Detections
Analytics

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1029)

high Nessus Plugin ID 284758

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()(CVE-2023-53521)

 binfmt_misc: fix shift-out-of-bounds in check_special_flags(CVE-2022-50497)

 scsi: lpfc: Fix buffer free/clear order in deferred receive path(CVE-2025-39841)

 mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory(CVE-2025-39883)

 md: Replace snprintf with scnprintf(CVE-2022-50299)

 drivers: serial: jsm: fix some leaks in probe(CVE-2022-50312)

 udf: Do not bother merging very long extents(CVE-2023-53506)

 fbdev: fix potential buffer overflow in do_register_framebuffer()(CVE-2025-38702)

 mm/slub: avoid accessing metadata when pointer is invalid in object_err()(CVE-2025-39902)

 xhci: Remove device endpoints from bandwidth list when freeing the device(CVE-2022-50470)

 HID: multitouch: Correct devm device reference for hidinput input_dev name(CVE-2023-53454)

 ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed(CVE-2023-53481)

 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash(CVE-2022-50494)

 md: fix a crash in mempool_free(CVE-2022-50381)

 scsi: ses: Fix possible desc_ptr out-of-bounds accesses(CVE-2023-53675)

 scsi: target: target_core_configfs: Add length check to avoid buffer overflow(CVE-2025-39998)

 fs: dlm: fix invalid derefence of sb_lvbptr(CVE-2022-50516)

 NFS: Fix a race when updating an existing write(CVE-2025-39697)

 mmc: vub300: fix return value check of mmc_add_host()(CVE-2022-50251)

 tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak(CVE-2022-50389)

 scsi: qla4xxx: Add length check when parsing nlattrs(CVE-2023-53456)

 ext4: avoid deadlock in fs reclaim with page writeback(CVE-2023-53149)

 kobject: Add sanity check for kset-kobj.ktype in kset_register()(CVE-2023-53480)

 scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()(CVE-2023-53676)

 udf: Fix uninitialized array access for some pathnames(CVE-2023-53165)

 ext4: avoid crash when inline data creation follows DIO write(CVE-2022-50435)

 cifs: Fix warning and UAF when destroy the MR list(CVE-2023-53427)

 scsi: qla2xxx: Pointer may be dereferenced(CVE-2023-53150)

 fs: writeback: fix use-after-free in __mark_inode_dirty()(CVE-2025-39866)

 blk-mq: use quiesced elevator switch when reinitializing queues(CVE-2022-50552)

 mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()(CVE-2023-53623)

 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS(CVE-2022-50315)

 pnode: terminate at peers of source(CVE-2022-50280)

 tracing: Fix race issue between cpu buffer write and swap(CVE-2023-53368)

 igb: Fix igb_down hung on surprise removal(CVE-2023-53148)

 udf: Do not update file length for failed writes to inline files(CVE-2023-53295)

 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()(CVE-2022-50544)

 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels(CVE-2023-53254)

 net/tunnel: wait until all sk_user_data reader finish before releasing the sock(CVE-2022-50405)

 mtd: Fix device name leak when register device failed in add_mtd_device()(CVE-2022-50566)

 ext4: add bounds checking in get_max_inline_xattr_value_size()(CVE-2023-53285)

 drm/mipi-dsi: Detach devices when removing the host(CVE-2022-50489)

 ipv6: Fix out-of-bounds access in ipv6_find_tlv()(CVE-2023-53705)

 md/raid10: check slab-out-of-bounds in md_bitmap_get_counter(CVE-2023-53357)

 scsi: qla2xxx: Wait for io return on terminate rport(CVE-2023-53322)

 PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free(CVE-2023-53446)

 sctp: check send stream number after wait_for_sndbuf(CVE-2023-53296)

 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails(CVE-2023-53307)

 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request(CVE-2023-53380)

 ubi: ensure that VID header offset + VID header size = alloc, size(CVE-2023-53265)

 icmp6: Fix null-ptr-deref of ip6_null_entry-rt6i_idev in icmp6_dev().(CVE-2023-53343)

 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().(CVE-2025-38181)

 ftrace: Also allocate and copy hash for reading of filter files(CVE-2025-39689)

 firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region(CVE-2023-52989)

 sched/fair: Don't balance task to its current running CPU(CVE-2023-53215)

 dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path(CVE-2023-53604)

 qede: confirm skb is allocated before using(CVE-2022-49084)

 sctp: linearize cloned gso packets in sctp_rcv(CVE-2025-38718)

 af_unix: Fix data-races around user-unix_inflight.(CVE-2023-53204)

 scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue(CVE-2023-53280)

 md/raid10: fix leak of 'r10bio-remaining' for recovery(CVE-2023-53299)

 recordmcount: Fix memory leaks in the uwrite function(CVE-2023-53318)

 cifs: fix oops during encryption(CVE-2022-50341)

 nfsd: call op_release, even when op_func returns an error(CVE-2023-53241)

 uio_hv_generic: Let userspace take care of interrupt mask(CVE-2025-40048)

 posix-timers: Ensure timer ID search-loop limit is valid(CVE-2023-53728)

 tipc: fix a null-ptr-deref in tipc_topsrv_accept(CVE-2022-50555)

 ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer(CVE-2023-53395)

 x86/MCE: Always save CS register on AMD Zen IF Poison errors(CVE-2023-53438)

 xfrm: fix slab-use-after-free in decode_session6(CVE-2023-53500)

 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()(CVE-2025-38352)

 i40e: add validation for ring_len param(CVE-2025-39973)

 firewire: net: fix use after free in fwnet_finish_incoming_packet()(CVE-2023-53432)

 NFSD: Protect against send buffer overflow in NFSv2 READ(CVE-2022-50410)

 drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()(CVE-2022-50402)

 net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode(CVE-2023-53733)

 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg(CVE-2025-39964)

 udf: Detect system inodes linked into directory hierarchy(CVE-2023-53695)

 skbuff: Account for tail adjustment during pull operations(CVE-2022-50365)

 mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING(CVE-2022-50430)

 skbuff: skb_segment, Call zero copy functions before using skbuff frags(CVE-2023-53354)

 tracing/histograms: Add histograms to hist_vars if they have referenced variables(CVE-2023-53560)

 net: fix skb leak in __skb_tstamp_tx()(CVE-2023-53716)

 media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()(CVE-2023-53220)

 serial: arc_uart: fix of_iomap leak in `arc_serial_probe`(CVE-2023-53719)

 fs: udf: fix OOB read in lengthAllocDescs handling(CVE-2025-40044)

 ipvs: Defer ip_vs_ftp unregister during netns cleanup(CVE-2025-40018)

 scsi: target: iscsi: Fix a race condition between login_work and the login thread(CVE-2022-50350)

 efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare(CVE-2025-39817)

 igb: Do not free q_vector unless new one was allocated(CVE-2022-50252)

 iommu/vt-d: Clean up si_domain in the init_dmars() error path(CVE-2022-50482)

 VMCI: check context-notify_page after call to get_user_pages_fast() to avoid GPF(CVE-2023-53259)

 ext4: fix WARNING in mb_find_extent(CVE-2023-53317)

 ip_vti: fix potential slab-use-after-free in decode_session6(CVE-2023-53559)

 netfilter: conntrack: Avoid nf_ct_helper_hash uses after free(CVE-2023-53619)

 Input: MT - limit max slots(CVE-2024-45008)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?dc4bf5b5

Plugin Details

Severity: High

ID: 284758

File Name: EulerOS_SA-2026-1029.nasl

Version: 1.1

Type: local

Published: 1/15/2026

Updated: 1/15/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-39689

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/13/2026

Vulnerability Publication Date: 9/4/2021

CISA Known Exploited Vulnerability Due Dates: 9/25/2025

Reference Information

CVE: CVE-2022-49084, CVE-2022-50251, CVE-2022-50252, CVE-2022-50280, CVE-2022-50299, CVE-2022-50312, CVE-2022-50315, CVE-2022-50341, CVE-2022-50350, CVE-2022-50365, CVE-2022-50381, CVE-2022-50389, CVE-2022-50402, CVE-2022-50405, CVE-2022-50410, CVE-2022-50430, CVE-2022-50435, CVE-2022-50470, CVE-2022-50482, CVE-2022-50489, CVE-2022-50494, CVE-2022-50497, CVE-2022-50516, CVE-2022-50544, CVE-2022-50552, CVE-2022-50555, CVE-2022-50566, CVE-2023-52989, CVE-2023-53148, CVE-2023-53149, CVE-2023-53150, CVE-2023-53165, CVE-2023-53204, CVE-2023-53215, CVE-2023-53220, CVE-2023-53241, CVE-2023-53254, CVE-2023-53259, CVE-2023-53265, CVE-2023-53280, CVE-2023-53285, CVE-2023-53295, CVE-2023-53296, CVE-2023-53299, CVE-2023-53307, CVE-2023-53317, CVE-2023-53318, CVE-2023-53322, CVE-2023-53343, CVE-2023-53354, CVE-2023-53357, CVE-2023-53368, CVE-2023-53380, CVE-2023-53395, CVE-2023-53427, CVE-2023-53432, CVE-2023-53438, CVE-2023-53446, CVE-2023-53454, CVE-2023-53456, CVE-2023-53480, CVE-2023-53481, CVE-2023-53500, CVE-2023-53506, CVE-2023-53521, CVE-2023-53559, CVE-2023-53560, CVE-2023-53604, CVE-2023-53619, CVE-2023-53623, CVE-2023-53675, CVE-2023-53676, CVE-2023-53695, CVE-2023-53705, CVE-2023-53716, CVE-2023-53719, CVE-2023-53728, CVE-2023-53733, CVE-2024-45008, CVE-2025-38181, CVE-2025-38352, CVE-2025-38702, CVE-2025-38718, CVE-2025-39689, CVE-2025-39697, CVE-2025-39817, CVE-2025-39841, CVE-2025-39866, CVE-2025-39883, CVE-2025-39902, CVE-2025-39964, CVE-2025-39973, CVE-2025-39998, CVE-2025-40018, CVE-2025-40044, CVE-2025-40048