38678)

 ipvs: Defer ip_vs_ftp unregister during netns cleanup(CVE-2025-40018)

 vsock: Do not allow binding to VMADDR_PORT_ANY(CVE-2025-38618)

 efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare(CVE-2025-39817)

 blk-mq: avoid double -queue_rq() because of early timeout(CVE-2022-50554)

 i40e: add max boundary check for VF filters(CVE-2025-39968)

 net/packet: fix a race in packet_set_ring() and packet_notifier()(CVE-2025-38617)

 xfrm: Duplicate SPI Handling(CVE-2025-39797)

 loop: Avoid updating block size under exclusive owner(CVE-2025-38709)

 scsi: target: Fix WRITE_SAME No Data Buffer crash(CVE-2022-21546)

 ftrace: Fix potential warning in trace_printk_seq during ftrace_dump(CVE-2025-39813)

 cgroup: split cgroup_destroy_wq into 3 workqueues(CVE-2025-39953)

 ext4: fix potential out of bound read in ext4_fc_replay_scan()(CVE-2022-50306)

 padata: Fix pd UAF once and for all(CVE-2025-38584)

 i40e: add validation for ring_len param(CVE-2025-39973)

 mm: fix zswap writeback race condition(CVE-2023-53178)

 bnxt: avoid overflow in bnxt_get_nvram_directory()(CVE-2023-53661)

 tracing: Fix reading strings from synthetic events(CVE-2022-50255)

 trace/fgraph: Fix the warning caused by missing unregister notifier(CVE-2025-39829)

 tee: fix NULL pointer dereference in tee_shm_put(CVE-2025-39865)

 scsi: qla2xxx: Fix warning message due to adisc being flushed(CVE-2022-49158)

 thunderbolt: Do not double dequeue a configuration request(CVE-2025-38174)

 pNFS: Fix uninited ptr deref in block/scsi layout(CVE-2025-38691)

 i40e: fix idx validation in config queues msg(CVE-2025-39971)

 ftrace: Also allocate and copy hash for reading of filter files(CVE-2025-39689)

 net/sched: Restrict conditions for adding duplicating netems to qdisc tree(CVE-2025-38553)

 bpf: Fix oob access in cgroup local storage(CVE-2025-38502)

 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects(CVE-2025-39850)

 cnic: Fix use-after-free bugs in cnic_delete_task(CVE-2025-39945)

 i40e: fix input validation logic for action_meta(CVE-2025-39970)

 drm/sched: Increment job count before swapping tail spsc queue(CVE-2025-38515)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?7a7fdca8

Plugin Details

Severity: High

ID: 284730

File Name: EulerOS_SA-2026-1071.nasl

Version: 1.1

Type: local

Published: 1/15/2026

Updated: 1/15/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-39797

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/13/2026

Vulnerability Publication Date: 11/8/2022

Reference Information

CVE: CVE-2022-21546, CVE-2022-49124, CVE-2022-49157, CVE-2022-49158, CVE-2022-49159, CVE-2022-50255, CVE-2022-50267, CVE-2022-50306, CVE-2022-50350, CVE-2022-50390, CVE-2022-50493, CVE-2022-50554, CVE-2023-53178, CVE-2023-53250, CVE-2023-53254, CVE-2023-53401, CVE-2023-53432, CVE-2023-53491, CVE-2023-53530, CVE-2023-53661, CVE-2023-53696, CVE-2024-21823, CVE-2024-36357, CVE-2024-56616, CVE-2024-58093, CVE-2025-21772, CVE-2025-21992, CVE-2025-22022, CVE-2025-22044, CVE-2025-22083, CVE-2025-37780, CVE-2025-37885, CVE-2025-38022, CVE-2025-38174, CVE-2025-38181, CVE-2025-38200, CVE-2025-38201, CVE-2025-38207, CVE-2025-38332, CVE-2025-38387, CVE-2025-38439, CVE-2025-38474, CVE-2025-38477, CVE-2025-38502, CVE-2025-38515, CVE-2025-38540, CVE-2025-38553, CVE-2025-38556, CVE-2025-38569, CVE-2025-38584, CVE-2025-38617, CVE-2025-38618, CVE-2025-38622, CVE-2025-38664, CVE-2025-38678, CVE-2025-38680, CVE-2025-38683, CVE-2025-38685, CVE-2025-38691, CVE-2025-38693, CVE-2025-38701, CVE-2025-38709, CVE-2025-39681, CVE-2025-39683, CVE-2025-39689, CVE-2025-39691, CVE-2025-39724, CVE-2025-39742, CVE-2025-39744, CVE-2025-39749, CVE-2025-39752, CVE-2025-39760, CVE-2025-39782, CVE-2025-39797, CVE-2025-39798, CVE-2025-39813, CVE-2025-39817, CVE-2025-39829, CVE-2025-39847, CVE-2025-39850, CVE-2025-39851, CVE-2025-39853, CVE-2025-39865, CVE-2025-39902, CVE-2025-39945, CVE-2025-39949, CVE-2025-39953, CVE-2025-39964, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39973, CVE-2025-39993, CVE-2025-40018, CVE-2025-40019, CVE-2025-40021, CVE-2025-40026, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40081, CVE-2025-40083, CVE-2025-40087, CVE-2025-40105, CVE-2025-40109, CVE-2025-40167, CVE-2025-40300