Detections
Analytics

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1313)

high Nessus Plugin ID 302405

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()(CVE-2025-40115)

 scsi: target: Fix WRITE_SAME No Data Buffer crash(CVE-2022-21546)

 NFSD: Fix crash in nfsd4_read_release()(CVE-2025-40324)

 scsi: qla4xxx: Prevent a potential error pointer dereference(CVE-2025-39676)

 loop: Avoid updating block size under exclusive owner(CVE-2025-38709)

 media: v4l2-mem2mem: add lock to protect parameter num_rdy(CVE-2023-53519)

 mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()(CVE-2022-50347)

 net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb(CVE-2023-53548)

 platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()(CVE-2022-50521)

 tipc: fix an information leak in tipc_topsrv_kern_subscr(CVE-2022-50531)

 scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()(CVE-2023-54014)

 ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()(CVE-2023-53271)

 dma-buf: insert memory barrier before updating num_fences(CVE-2025-38095)

 md/raid10: fix wrong setting of max_corr_read_errors(CVE-2023-53313)

 scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses(CVE-2023-7324)

 scsi: storvsc: Fix handling of virtual Fibre Channel timeouts(CVE-2023-53245)

 md/raid10: prevent soft lockup while flush writes(CVE-2023-53151)

 clk: samsung: Fix memory leak in _samsung_clk_register_pll()(CVE-2022-50449)

 sctp: fix a potential overflow in sctp_ifwdtsn_skip(CVE-2023-53372)

 crypto: api - Use work queue in crypto_destroy_instance(CVE-2023-53799)

 drm: Prevent drm_copy_field() to attempt copying a NULL pointer(CVE-2022-50884)

 dm raid: fix address sanitizer warning in raid_status(CVE-2022-50084)

 cifs: fix small mempool leak in SMB2_negotiate()(CVE-2022-49938)

 net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device(CVE-2023-54015)

 ipv6: reject malicious packets in ipv6_gso_segment()(CVE-2025-38572)

 fs/proc: fix uaf in proc_readdir_de()(CVE-2025-40271)

 scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()(CVE-2023-53803)

 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse(CVE-2025-68367)

 ubi: Fix use-after-free when volume resizing failed(CVE-2023-53800)

 crypto: qat - fix DMA transfer direction(CVE-2022-50774)

 scsi: hpsa: Fix possible memory leak in hpsa_init_one()(CVE-2022-50646)

 mmc: core: Fix kernel panic when remove non-standard SDIO card(CVE-2022-50640)

 usb: host: ohci-ppc-of: Fix refcount leak bug(CVE-2022-50033)

 PNP: fix name memory leak in pnp_alloc_dev()(CVE-2022-50278)

 media: dvb-frontends: fix leak of memory fw(CVE-2022-50664)

 fs: quota: create dedicated workqueue for quota_release_work(CVE-2025-40196)

 acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl(CVE-2024-56662)

 scsi: ses: Handle enclosure with just a primary component gracefully(CVE-2023-53431)

 pid: Add a judgment for ns null in pid_nr_ns(CVE-2025-40178)

 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid(CVE-2025-68349)

 hwrng: virtio - Fix race on data_avail and actual data(CVE-2023-53998)

 usb-storage: alauda: Fix uninit-value in alauda_check_media()(CVE-2023-53847)

 netlink: do not hard code device address lenth in fdb dumps(CVE-2023-53863)

 drm/client: Fix memory leak in drm_client_target_cloned(CVE-2023-54091)

 ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe(CVE-2025-68241)

 md/raid10: fix null-ptr-deref in raid10_sync_request(CVE-2023-53832)

 iommu/amd: Fix pci device refcount leak in ppr_notifier()(CVE-2022-50505)

 net: read sk-sk_family once in sk_mc_loop()(CVE-2023-53831)

 fbdev: bitblit: bound-check glyph index in bit_putcs*(CVE-2025-40322)

 bpf: make sure skb-len != 0 when redirecting to a tunneling device(CVE-2022-50253)

 ppp: associate skb with a device at tx(CVE-2022-50655)

 ip6_vti: fix slab-use-after-free in decode_session6(CVE-2023-53821)

 hwrng: amd - Fix PCI device refcount leak(CVE-2022-50868)

 netlink: annotate accesses to nlk-cb_running(CVE-2023-53853)

 acct: fix potential integer overflow in encode_comp_t()(CVE-2022-50749)

 RDMA/rxe: Fix 'kernel NULL pointer dereference' error(CVE-2022-50671)

 udf: Avoid double brelse() in udf_rename()(CVE-2022-50755)

 dm flakey: fix a crash with invalid table line(CVE-2023-53786)

 libceph: fix potential use-after-free in have_mon_and_osd_map()(CVE-2025-68285)

 crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()(CVE-2023-53817)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?b4325ea4

Plugin Details

Severity: High

ID: 302405

File Name: EulerOS_SA-2026-1313.nasl

Version: 1.1

Type: local

Published: 3/16/2026

Updated: 3/16/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-38572

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/16/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-21546, CVE-2022-49938, CVE-2022-50033, CVE-2022-50084, CVE-2022-50253, CVE-2022-50278, CVE-2022-50347, CVE-2022-50449, CVE-2022-50505, CVE-2022-50521, CVE-2022-50531, CVE-2022-50640, CVE-2022-50646, CVE-2022-50655, CVE-2022-50664, CVE-2022-50671, CVE-2022-50749, CVE-2022-50755, CVE-2022-50774, CVE-2022-50868, CVE-2022-50884, CVE-2023-53151, CVE-2023-53245, CVE-2023-53271, CVE-2023-53313, CVE-2023-53372, CVE-2023-53431, CVE-2023-53519, CVE-2023-53548, CVE-2023-53786, CVE-2023-53799, CVE-2023-53800, CVE-2023-53803, CVE-2023-53817, CVE-2023-53821, CVE-2023-53831, CVE-2023-53832, CVE-2023-53847, CVE-2023-53853, CVE-2023-53863, CVE-2023-53998, CVE-2023-54014, CVE-2023-54015, CVE-2023-54091, CVE-2023-7324, CVE-2024-56662, CVE-2025-38095, CVE-2025-38572, CVE-2025-38709, CVE-2025-39676, CVE-2025-40115, CVE-2025-40178, CVE-2025-40196, CVE-2025-40271, CVE-2025-40322, CVE-2025-40324, CVE-2025-68241, CVE-2025-68285, CVE-2025-68349, CVE-2025-68367