Detections
Analytics

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1123)

high Nessus Plugin ID 297309

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 cifs: Fix UAF in cifs_demultiplex_thread()(CVE-2023-52572)

 net: fix data-races around sk-sk_forward_alloc(CVE-2024-53124)

 quota: flush quota_release_work upon quota writeback(CVE-2024-56780)

 af_packet: avoid erroring out after sock_init_data() in packet_create()(CVE-2024-56606)

 net: defer final 'struct net' free in netns dismantle(CVE-2024-56658)

 netfilter: x_tables: fix LED ID check in led_tg_check()(CVE-2024-56650)

 mm: hugetlb: independent PMD page table shared count(CVE-2024-57883)

 NFSv4.0: Fix a use-after-free problem in the asynchronous open()(CVE-2024-53173)

 NFSD: Prevent NULL dereference in nfsd4_process_cb_update()(CVE-2024-53217)

 netfilter: conntrack: clamp maximum hashtable size to INT_MAX(CVE-2025-21648)

 vfio/platform: check the bounds of read/write syscalls(CVE-2025-21687)

 mm: fix unexpected zeroed page mapping with zram swap(CVE-2022-49052)

 ext4: fix race condition between ext4_write and ext4_convert_inline_data(CVE-2022-49414)

 block: Fix handling of offline queues in blk_mq_alloc_request_hctx()(CVE-2022-49720)

 scsi: libfc: Fix use after free in fc_exch_abts_resp()(CVE-2022-49114)

 nbd: don't allow reconnect after disconnect(CVE-2025-21731)

 md/bitmap: don't set sb values if can't pass sanity check(CVE-2022-49526)

 ARM: hisi: Add missing of_node_put after of_find_compatible_node(CVE-2022-49447)

 bpf, arm64: Clear prog-jited_len along prog-jited(CVE-2022-49341)

 extcon: Modify extcon device to be created after driver data is set(CVE-2022-49308)

 scsi: target: tcmu: Fix possible page UAF(CVE-2022-49053)

 drm/plane: Move range check for format_count earlier(CVE-2021-47659)

 trace_events_hist: add check for return value of 'create_hist_field'(CVE-2023-53005)

 tracing: Make sure trace_printk() can output as soon as it can be used(CVE-2023-53007)

 bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation(CVE-2023-53024)

 sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket(CVE-2024-53168)

 tracing/histograms: Fix memory leak problem(CVE-2022-49648)

 vrf: use RCU protection in l3mdev_l3_out()(CVE-2025-21791)

 net_sched: sch_sfq: don't allow 1 packet limit(CVE-2024-57996)

 net: sched: Disallow replacing of child qdisc from one parent to another(CVE-2025-21700)

 geneve: Fix use-after-free in geneve_find_dev().(CVE-2025-21858)

 macsec: fix UAF bug for real_dev(CVE-2022-49390)

 net: let net.core.dev_weight always be non-zero(CVE-2025-21806)

 net: mdio: unexport __init-annotated mdio_bus_init()(CVE-2022-49350)

 ip: Fix data-races around sysctl_ip_fwd_update_priority.(CVE-2022-49603)

 mmc: sdio: fix possible resource leaks in some error paths(CVE-2023-52730)

 ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()(CVE-2023-52997)

 pfifo_tail_enqueue: Drop new packet when sch-limit == 0(CVE-2025-21702)

 net/sched: act_skbmod: prevent kernel-infoleak(CVE-2024-35893)

 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.(CVE-2023-53032)

 net: openvswitch: fix leak of nested actions(CVE-2022-49086)

 net: mdio: validate parameter addr in mdiobus_get_phy()(CVE-2023-53019)

 selinux: ignore unknown extended permissions(CVE-2024-57931)

 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF(CVE-2023-52973)

 driver: base: fix UAF when driver_attach failed(CVE-2022-49385)

 scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()(CVE-2022-48758)

 sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue().(CVE-2025-38177)

 ftrace: Fix UAF when lookup kallsym after ftrace disabled(CVE-2025-38346)

 net/sched: Always pass notifications when child class becomes empty(CVE-2025-38350)

 loop: Check for overflow while configuring loop(CVE-2022-49993)

 NFSv4/pnfs: Fix a use-after-free bug in open(CVE-2022-50072)

 rxrpc: Fix listen() setting the bar too high for the prealloc rings(CVE-2022-49450)

 ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl(CVE-2021-47634)

 media: uvcvideo: Fix double free in error path(CVE-2024-57980)

 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI(CVE-2022-49535)

 dmaengine: Fix double increment of client_count in dma_chan_get()(CVE-2022-49753)

 memcg: fix soft lockup in the OOM process(CVE-2024-57977)

 firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle(CVE-2022-49370)

 dm raid: fix accesses beyond end of raid member array(CVE-2022-49674)

 nfsd: clear acl_access/acl_default after releasing them(CVE-2025-21796)

 Input: MT - limit max slots(CVE-2024-45008)

 ubi: ubi_create_volume: Fix use-after-free when volume creation failed(CVE-2022-49388)

 drivers: core: synchronize really_probe() and dev_uevent()(CVE-2024-39501)

 scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()(CVE-2022-49155)

 NFSD: prevent underflow in nfssvc_decode_writeargs()(CVE-2022-49280)

 dm integrity: fix memory corruption when tag_size is less than digest size(CVE-2022-49044)

 cpufreq: governor: Use kobject release() method to free dbs_data(CVE-2022-49513)

 virtio_console: eliminate anonymous module_init module_exit(CVE-2022-49100)

 mm/khugepaged: fix -anon_vma race(CVE-2023-52935)

 tty: fix deadlock caused by calling printk() under tty_port-lock(CVE-2022-49441)

 tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()(CVE-2022-49307)

 dyndbg: fix old BUG_ON in control parser(CVE-2024-35947)

 ext4: fix OOB read when checking dotdot dir(CVE-2025-37785)

 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array(CVE-2025-21785)

 net_sched: sch_sfq: move the limit validation(CVE-2025-37752)

 ext4: update s_journal_inum if it changes after journal replay(CVE-2023-53091)

 arp: use RCU protection in arp_xmit()(CVE-2025-21762)

 io_uring: prevent opcode speculation(CVE-2025-21863)

 jbd2: remove wrong sb-s_sequence check(CVE-2025-37839)

 udf: Fix a slab-out-of-bounds write bug in udf_find_entry()(CVE-2022-49846)

 udp: Fix memory accounting leak.(CVE-2025-22058)

 nvmet: avoid potential UAF in nvmet_req_complete()(CVE-2023-53116)

 ext4: fix off-by-one error in do_split(CVE-2025-23150)

 cgroup: Use separate src/dst nodes when preloading css_sets for migration(CVE-2022-49647)

 PM: hibernate: defer device probing when resuming from hibernation(CVE-2022-50202)

 video: fbdev: amba-clcd: Fix refcount leak bugs(CVE-2022-50109)

 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()(CVE-2022-49787)

 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK(CVE-2022-49870)

 tty: vt: initialize unicode screen buffer(CVE-2022-50222)

 ndisc: extend RCU protection in ndisc_send_skb()(CVE-2025-21760)

 ndisc: use RCU protection in ndisc_alloc_skb()(CVE-2025-21764)

 ata: libata-transport: fix double ata_host_put() in ata_tport_add()(CVE-2022-49826)

 proc: fix UAF in proc_get_inode()(CVE-2025-21999)

 vt: Clear selection before changing the font(CVE-2022-49948)

 module: ensure that kobject_put() is safe for module type kobjects(CVE-2025-37995)

 openvswitch: use RCU protection in ovs_vport_cmd_fill_info()(CVE-2025-21761)

 arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level(CVE-2022-49964)

 neighbour: use RCU protection in __neigh_notify()(CVE-2025-21763)

 ipv6: mcast: extend RCU protection in igmp6_send()(CVE-2025-21759)

 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()(CVE-2022-49840)

 ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network(CVE-2022-49865)

 ftrace: Fix use-after-free for dynamic ftrace_ops(CVE-2022-49892)

 ipv6: fix WARNING in ip6_route_net_exit_late()(CVE-2022-49903)

 net: mdio: fix undefined behavior in bit shift for __mdiobus_register(CVE-2022-49907)

 ipvs: fix WARNING in ip_vs_app_net_cleanup() (CVE-2022-49917)

 ipvs: fix WARNING in __ip_vs_cleanup_batch()(CVE-2022-49918)

 net: sched: Fix use after free in red_enqueue()(CVE-2022-49921)

 drivers:md:fix a potential use-after-free bug(CVE-2022-50022)

 scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts(CVE-2022-50098)

 sched, cpuset: Fix dl_cpu_busy() panic due to empty cs-cpus_allowed(CVE-2022-50103)

 dm crypt: add cond_resched() to dmcrypt_write()(CVE-2023-53051)

 erspan: do not use skb_mac_header() in ndo_start_xmit()(CVE-2023-53053)

 net: usb: smsc95xx: Limit packet length to skb-len(CVE-2023-53062)

 qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info(CVE-2023-53066)

 net: tunnels: annotate lockless accesses to dev-needed_headroom(CVE-2023-53109)

 net: usb: smsc75xx: Limit packet length to skb-len(CVE-2023-53125)

 xfrm: state: fix out-of-bounds read during lookup(CVE-2024-57982)

 net: fix geneve_opt length integer overflow(CVE-2025-22055)

 sch_htb: make htb_qlen_notify() idempotent(CVE-2025-37932)

 sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()(CVE-2025-38000)

 dm: fix unconditional IO throttle caused by REQ_PREFLUSH(CVE-2025-38063)

 crypto: algif_hash - fix double free in hash_accept(CVE-2025-38079)

 net: ch9200: fix uninitialised access during mii_nway_restart(CVE-2025-38086)

 ipc: fix to protect IPCS lookups using RCU(CVE-2025-38212)

 ext4: inline: fix len overflow in ext4_prepare_inline_data(CVE-2025-38222)

 bpf: Fix WARN() in get_bpf_raw_tp_regs(CVE-2025-38285)

 fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()(CVE-2025-38312)

 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()(CVE-2025-38337)

 ACPICA: Refuse to evaluate a method if arguments are missing(CVE-2025-38386)

 perf: Fix sample vs do_exit()(CVE-2025-38424)

 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns(CVE-2025-38499)

 tracing: Fix race issue between cpu buffer write and swap(CVE-2023-53368)

 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS(CVE-2022-50315)

 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()(CVE-2022-50544)

 ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer(CVE-2023-53395)

 usb: net: sierra: check for no status endpoint(CVE-2025-38474)

 mtd: Fix device name leak when register device failed in add_mtd_device()(CVE-2022-50566)

 ext4: add bounds checking in get_max_inline_xattr_value_size()(CVE-2023-53285)

 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()(CVE-2025-38352)

 tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak(CVE-2022-50389)

 scsi: qla4xxx: Add length check when parsing nlattrs(CVE-2023-53456)

 ext4: avoid deadlock in fs reclaim with page writeback(CVE-2023-53149)

 kobject: Add sanity check for kset-kobj.ktype in kset_register()(CVE-2023-53480)

 virtio-mmio: don't break lifecycle of vm_dev(CVE-2023-53515)

 PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free(CVE-2023-53446)

 tracing: Limit access to parser-buffer when trace_get_user failed(CVE-2025-39683)

 binfmt_misc: fix shift-out-of-bounds in check_special_flags(CVE-2022-50497)

 arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()(CVE-2025-38320)

 tee: fix NULL pointer dereference in tee_shm_put(CVE-2025-39865)

 udf: Fix uninitialized array access for some pathnames(CVE-2023-53165)

 media: uvcvideo: Handle cameras with invalid descriptors(CVE-2023-53437)

 ext4: avoid crash when inline data creation follows DIO write(CVE-2022-50435)

 serial: 8250: Reinit port-pm on port specific driver unbind(CVE-2023-53176)

 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails(CVE-2023-53307)

 HID: core: do not bypass hid_hw_raw_request(CVE-2025-38494)

 udf: Do not bother merging very long extents(CVE-2023-53506)

 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg(CVE-2025-39964)

 do_change_type(): refuse to operate on unmounted/not ours mounts(CVE-2025-38498)

 spi: qup: Don't skip cleanup in remove's error path(CVE-2023-53567)

 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().(CVE-2025-38181)

 scsi: qla2xxx: Pointer may be dereferenced(CVE-2023-53150)

 ftrace: Also allocate and copy hash for reading of filter files(CVE-2025-39689)

 xhci: Remove device endpoints from bandwidth list when freeing the device(CVE-2022-50470)

 tracing/histograms: Add histograms to hist_vars if they have referenced variables(CVE-2023-53560)

 fs: writeback: fix use-after-free in __mark_inode_dirty()(CVE-2025-39866)

 drm/gem: Acquire references on GEM handles for framebuffers(CVE-2025-38449)

 usbnet: Fix linkwatch use-after-free on disconnect(CVE-2022-50220)

 dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path(CVE-2023-53604)

 qede: confirm skb is allocated before using(CVE-2022-49084)

 fs: udf: fix OOB read in lengthAllocDescs handling(CVE-2025-40044)

 scsi: target: iscsi: Fix a race condition between login_work and the login thread(CVE-2022-50350)

 crypto: cavium - prevent integer overflow loading firmware(CVE-2022-50330)

 recordmcount: Fix memory leaks in the uwrite function(CVE-2023-53318)

 blk-mq: use quiesced elevator switch when reinitializing queues(CVE-2022-50552)

 pnode: terminate at peers of source(CVE-2022-50280)

 ext4: fix WARNING in mb_find_extent(CVE-2023-53317)

 drm/sched: Increment job count before swapping tail spsc queue(CVE-2025-38515)

 posix-timers: Ensure timer ID search-loop limit is valid(CVE-2023-53728)

 net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb(CVE-2023-53548)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?b8c783ec

Plugin Details

Severity: High

ID: 297309

File Name: EulerOS_SA-2026-1123.nasl

Version: 1.1

Type: local

Published: 1/31/2026

Updated: 1/31/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-39866

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:uvp:2.10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/30/2026

Vulnerability Publication Date: 9/4/2021

CISA Known Exploited Vulnerability Due Dates: 9/25/2025

Reference Information

CVE: CVE-2021-47634, CVE-2021-47659, CVE-2022-48758, CVE-2022-49044, CVE-2022-49052, CVE-2022-49053, CVE-2022-49084, CVE-2022-49086, CVE-2022-49100, CVE-2022-49114, CVE-2022-49155, CVE-2022-49280, CVE-2022-49307, CVE-2022-49308, CVE-2022-49341, CVE-2022-49350, CVE-2022-49370, CVE-2022-49385, CVE-2022-49388, CVE-2022-49390, CVE-2022-49414, CVE-2022-49441, CVE-2022-49447, CVE-2022-49450, CVE-2022-49513, CVE-2022-49526, CVE-2022-49535, CVE-2022-49603, CVE-2022-49647, CVE-2022-49648, CVE-2022-49674, CVE-2022-49720, CVE-2022-49753, CVE-2022-49787, CVE-2022-49826, CVE-2022-49840, CVE-2022-49846, CVE-2022-49865, CVE-2022-49870, CVE-2022-49892, CVE-2022-49903, CVE-2022-49907, CVE-2022-49917, CVE-2022-49918, CVE-2022-49921, CVE-2022-49948, CVE-2022-49964, CVE-2022-49993, CVE-2022-50022, CVE-2022-50072, CVE-2022-50098, CVE-2022-50103, CVE-2022-50109, CVE-2022-50202, CVE-2022-50220, CVE-2022-50222, CVE-2022-50280, CVE-2022-50315, CVE-2022-50330, CVE-2022-50350, CVE-2022-50389, CVE-2022-50435, CVE-2022-50470, CVE-2022-50497, CVE-2022-50544, CVE-2022-50552, CVE-2022-50566, CVE-2023-52572, CVE-2023-52730, CVE-2023-52935, CVE-2023-52973, CVE-2023-52997, CVE-2023-53005, CVE-2023-53007, CVE-2023-53019, CVE-2023-53024, CVE-2023-53032, CVE-2023-53051, CVE-2023-53053, CVE-2023-53062, CVE-2023-53066, CVE-2023-53091, CVE-2023-53109, CVE-2023-53116, CVE-2023-53125, CVE-2023-53149, CVE-2023-53150, CVE-2023-53165, CVE-2023-53176, CVE-2023-53285, CVE-2023-53307, CVE-2023-53317, CVE-2023-53318, CVE-2023-53368, CVE-2023-53395, CVE-2023-53437, CVE-2023-53446, CVE-2023-53456, CVE-2023-53480, CVE-2023-53506, CVE-2023-53515, CVE-2023-53548, CVE-2023-53560, CVE-2023-53567, CVE-2023-53604, CVE-2023-53728, CVE-2024-35893, CVE-2024-35947, CVE-2024-45008, CVE-2024-53124, CVE-2024-53168, CVE-2024-53173, CVE-2024-53217, CVE-2024-56606, CVE-2024-56650, CVE-2024-56658, CVE-2024-56780, CVE-2024-57883, CVE-2024-57931, CVE-2024-57977, CVE-2024-57980, CVE-2024-57982, CVE-2024-57996, CVE-2025-21648, CVE-2025-21687, CVE-2025-21700, CVE-2025-21702, CVE-2025-21731, CVE-2025-21759, CVE-2025-21760, CVE-2025-21761, CVE-2025-21762, CVE-2025-21763, CVE-2025-21764, CVE-2025-21785, CVE-2025-21791, CVE-2025-21796, CVE-2025-21806, CVE-2025-21858, CVE-2025-21863, CVE-2025-21999, CVE-2025-22055, CVE-2025-22058, CVE-2025-23150, CVE-2025-37752, CVE-2025-37785, CVE-2025-37839, CVE-2025-37932, CVE-2025-37995, CVE-2025-38000, CVE-2025-38063, CVE-2025-38079, CVE-2025-38086, CVE-2025-38177, CVE-2025-38181, CVE-2025-38212, CVE-2025-38222, CVE-2025-38285, CVE-2025-38312, CVE-2025-38320, CVE-2025-38337, CVE-2025-38346, CVE-2025-38350, CVE-2025-38352, CVE-2025-38386, CVE-2025-38424, CVE-2025-38449, CVE-2025-38474, CVE-2025-38494, CVE-2025-38498, CVE-2025-38499, CVE-2025-38515, CVE-2025-39683, CVE-2025-39689, CVE-2025-39865, CVE-2025-39866, CVE-2025-39964, CVE-2025-40044