Detections
Analytics

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1224)

high Nessus Plugin ID 297592

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 tipc: fix a null-ptr-deref in tipc_topsrv_accept (CVE-2022-50555)

 integrity: Fix memory leakage in keyring allocation error path (CVE-2022-50395)

 objtool: Fix memory leak in create_static_call_sections() (CVE-2023-53423)

 scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (CVE-2023-53696)

 ext4: improve error handling from ext4_dirhash() (CVE-2023-53473)

 fs: dlm: fix invalid derefence of sb_lvbptr (CVE-2022-50516)

 scsi: mpt3sas: Fix a memory leak (CVE-2023-53512)

 scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (CVE-2022-49986)

 net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)

 dm stats: check for and propagate alloc_percpu failure (CVE-2023-53044)

 vsock: Fix transport_{g2h,h2g} TOCTOU (CVE-2025-38462)

 dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (CVE-2022-50092)

 ppp: fix memory leak in pad_compress_skb (CVE-2025-39847)

 NFSD: fix use-after-free on source server when doing inter-server copy (CVE-2022-50241)

 md: fix a crash in mempool_free (CVE-2022-50381)

 KVM: arm64: Prevent access to vCPU events before init (CVE-2025-40102)

 mm/slub: avoid accessing metadata when pointer is invalid in object_err() (CVE-2025-39902)

 nfsd: put dl_stid if fail to queue dl_recall (CVE-2025-22025)

 vsock: Do not allow binding to VMADDR_PORT_ANY (CVE-2025-38618)

 usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)

 usb: net: sierra: check for no status endpoint (CVE-2025-38474)

 partitions: mac: fix handling of bogus partition table (CVE-2025-21772)

 x86/fpu: Drop fpregs lock before inheriting FPU permissions (CVE-2022-49783)

 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (CVE-2025-22045)

 RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (CVE-2025-38161)

 scsi: target: Fix multiple LUN_RESET handling (CVE-2023-53586)

 udf: Fix uninitialized array access for some pathnames (CVE-2023-53165)

 fs: quota: create dedicated workqueue for quota_release_work (CVE-2025-40196)

 ext4: fix leaking uninitialized memory in fast-commit journal (CVE-2022-50465)

 bpf: Don't redirect packets with invalid pkt_len (CVE-2022-49975)

 HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)

 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (CVE-2022-50422)

 HID: hidraw: fix memory leak in hidraw_release() (CVE-2022-49981)

 netfilter: ipset: Rework long task execution when adding/deleting entries (CVE-2023-53549)

 net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (CVE-2023-53667)

 smb: client: Fix use-after-free in cifs_fill_dirent (CVE-2025-38051)

 dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134)

 scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841)

 pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178)

 scsi: libiscsi: Initialize iscsi_conn-dd_data only if memory is allocated (CVE-2025-38700)

 net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

 RDMA/bnxt_re: wraparound mbox producer index (CVE-2023-53201)

 hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (CVE-2022-50334)

 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (CVE-2023-53307)

 class: fix possible memory leak in __class_register() (CVE-2022-50578)

 xfrm: Reinject transport-mode packets through workqueue (CVE-2022-50445)

 tun: Fix memory leak for detached NAPI queue. (CVE-2023-53685)

 net: add vlan_get_protocol_and_depth() helper (CVE-2023-53433)

 tty: n_gsm: fix deadlock and link starvation in outgoing data path (CVE-2022-50116)

 RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (CVE-2025-39742)

 sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

 firewire: net: fix use after free in fwnet_finish_incoming_packet() (CVE-2023-53432)

 nexthop: Forbid FDB status change while nexthop is in a group (CVE-2025-39980)

 drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (CVE-2022-50402)

 md: raid1: fix potential OOB in raid1_remove_disk() (CVE-2023-53722)

 icmp6: Fix null-ptr-deref of ip6_null_entry-rt6i_idev in icmp6_dev(). (CVE-2023-53343)

 af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (CVE-2023-53469)

 dm ioctl: fix misbehavior if list_versions races with module loading (CVE-2022-49771)

 smb3: fix for slab out of bounds on mount to ksmbd (CVE-2025-38728)

 i40e: remove read access to debugfs files (CVE-2025-39901)

 nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

 arm64: csum: Fix OoB access in IP checksum code for negative lengths (CVE-2023-53726)

 raw: Fix NULL deref in raw_get_next(). (CVE-2023-53198)

 xfrm: fix slab-use-after-free in decode_session6 (CVE-2023-53500)

 tracing: dynevent: Add a missing lockdown check on dynevent (CVE-2025-40021)

 iommu/vt-d: Clean up si_domain in the init_dmars() error path (CVE-2022-50482)

 RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (CVE-2023-53393)

 scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (CVE-2023-53676)

 powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (CVE-2022-50366)

 crypto: af_alg - Set merge to zero early in af_alg_sendmsg (CVE-2025-39931)

 NFSD: Avoid calling OPDESC() with ops-opnum == OP_ILLEGAL (CVE-2023-53680)

 software node: Correct a OOB check in software_node_get_reference_args() (CVE-2025-38342)

 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (CVE-2025-38181)

 nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (CVE-2022-50401)

 ACPICA: Avoid undefined behavior: applying zero offset to null pointer (CVE-2023-53182)

 net: genl: fix error path memory leak in policy dumping (CVE-2022-50042)

 crypto: hisilicon/sec - don't sleep when in softirq (CVE-2022-50171)

 driver core: fix resource leak in device_add() (CVE-2023-53594)

 dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (CVE-2023-53604)

 ipv6: Fix out-of-bounds access in ipv6_find_tlv() (CVE-2023-53705)

 md: call __md_stop_writes in md_stop (CVE-2022-49987)

 net/packet: fix a race in packet_set_ring() and packet_notifier() (CVE-2025-38617)

 netfilter: conntrack: fix wrong ct-timeout value (CVE-2023-53635)

 ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (CVE-2023-53692)

 fs: Prevent file descriptor table allocations exceeding INT_MAX (CVE-2025-39756)

 nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (CVE-2025-38430)

 net: hns: fix possible memory leak in hnae_ae_register() (CVE-2022-50352)

 RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (CVE-2025-38022)

 mtd: core: fix possible resource leak in init_mtd() (CVE-2022-50304)

 NFS: Fix the setting of capabilities when automounting a new filesystem (CVE-2025-39798)

 cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (CVE-2025-37829)

 ipv4: start using dst_dev_rcu() (CVE-2025-40074)

 scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (CVE-2022-50532)

 mm,hugetlb: take hugetlb_lock before decrementing h-resv_huge_pages (CVE-2022-50285)

 md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (CVE-2023-53357)

 benet: fix BUG when creating VFs (CVE-2025-38569)

 RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (CVE-2023-53335)

 sctp: handle the error returned from sctp_auth_asoc_init_active_key (CVE-2022-50243)

 uio_hv_generic: Let userspace take care of interrupt mask(CVE-2025-40048)

 rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed (CVE-2023-53655)

 hv_netvsc: Fix panic during namespace deletion with VF (CVE-2025-38683)

 dm thin: Use last transaction's pmd-root when commit failed (CVE-2022-50534)

 pNFS: Fix uninited ptr deref in block/scsi layout (CVE-2025-38691)

 kernfs: fix use-after-free in __kernfs_remove (CVE-2022-50432)

 ring-buffer: Handle race between rb_move_tail and rb_check_pages (CVE-2023-53709)

 media: mceusb: Use new usb_control_msg_*() routines (CVE-2022-49937)

 usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (CVE-2022-50246)

 xfrm: fix refcount leak in __xfrm_policy_check() (CVE-2022-50007)

 fbdev: fix potential buffer overflow in do_register_framebuffer() (CVE-2025-38702)

 dm-stripe: fix a possible integer overflow (CVE-2025-39940)

 usb: typec: ucsi: displayport: Fix deadlock (CVE-2025-37967)

 md: fix soft lockup in status_resync (CVE-2023-53620)

 mtd: Fix device name leak when register device failed in add_mtd_device() (CVE-2022-50566)

 fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

 scsi: ses: Fix possible desc_ptr out-of-bounds accesses (CVE-2023-53675)

 ceph: fix race condition validating r_parent before applying state (CVE-2025-39927)

 net: atlantic: remove aq_nic_deinit() when resume (CVE-2022-49624)

 nfs: handle failure of nfs_get_lock_context in unlock path (CVE-2025-38023)

 bnxt_en: Fix memory corruption when FW resources change during ifdown (CVE-2025-39810)

 md-raid10: fix KASAN warning (CVE-2022-50211)

 x86/vmscape: Add conditional IBPB mitigation (CVE-2025-40300)

 virtio_net: Fix error unwinding of XDP initialization (CVE-2023-53499)

 RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CVE-2025-38024)

 vsock: Fix transport_* TOCTOU (CVE-2025-38461)

 PCI/ASPM: Fix link state exit during switch upstream function removal (CVE-2024-58093)

 net/tunnel: wait until all sk_user_data reader finish before releasing the sock (CVE-2022-50405)

 virtio: break and reset virtio devices on device_shutdown() (CVE-2025-38064)

 bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data (CVE-2022-50536)

 NFS: Fix a race when updating an existing write (CVE-2025-39697)

 udf: Do not update file length for failed writes to inline files (CVE-2023-53295)

 vfs: Don't leak disconnected dentries on umount (CVE-2025-40105)

 net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)

 scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (CVE-2023-7324)

 ata: libata-transport: fix error handling in ata_tlink_add() (CVE-2022-49824)

 crypto: rng - Ensure set_ent is always present (CVE-2025-40109)

 NFSD: fix race between nfsd registration and exports_proc (CVE-2025-38232)

 sctp: check send stream number after wait_for_sndbuf (CVE-2023-53296)

 md/raid1: Fix stack memory use after return in raid1_reshape (CVE-2025-38445)

 iommu/arm-smmu-v3-sva: Fix mm use-after-free (CVE-2022-49426)

 media: dvb-core: Fix double free in dvb_register_device() (CVE-2022-50499)

 ext4: fix off-by-one errors in fast-commit block filling (CVE-2022-50428)

 blk-mq: use quiesced elevator switch when reinitializing queues (CVE-2022-50552)

 drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (CVE-2022-50454)

 cnic: Fix use-after-free bugs in cnic_delete_task(CVE-2025-39945)

 cifs: Fix connections leak when tlink setup failed (CVE-2022-49822)

 blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (CVE-2022-50530)

 lib/fonts: fix undefined behavior in bit shift for get_default_font (CVE-2022-50511)

 Squashfs: check return result of sb_min_blocksize (CVE-2025-38415)

 net: ena: fix shift-out-of-bounds in exponential backoff (CVE-2023-53272)

 efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)

 cifs: avoid NULL pointer dereference in dbg call (CVE-2025-37844)

 objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (CVE-2025-37937)

 RDMA/mlx5: Return the firmware result upon destroying QP/RQ (CVE-2023-53286)

 bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (CVE-2025-38439)

 i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)

 isofs: Prevent the use of too small fid (CVE-2025-37780)

 ipv6: Add lwtunnel encap size of all siblings in nexthop calculation (CVE-2023-53477)

 NFSD: Define a proc_layoutcommit for the FlexFiles layout type (CVE-2025-40087)

 usb: host: ohci-ppc-of: Fix refcount leak bug (CVE-2022-50033)

 ipvs: Defer ip_vs_ftp unregister during netns cleanup (CVE-2025-40018)

 nfsd: call op_release, even when op_func returns an error (CVE-2023-53241)

 bpf: reject unhashed sockets in bpf_sk_assign (CVE-2023-53585)

 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list (CVE-2023-53627)

 xfrm: Zero padding when dumping algos and encap (CVE-2023-53684)

 md/raid1,raid10: don't ignore IO flags (CVE-2025-22125)

 fs: prevent out-of-bounds array speculation when closing a file descriptor (CVE-2023-53117)

 ring-buffer: Do not swap cpu_buffer during resize process (CVE-2023-53718)

 lib: cpu_rmap: Avoid use after free on rmap-obj array entries (CVE-2023-53484)

 blk-mq: avoid double -queue_rq() because of early timeout (CVE-2022-50554)

 riscv: fix reserved memory setup (CVE-2022-49851)

 virtiofs: add filesystem context source name check (CVE-2025-37773)

 irqchip: Fix refcount leak in platform_irqchip_probe (CVE-2023-53610)

 In the Linux kernel dm thin component, there is an ABBA deadlock vulnerability. When concurrent drop cache operations and dm thin worker threads are executed, an ABBA deadlock between shrinker_rwsem and pmd- root_lock may be triggered, causing system hang. Attackers can exploit this vulnerability to cause denial of service.(CVE-2022-50549)

 RDMA/mlx5: Initialize obj_event-obj_sub_list before xa_insert (CVE-2025-38387)

 KVM: x86: Reset IRTE to host control if *new* route isn't postable (CVE-2025-37885)

 i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (CVE-2025-39911)

 nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (CVE-2022-50314)

 spi: qup: Don't skip cleanup in remove's error path (CVE-2023-53567)

 mm: hugetlb: avoid soft lockup when mprotect to large memory area (CVE-2025-40153)

 driver core: fix potential deadlock in __driver_attach (CVE-2022-50149)

 xfrm: add NULL check in xfrm_update_ae_params (CVE-2023-53147)

 ice: Fix call trace with null VSI during VF reset (CVE-2022-50041)

 i40e: Fix potential invalid access when MAC list is empty (CVE-2025-39853)

 This issue affects the function snprintf in the library /lib/vsprintf.c of the component md.(CVE-2022-50299)

 Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access(CVE-2024-21823)

 net/sched: fix netdevice reference leaks in attach_default_qdiscs() (CVE-2022-49958)

 qed: allow sleep in qed_mcp_trace_dump() (CVE-2023-53509)

 scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (CVE-2023-53140)

 media: dvbdev: adopts refcnt to avoid UAF (CVE-2022-50274)

 IB/mad: Don't call to function that might sleep while in atomic context (CVE-2022-50472)

 usb: xhci: Apply the link chain quirk on NEC isoc endpoints (CVE-2025-22022)

 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (CVE-2025-39964)

 netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (CVE-2023-53179)

 ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (CVE-2022-49731)

 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (CVE-2022-50494)

 scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (CVE-2022-50459)

 tcp: Clear tcp_sk(sk)-fastopen_rsk in tcp_disconnect(). (CVE-2025-39955)

 espintcp: fix skb leaks (CVE-2025-38057)

 x86/MCE: Always save CS register on AMD Zen IF Poison errors (CVE-2023-53438)

 loop: Check for overflow while configuring loop (CVE-2022-49993)

 tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075)

 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (CVE-2022-50544)

 net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (CVE-2023-53548)

 xfrm: Duplicate SPI Handling (CVE-2025-39797)

 netfilter: x_tables: fix percpu counter block leak on error path when creating new netns (CVE-2023-53200)

 platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (CVE-2022-50521)

 net/sched: sch_fq: fix integer overflow of 'credit' (CVE-2023-53624)

 smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)

 mm/vmscan: don't try to reclaim hwpoison folio (CVE-2025-37834)

 net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)

 net_sched: sch_sfq: reject invalid perturb period (CVE-2025-38193)

 xfrm: policy: fix metadata dst-dev xmit null pointer dereference (CVE-2022-50004)

 fs: udf: fix OOB read in lengthAllocDescs handling (CVE-2025-40044)

 hugetlbfs: don't delete error page from pagecache (CVE-2022-49828)

 block, bfq: fix possible uaf for 'bfqq-bic' (CVE-2022-50488)

 ip_vti: fix potential slab-use-after-free in decode_session6 (CVE-2023-53559)

 dm thin: Fix UAF in run_timer_softirq() (CVE-2022-50563)

 tpm: acpi: Call acpi_put_table() to fix memory leak (CVE-2022-50562)

 scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (CVE-2023-53282)

 NFS: Fix an Oops in nfs_d_automount() (CVE-2022-50385)

 smb: client: fix race with concurrent opens in rename(2) (CVE-2025-39825)

 media: rc: fix races with imon_disconnect() (CVE-2025-39993)

 HID: multitouch: Correct devm device reference for hidinput input_dev name (CVE-2023-53454)

 PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (CVE-2025-23161)

 usbnet: Fix using smp_processor_id() in preemptible code warnings (CVE-2025-40164)

 drm/ttm: check null pointer before accessing when swapping (CVE-2023-53352)

 powerpc/pci: Fix get_phb_number() locking (CVE-2022-50045)

 genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie (CVE-2025-38062)

 modpost: fix off by one in is_executable_section() (CVE-2023-53397)

 serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (CVE-2023-53719)

 net: fix skb leak in __skb_tstamp_tx() (CVE-2023-53716)

 nbd: restrict sockets to TCP and UDP (CVE-2025-40080)

 net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (CVE-2023-53546)

 drm/amd/display: Fix potential null-deref in dm_resume (CVE-2022-50535)

 skbuff: Account for tail adjustment during pull operations (CVE-2022-50365)

 iavf: Fix use-after-free in free_netdev (CVE-2023-53556)

 wifi: iwlwifi: fw: fix memory leak in debugfs (CVE-2023-53422)

 scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (CVE-2022-49534)

 dm raid: fix address sanitizer warning in raid_resume (CVE-2022-50085)

 PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (CVE-2023-53446)

 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (CVE-2023-53380)

 ext4: detect invalid INLINE_DATA + EXTENTS flag combination (CVE-2025-40167)

 i40e: fix input validation logic for action_meta (CVE-2025-39970)

 tee: add overflow check in register_shm_helper() (CVE-2022-50080)

 scsi: qla2xxx: Pointer may be dereferenced (CVE-2023-53150)

 media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (CVE-2022-50359)

 ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (CVE-2025-38664)

 media: tuner: xc5000: Fix use-after-free in xc5000_release (CVE-2025-39994)

 IB/hfi1: Fix possible panic during hotplug remove (CVE-2023-53488)

 RDMA/rxe: Fix incomplete state save in rxe_requester (CVE-2023-53539)

 af_unix: Fix data-races around user-unix_inflight. (CVE-2023-53204)

 __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (CVE-2025-38058)

 qed: Don't collect too many protection override GRC elements (CVE-2025-39949)

 net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode (CVE-2023-53733)

 NFSD: Protect against send buffer overflow in NFSv2 READ (CVE-2022-50410)

 RDMA/rxe: Fix error unwind in rxe_create_qp() (CVE-2022-50127)

 module: fix [e_shstrndx].sh_size=0 OOB access (CVE-2022-49444)

 ext4: fix uninititialized value in 'ext4_evict_inode' (CVE-2022-50546)

 ip6mr: Fix skb_under_panic in ip6mr_cache_report() (CVE-2023-53365)

 ext4: avoid crash when inline data creation follows DIO write (CVE-2022-50435)

 xhci: Remove device endpoints from bandwidth list when freeing the device (CVE-2022-50470)

 NFSv4/pnfs: Fix a use-after-free bug in open (CVE-2022-50072)

 skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)

 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (CVE-2025-40198)

 ixgbevf: fix mailbox API compatibility by negotiating supported features (CVE-2025-40104)

 iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (CVE-2023-53476)

 ipv6/addrconf: fix a potential refcount underflow for idev (CVE-2023-53189)

 start_kernel: Add __no_stack_protector function attribute (CVE-2023-53491)

 media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (CVE-2022-50272)

 HID: ignore non-functional sensor in HP 5MP Camera (CVE-2025-21992)

 scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (CVE-2023-53078)

 cifs: fix oops during encryption (CVE-2022-50341)

 nbd: fix incomplete validation of ioctl arg (CVE-2023-53513)

 posix-timers: Ensure timer ID search-loop limit is valid (CVE-2023-53728)

 ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed (CVE-2023-53481)

 KVM: Don't null dereference ops-destroy (CVE-2022-49568)

 EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (CVE-2025-40157)

 drm/mipi-dsi: Detach devices when removing the host (CVE-2022-50489)

 mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085)

 net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)

 media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (CVE-2025-38694)

 regulator: core: fix use_count leakage when handling boot-on (CVE-2022-50250)

 igb: Do not free q_vector unless new one was allocated (CVE-2022-50252)

 netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed (CVE-2022-50500)

 drm/scheduler: fix fence ref counting (CVE-2022-49829)

 net: bridge: fix soft lockup in br_multicast_query_expired() (CVE-2025-39773)

 dm cache: Fix UAF in destroy() (CVE-2022-50496)

 NFSD: Protect against send buffer overflow in NFSv2 READDIR (CVE-2022-50235)

 cifs: fix small mempool leak in SMB2_negotiate() (CVE-2022-49938)

 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference(CVE-2025-40042)

 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (CVE-2023-53254)

 iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (CVE-2022-50093)

 netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (CVE-2023-53619)

 PCI: Fix reference leak in pci_register_host_bridge() (CVE-2025-37836)

 netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)

 irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CVE-2025-37819)

 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (CVE-2025-22044)

 crypto: xts - Handle EBUSY correctly (CVE-2023-53494)

 scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (CVE-2025-40115)

 xfrm: Update ipcomp_scratches with NULL when freed (CVE-2022-50569)

 drm/hisilicon/hibmc: fix the hibmc loaded failed bug (CVE-2025-39772)

 NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)

 igb: Fix igb_down hung on surprise removal (CVE-2023-53148)

 perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081)

 iio: common: st_sensors: Fix use of uninitialize device structs (CVE-2025-38531)

 blk-mq: fix NULL dereference on q-elevator in blk_mq_elv_switch_none (CVE-2023-53292)

 arm64: ftrace: fix module PLTs with mcount (CVE-2022-50579)

 scsi: target: Fix WRITE_SAME No Data Buffer crash (CVE-2022-21546)

 i40e: fix validation of VF state in get resources (CVE-2025-39969)

 net/mlx5e: Check for NOT_READY flag state after locking (CVE-2023-53581)

 udf: Detect system inodes linked into directory hierarchy (CVE-2023-53695)

 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (CVE-2025-40194)

 md/raid10: fix leak of 'r10bio-remaining' for recovery (CVE-2023-53299)

 cifs: prevent NULL pointer dereference in UTF16 conversion (CVE-2025-39838)

 pinctrl: check the return value of pinmux_ops::get_function_name() (CVE-2025-40030)

 scsi: target: target_core_configfs: Add length check to avoid buffer overflow (CVE-2025-39998)

 scsi: qla2xxx: Wait for io return on terminate rport (CVE-2023-53322)

 sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop (CVE-2023-53590)

 dax: Fix dax_mapping_release() use after free (CVE-2023-53613)

 mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

 ext4: don't set up encryption key during jbd2 transaction (CVE-2022-50436)

 iavf: Fix reset error handling (CVE-2022-50053)

 drm: amd: display: Fix memory leakage (CVE-2023-53605)

 loop: Avoid updating block size under exclusive owner (CVE-2025-38709)

 cifs: Fix warning and UAF when destroy the MR list (CVE-2023-53427)

 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (CVE-2025-38201)

 ubi: ensure that VID header offset + VID header size = alloc, size (CVE-2023-53265)

 bpf: Enforce expected_attach_type for tailcall compatibility (CVE-2025-40123)

 tee: amdtee: fix race condition in amdtee_open_session (CVE-2023-53047)

 sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)

 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (CVE-2025-40026)

 scsi: qla2xxx: Fix potential NULL pointer dereference (CVE-2023-53451)

 tunnels: fix kasan splat when generating ipv4 pmtu error (CVE-2023-53600)

 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (CVE-2025-40016)

 drm/vmwgfx: Fix a null-ptr access in the cursor snooper (CVE-2025-40110)

 chardev: fix error handling in cdev_device_add() (CVE-2022-50282)

 block: fix resource leak in blk_register_queue() error path (CVE-2025-37980)

 iavf: Fix out-of-bounds when setting channels on remove (CVE-2023-53659)

 ceph: avoid putting the realm twice when decoding snaps fails (CVE-2022-49770)

 scsi: st: Fix array overflow in st_setup() (CVE-2025-37857)

 crypto: essiv - Check ssize for decryption and in-place encryption (CVE-2025-40019)

 firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087)

 nfsd: Fix a memory leak in an error handling path (CVE-2022-50348)

 drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (CVE-2022-50556)

 Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (CVE-2022-50374)

 fs/binfmt_elf: Fix memory leak in load_elf_binary() (CVE-2022-50466)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?ca786f81

Plugin Details

Severity: High

ID: 297592

File Name: EulerOS_SA-2026-1224.nasl

Version: 1.2

Type: local

Published: 2/2/2026

Updated: 2/4/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-39955

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/2/2026

Vulnerability Publication Date: 9/4/2021

Reference Information

CVE: CVE-2022-21546, CVE-2022-49426, CVE-2022-49444, CVE-2022-49534, CVE-2022-49568, CVE-2022-49624, CVE-2022-49731, CVE-2022-49770, CVE-2022-49771, CVE-2022-49783, CVE-2022-49822, CVE-2022-49824, CVE-2022-49828, CVE-2022-49829, CVE-2022-49851, CVE-2022-49937, CVE-2022-49938, CVE-2022-49958, CVE-2022-49975, CVE-2022-49981, CVE-2022-49986, CVE-2022-49987, CVE-2022-49993, CVE-2022-50004, CVE-2022-50007, CVE-2022-50033, CVE-2022-50041, CVE-2022-50042, CVE-2022-50045, CVE-2022-50053, CVE-2022-50072, CVE-2022-50080, CVE-2022-50085, CVE-2022-50087, CVE-2022-50092, CVE-2022-50093, CVE-2022-50116, CVE-2022-50127, CVE-2022-50149, CVE-2022-50171, CVE-2022-50211, CVE-2022-50235, CVE-2022-50241, CVE-2022-50243, CVE-2022-50246, CVE-2022-50250, CVE-2022-50252, CVE-2022-50272, CVE-2022-50274, CVE-2022-50282, CVE-2022-50285, CVE-2022-50299, CVE-2022-50304, CVE-2022-50314, CVE-2022-50334, CVE-2022-50341, CVE-2022-50348, CVE-2022-50352, CVE-2022-50356, CVE-2022-50359, CVE-2022-50365, CVE-2022-50366, CVE-2022-50367, CVE-2022-50374, CVE-2022-50381, CVE-2022-50385, CVE-2022-50395, CVE-2022-50401, CVE-2022-50402, CVE-2022-50405, CVE-2022-50410, CVE-2022-50422, CVE-2022-50428, CVE-2022-50432, CVE-2022-50435, CVE-2022-50436, CVE-2022-50445, CVE-2022-50454, CVE-2022-50459, CVE-2022-50465, CVE-2022-50466, CVE-2022-50470, CVE-2022-50472, CVE-2022-50482, CVE-2022-50488, CVE-2022-50489, CVE-2022-50494, CVE-2022-50496, CVE-2022-50499, CVE-2022-50500, CVE-2022-50511, CVE-2022-50516, CVE-2022-50521, CVE-2022-50530, CVE-2022-50532, CVE-2022-50534, CVE-2022-50535, CVE-2022-50536, CVE-2022-50544, CVE-2022-50546, CVE-2022-50549, CVE-2022-50552, CVE-2022-50554, CVE-2022-50555, CVE-2022-50556, CVE-2022-50562, CVE-2022-50563, CVE-2022-50566, CVE-2022-50569, CVE-2022-50578, CVE-2022-50579, CVE-2023-53044, CVE-2023-53047, CVE-2023-53078, CVE-2023-53117, CVE-2023-53140, CVE-2023-53147, CVE-2023-53148, CVE-2023-53150, CVE-2023-53165, CVE-2023-53179, CVE-2023-53182, CVE-2023-53189, CVE-2023-53198, CVE-2023-53200, CVE-2023-53201, CVE-2023-53204, CVE-2023-53241, CVE-2023-53254, CVE-2023-53265, CVE-2023-53272, CVE-2023-53282, CVE-2023-53286, CVE-2023-53292, CVE-2023-53295, CVE-2023-53296, CVE-2023-53299, CVE-2023-53307, CVE-2023-53322, CVE-2023-53335, CVE-2023-53343, CVE-2023-53352, CVE-2023-53354, CVE-2023-53357, CVE-2023-53365, CVE-2023-53380, CVE-2023-53393, CVE-2023-53397, CVE-2023-53422, CVE-2023-53423, CVE-2023-53427, CVE-2023-53432, CVE-2023-53433, CVE-2023-53438, CVE-2023-53446, CVE-2023-53451, CVE-2023-53454, CVE-2023-53473, CVE-2023-53476, CVE-2023-53477, CVE-2023-53481, CVE-2023-53484, CVE-2023-53488, CVE-2023-53491, CVE-2023-53494, CVE-2023-53499, CVE-2023-53500, CVE-2023-53509, CVE-2023-53512, CVE-2023-53513, CVE-2023-53539, CVE-2023-53546, CVE-2023-53548, CVE-2023-53549, CVE-2023-53556, CVE-2023-53559, CVE-2023-53567, CVE-2023-53581, CVE-2023-53585, CVE-2023-53586, CVE-2023-53590, CVE-2023-53594, CVE-2023-53600, CVE-2023-53604, CVE-2023-53605, CVE-2023-53610, CVE-2023-53613, CVE-2023-53619, CVE-2023-53620, CVE-2023-53624, CVE-2023-53627, CVE-2023-53635, CVE-2023-53655, CVE-2023-53659, CVE-2023-53667, CVE-2023-53675, CVE-2023-53676, CVE-2023-53680, CVE-2023-53684, CVE-2023-53685, CVE-2023-53692, CVE-2023-53695, CVE-2023-53696, CVE-2023-53705, CVE-2023-53709, CVE-2023-53716, CVE-2023-53718, CVE-2023-53719, CVE-2023-53722, CVE-2023-53726, CVE-2023-53728, CVE-2023-53733, CVE-2023-7324, CVE-2024-21823, CVE-2024-58093, CVE-2025-21772, CVE-2025-21992, CVE-2025-22022, CVE-2025-22025, CVE-2025-22044, CVE-2025-22045, CVE-2025-22125, CVE-2025-23161, CVE-2025-37773, CVE-2025-37780, CVE-2025-37819, CVE-2025-37829, CVE-2025-37834, CVE-2025-37836, CVE-2025-37844, CVE-2025-37857, CVE-2025-37885, CVE-2025-37937, CVE-2025-37967, CVE-2025-37980, CVE-2025-37994, CVE-2025-38022, CVE-2025-38023, CVE-2025-38024, CVE-2025-38051, CVE-2025-38057, CVE-2025-38058, CVE-2025-38062, CVE-2025-38064, CVE-2025-38085, CVE-2025-38161, CVE-2025-38177, CVE-2025-38181, CVE-2025-38193, CVE-2025-38200, CVE-2025-38201, CVE-2025-38232, CVE-2025-38342, CVE-2025-38350, CVE-2025-38387, CVE-2025-38415, CVE-2025-38430, CVE-2025-38439, CVE-2025-38445, CVE-2025-38461, CVE-2025-38462, CVE-2025-38468, CVE-2025-38474, CVE-2025-38477, CVE-2025-38527, CVE-2025-38531, CVE-2025-38556, CVE-2025-38569, CVE-2025-38617, CVE-2025-38618, CVE-2025-38664, CVE-2025-38678, CVE-2025-38683, CVE-2025-38691, CVE-2025-38694, CVE-2025-38700, CVE-2025-38702, CVE-2025-38709, CVE-2025-38718, CVE-2025-38724, CVE-2025-38728, CVE-2025-39697, CVE-2025-39730, CVE-2025-39742, CVE-2025-39756, CVE-2025-39772, CVE-2025-39773, CVE-2025-39797, CVE-2025-39798, CVE-2025-39810, CVE-2025-39817, CVE-2025-39825, CVE-2025-39838, CVE-2025-39841, CVE-2025-39847, CVE-2025-39853, CVE-2025-39883, CVE-2025-39901, CVE-2025-39902, CVE-2025-39911, CVE-2025-39927, CVE-2025-39931, CVE-2025-39940, CVE-2025-39945, CVE-2025-39949, CVE-2025-39955, CVE-2025-39964, CVE-2025-39969, CVE-2025-39970, CVE-2025-39980, CVE-2025-39993, CVE-2025-39994, CVE-2025-39998, CVE-2025-40016, CVE-2025-40018, CVE-2025-40019, CVE-2025-40021, CVE-2025-40026, CVE-2025-40030, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40074, CVE-2025-40075, CVE-2025-40080, CVE-2025-40081, CVE-2025-40083, CVE-2025-40087, CVE-2025-40102, CVE-2025-40104, CVE-2025-40105, CVE-2025-40109, CVE-2025-40110, CVE-2025-40115, CVE-2025-40123, CVE-2025-40134, CVE-2025-40153, CVE-2025-40157, CVE-2025-40164, CVE-2025-40167, CVE-2025-40178, CVE-2025-40194, CVE-2025-40196, CVE-2025-40198, CVE-2025-40300