Detections
Analytics

EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-1637)

high Nessus Plugin ID 302981

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 scsi: target: Fix WRITE_SAME No Data Buffer crash(CVE-2022-21546)

 iommu/arm-smmu-v3-sva: Fix mm use-after-free(CVE-2022-49426)

 module: fix [e_shstrndx].sh_size=0 OOB access(CVE-2022-49444)

 scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT(CVE-2022-49534)

 KVM: Don't null dereference ops-destroy(CVE-2022-49568)

 net: atlantic: remove aq_nic_deinit() when resume(CVE-2022-49624)

 ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()(CVE-2022-49731)

 ceph: avoid putting the realm twice when decoding snaps fails(CVE-2022-49770)

 dm ioctl: fix misbehavior if list_versions races with module loading(CVE-2022-49771)

 x86/fpu: Drop fpregs lock before inheriting FPU permissions(CVE-2022-49783)

 cifs: Fix connections leak when tlink setup failed(CVE-2022-49822)

 ata: libata-transport: fix error handling in ata_tlink_add()(CVE-2022-49824)

 hugetlbfs: don't delete error page from pagecache(CVE-2022-49828)

 drm/scheduler: fix fence ref counting(CVE-2022-49829)

 riscv: fix reserved memory setup(CVE-2022-49851)

 media: mceusb: Use new usb_control_msg_*() routines(CVE-2022-49937)

 cifs: fix small mempool leak in SMB2_negotiate()(CVE-2022-49938)

 net/sched: fix netdevice reference leaks in attach_default_qdiscs()(CVE-2022-49958)

 bpf: Don't redirect packets with invalid pkt_len(CVE-2022-49975)

 HID: hidraw: fix memory leak in hidraw_release()(CVE-2022-49981)

 scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq(CVE-2022-49986)

 md: call __md_stop_writes in md_stop(CVE-2022-49987)

 loop: Check for overflow while configuring loop(CVE-2022-49993)

 xfrm: policy: fix metadata dst-dev xmit null pointer dereference(CVE-2022-50004)

 xfrm: fix refcount leak in __xfrm_policy_check()(CVE-2022-50007)

 usb: host: ohci-ppc-of: Fix refcount leak bug(CVE-2022-50033)

 ice: Fix call trace with null VSI during VF reset(CVE-2022-50041)

 net: genl: fix error path memory leak in policy dumping(CVE-2022-50042)

 powerpc/pci: Fix get_phb_number() locking(CVE-2022-50045)

 iavf: Fix reset error handling(CVE-2022-50053)

 NFSv4/pnfs: Fix a use-after-free bug in open(CVE-2022-50072)

 tee: add overflow check in register_shm_helper()(CVE-2022-50080)

 dm raid: fix address sanitizer warning in raid_resume(CVE-2022-50085)

 firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails(CVE-2022-50087)

 dm thin: fix use-after-free crash in dm_sm_register_threshold_callback(CVE-2022-50092)

 iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)(CVE-2022-50093)

 tty: n_gsm: fix deadlock and link starvation in outgoing data path(CVE-2022-50116)

 RDMA/rxe: Fix error unwind in rxe_create_qp()(CVE-2022-50127)

 driver core: fix potential deadlock in __driver_attach(CVE-2022-50149)

 crypto: hisilicon/sec - don't sleep when in softirq(CVE-2022-50171)

 md-raid10: fix KASAN warning(CVE-2022-50211)

 NFSD: Protect against send buffer overflow in NFSv2 READDIR(CVE-2022-50235)

 NFSD: fix use-after-free on source server when doing inter-server copy(CVE-2022-50241)

 sctp: handle the error returned from sctp_auth_asoc_init_active_key(CVE-2022-50243)

 usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()(CVE-2022-50246)

 regulator: core: fix use_count leakage when handling boot-on(CVE-2022-50250)

 igb: Do not free q_vector unless new one was allocated(CVE-2022-50252)

 media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()(CVE-2022-50272)

 media: dvbdev: adopts refcnt to avoid UAF(CVE-2022-50274)

 chardev: fix error handling in cdev_device_add()(CVE-2022-50282)

 mm,hugetlb: take hugetlb_lock before decrementing h-resv_huge_pages(CVE-2022-50285)

 md: Replace snprintf with scnprintf(CVE-2022-50299)

 mtd: core: fix possible resource leak in init_mtd()(CVE-2022-50304)

 nbd: Fix hung when signal interrupts nbd_start_device_ioctl()(CVE-2022-50314)

 hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()(CVE-2022-50334)

 cifs: fix oops during encryption(CVE-2022-50341)

 nfsd: Fix a memory leak in an error handling path(CVE-2022-50348)

 net: hns: fix possible memory leak in hnae_ae_register()(CVE-2022-50352)

 net: sched: sfb: fix null pointer access issue when sfb_init() fails(CVE-2022-50356)

 media: cx88: Fix a null-ptr-deref bug in buffer_prepare()(CVE-2022-50359)

 skbuff: Account for tail adjustment during pull operations(CVE-2022-50365)

 powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue(CVE-2022-50366)

 fs: fix UAF/GPF bug in nilfs_mdt_destroy(CVE-2022-50367)

 Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure(CVE-2022-50374)

 md: fix a crash in mempool_free(CVE-2022-50381)

 NFS: Fix an Oops in nfs_d_automount()(CVE-2022-50385)

 integrity: Fix memory leakage in keyring allocation error path(CVE-2022-50395)

 nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure(CVE-2022-50401)

 drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()(CVE-2022-50402)

 net/tunnel: wait until all sk_user_data reader finish before releasing the sock(CVE-2022-50405)

 NFSD: Protect against send buffer overflow in NFSv2 READ(CVE-2022-50410)

 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()(CVE-2022-50422)

 ext4: fix off-by-one errors in fast-commit block filling(CVE-2022-50428)

 kernfs: fix use-after-free in __kernfs_remove(CVE-2022-50432)

 ext4: avoid crash when inline data creation follows DIO write(CVE-2022-50435)

 ext4: don't set up encryption key during jbd2 transaction(CVE-2022-50436)

 xfrm: Reinject transport-mode packets through workqueue(CVE-2022-50445)

 drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()(CVE-2022-50454)

 scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()(CVE-2022-50459)

 ext4: fix leaking uninitialized memory in fast-commit journal(CVE-2022-50465)

 fs/binfmt_elf: Fix memory leak in load_elf_binary()(CVE-2022-50466)

 xhci: Remove device endpoints from bandwidth list when freeing the device(CVE-2022-50470)

 IB/mad: Don't call to function that might sleep while in atomic context(CVE-2022-50472)

 iommu/vt-d: Clean up si_domain in the init_dmars() error path(CVE-2022-50482)

 block, bfq: fix possible uaf for 'bfqq-bic'(CVE-2022-50488)

 drm/mipi-dsi: Detach devices when removing the host(CVE-2022-50489)

 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash(CVE-2022-50494)

 dm cache: Fix UAF in destroy()(CVE-2022-50496)

 media: dvb-core: Fix double free in dvb_register_device()(CVE-2022-50499)

 netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed(CVE-2022-50500)

 lib/fonts: fix undefined behavior in bit shift for get_default_font(CVE-2022-50511)

 fs: dlm: fix invalid derefence of sb_lvbptr(CVE-2022-50516)

 platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()(CVE-2022-50521)

 blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()(CVE-2022-50530)

 scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()(CVE-2022-50532)

 dm thin: Use last transaction's pmd-root when commit failed(CVE-2022-50534)

 drm/amd/display: Fix potential null-deref in dm_resume(CVE-2022-50535)

 bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data(CVE-2022-50536)

 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()(CVE-2022-50544)

 ext4: fix uninititialized value in 'ext4_evict_inode'(CVE-2022-50546)

 dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata(CVE-2022-50549)

 blk-mq: use quiesced elevator switch when reinitializing queues(CVE-2022-50552)

 blk-mq: avoid double -queue_rq() because of early timeout(CVE-2022-50554)

 tipc: fix a null-ptr-deref in tipc_topsrv_accept(CVE-2022-50555)

 drm: Fix potential null-ptr-deref due to drmm_mode_config_init()(CVE-2022-50556)

 tpm: acpi: Call acpi_put_table() to fix memory leak(CVE-2022-50562)

 dm thin: Fix UAF in run_timer_softirq()(CVE-2022-50563)

 mtd: Fix device name leak when register device failed in add_mtd_device()(CVE-2022-50566)

 xfrm: Update ipcomp_scratches with NULL when freed(CVE-2022-50569)

 class: fix possible memory leak in __class_register()(CVE-2022-50578)

 arm64: ftrace: fix module PLTs with mcount(CVE-2022-50579)

 dm stats: check for and propagate alloc_percpu failure(CVE-2023-53044)

 tee: amdtee: fix race condition in amdtee_open_session(CVE-2023-53047)

 scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()(CVE-2023-53078)

 fs: prevent out-of-bounds array speculation when closing a file descriptor(CVE-2023-53117)

 scsi: core: Remove the /proc/scsi/${proc_name} directory earlier(CVE-2023-53140)

 xfrm: add NULL check in xfrm_update_ae_params(CVE-2023-53147)

 igb: Fix igb_down hung on surprise removal(CVE-2023-53148)

 scsi: qla2xxx: Pointer may be dereferenced(CVE-2023-53150)

 udf: Fix uninitialized array access for some pathnames(CVE-2023-53165)

 netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c(CVE-2023-53179)

 ACPICA: Avoid undefined behavior: applying zero offset to null pointer(CVE-2023-53182)

 ipv6/addrconf: fix a potential refcount underflow for idev(CVE-2023-53189)

 raw: Fix NULL deref in raw_get_next().(CVE-2023-53198)

 netfilter: x_tables: fix percpu counter block leak on error path when creating new netns(CVE-2023-53200)

 RDMA/bnxt_re: wraparound mbox producer index(CVE-2023-53201)

 af_unix: Fix data-races around user-unix_inflight.(CVE-2023-53204)

 nfsd: call op_release, even when op_func returns an error(CVE-2023-53241)

 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels(CVE-2023-53254)

 ubi: ensure that VID header offset + VID header size = alloc, size(CVE-2023-53265)

 net: ena: fix shift-out-of-bounds in exponential backoff(CVE-2023-53272)

 scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write(CVE-2023-53282)

 RDMA/mlx5: Return the firmware result upon destroying QP/RQ(CVE-2023-53286)

 blk-mq: fix NULL dereference on q-elevator in blk_mq_elv_switch_none(CVE-2023-53292)

 udf: Do not update file length for failed writes to inline files(CVE-2023-53295)

 sctp: check send stream number after wait_for_sndbuf(CVE-2023-53296)

 md/raid10: fix leak of 'r10bio-remaining' for recovery(CVE-2023-53299)

 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails(CVE-2023-53307)

 scsi: qla2xxx: Wait for io return on terminate rport(CVE-2023-53322)

 RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()(CVE-2023-53335)

 icmp6: Fix null-ptr-deref of ip6_null_entry-rt6i_idev in icmp6_dev().(CVE-2023-53343)

 drm/ttm: check null pointer before accessing when swapping(CVE-2023-53352)

 skbuff: skb_segment, Call zero copy functions before using skbuff frags(CVE-2023-53354)

 md/raid10: check slab-out-of-bounds in md_bitmap_get_counter(CVE-2023-53357)

 ip6mr: Fix skb_under_panic in ip6mr_cache_report()(CVE-2023-53365)

 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request(CVE-2023-53380)

 RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device(CVE-2023-53393)

 modpost: fix off by one in is_executable_section()(CVE-2023-53397)

 wifi: iwlwifi: fw: fix memory leak in debugfs(CVE-2023-53422)

 objtool: Fix memory leak in create_static_call_sections()(CVE-2023-53423)

 cifs: Fix warning and UAF when destroy the MR list(CVE-2023-53427)

 firewire: net: fix use after free in fwnet_finish_incoming_packet()(CVE-2023-53432)

 net: add vlan_get_protocol_and_depth() helper(CVE-2023-53433)

 x86/MCE: Always save CS register on AMD Zen IF Poison errors(CVE-2023-53438)

 PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free(CVE-2023-53446)

 scsi: qla2xxx: Fix potential NULL pointer dereference(CVE-2023-53451)

 HID: multitouch: Correct devm device reference for hidinput input_dev name(CVE-2023-53454)

 af_unix: Fix null-ptr-deref in unix_stream_sendpage().(CVE-2023-53469)

 ext4: improve error handling from ext4_dirhash()(CVE-2023-53473)

 iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()(CVE-2023-53476)

 ipv6: Add lwtunnel encap size of all siblings in nexthop calculation(CVE-2023-53477)

 ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed(CVE-2023-53481)

 lib: cpu_rmap: Avoid use after free on rmap-obj array entries(CVE-2023-53484)

 IB/hfi1: Fix possible panic during hotplug remove(CVE-2023-53488)

 start_kernel: Add __no_stack_protector function attribute(CVE-2023-53491)

 crypto: xts - Handle EBUSY correctly(CVE-2023-53494)

 virtio_net: Fix error unwinding of XDP initialization(CVE-2023-53499)

 xfrm: fix slab-use-after-free in decode_session6(CVE-2023-53500)

 qed: allow sleep in qed_mcp_trace_dump()(CVE-2023-53509)

 scsi: mpt3sas: Fix a memory leak(CVE-2023-53512)

 nbd: fix incomplete validation of ioctl arg(CVE-2023-53513)

 RDMA/rxe: Fix incomplete state save in rxe_requester(CVE-2023-53539)

 net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx(CVE-2023-53546)

 net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb(CVE-2023-53548)

 netfilter: ipset: Rework long task execution when adding/deleting entries(CVE-2023-53549)

 iavf: Fix use-after-free in free_netdev(CVE-2023-53556)

 ip_vti: fix potential slab-use-after-free in decode_session6(CVE-2023-53559)

 spi: qup: Don't skip cleanup in remove's error path(CVE-2023-53567)

 net/mlx5e: Check for NOT_READY flag state after locking(CVE-2023-53581)

 bpf: reject unhashed sockets in bpf_sk_assign(CVE-2023-53585)

 scsi: target: Fix multiple LUN_RESET handling(CVE-2023-53586)

 sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop(CVE-2023-53590)

 driver core: fix resource leak in device_add()(CVE-2023-53594)

 tunnels: fix kasan splat when generating ipv4 pmtu error(CVE-2023-53600)

 dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path(CVE-2023-53604)

 drm: amd: display: Fix memory leakage(CVE-2023-53605)

 irqchip: Fix refcount leak in platform_irqchip_probe(CVE-2023-53610)

 dax: Fix dax_mapping_release() use after free(CVE-2023-53613)

 netfilter: conntrack: Avoid nf_ct_helper_hash uses after free(CVE-2023-53619)

 md: fix soft lockup in status_resync(CVE-2023-53620)

 net/sched: sch_fq: fix integer overflow of 'credit'(CVE-2023-53624)

 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list(CVE-2023-53627)

 netfilter: conntrack: fix wrong ct-timeout value(CVE-2023-53635)

 rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed(CVE-2023-53655)

 iavf: Fix out-of-bounds when setting channels on remove(CVE-2023-53659)

 net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize(CVE-2023-53667)

 scsi: ses: Fix possible desc_ptr out-of-bounds accesses(CVE-2023-53675)

 scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()(CVE-2023-53676)

 NFSD: Avoid calling OPDESC() with ops-opnum == OP_ILLEGAL(CVE-2023-53680)

 xfrm: Zero padding when dumping algos and encap(CVE-2023-53684)

 tun: Fix memory leak for detached NAPI queue.(CVE-2023-53685)

 ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline(CVE-2023-53692)

 udf: Detect system inodes linked into directory hierarchy(CVE-2023-53695)

 scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()(CVE-2023-53696)

 ipv6: Fix out-of-bounds access in ipv6_find_tlv()(CVE-2023-53705)

 ring-buffer: Handle race between rb_move_tail and rb_check_pages(CVE-2023-53709)

 net: fix skb leak in __skb_tstamp_tx()(CVE-2023-53716)

 ring-buffer: Do not swap cpu_buffer during resize process(CVE-2023-53718)

 serial: arc_uart: fix of_iomap leak in `arc_serial_probe`(CVE-2023-53719)

 md: raid1: fix potential OOB in raid1_remove_disk()(CVE-2023-53722)

 arm64: csum: Fix OoB access in IP checksum code for negative lengths(CVE-2023-53726)

 posix-timers: Ensure timer ID search-loop limit is valid(CVE-2023-53728)

 net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode(CVE-2023-53733)

 scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses(CVE-2023-7324)

 Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access(CVE-2024-21823)

 PCI/ASPM: Fix link state exit during switch upstream function removal(CVE-2024-58093)

 partitions: mac: fix handling of bogus partition table(CVE-2025-21772)

 HID: ignore non-functional sensor in HP 5MP Camera(CVE-2025-21992)

 usb: xhci: Apply the link chain quirk on NEC isoc endpoints(CVE-2025-22022)

 nfsd: put dl_stid if fail to queue dl_recall(CVE-2025-22025)

 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl(CVE-2025-22044)

 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs(CVE-2025-22045)

 md/raid1,raid10: don't ignore IO flags(CVE-2025-22125)

 PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type(CVE-2025-23161)

 virtiofs: add filesystem context source name check(CVE-2025-37773)

 isofs: Prevent the use of too small fid(CVE-2025-37780)

 irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()(CVE-2025-37819)

 cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()(CVE-2025-37829)

 mm/vmscan: don't try to reclaim hwpoison folio(CVE-2025-37834)

 PCI: Fix reference leak in pci_register_host_bridge()(CVE-2025-37836)

 cifs: avoid NULL pointer dereference in dbg call(CVE-2025-37844)

 scsi: st: Fix array overflow in st_setup()(CVE-2025-37857)

 KVM: x86: Reset IRTE to host control if *new* route isn't postable(CVE-2025-37885)

 objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()(CVE-2025-37937)

 usb: typec: ucsi: displayport: Fix deadlock(CVE-2025-37967)

 block: fix resource leak in blk_register_queue() error path(CVE-2025-37980)

 usb: typec: ucsi: displayport: Fix NULL pointer access(CVE-2025-37994)

 RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem(CVE-2025-38022)

 nfs: handle failure of nfs_get_lock_context in unlock path(CVE-2025-38023)

 RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug(CVE-2025-38024)

 smb: client: Fix use-after-free in cifs_fill_dirent(CVE-2025-38051)

 espintcp: fix skb leaks(CVE-2025-38057)

 __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock(CVE-2025-38058)

 genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie(CVE-2025-38062)

 virtio: break and reset virtio devices on device_shutdown()(CVE-2025-38064)

 mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race(CVE-2025-38085)

 RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction(CVE-2025-38161)

 sch_hfsc: make hfsc_qlen_notify() idempotent(CVE-2025-38177)

 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().(CVE-2025-38181)

 net_sched: sch_sfq: reject invalid perturb period(CVE-2025-38193)

 i40e: fix MMIO write access to an invalid page in i40e_clear_hw(CVE-2025-38200)

 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX(CVE-2025-38201)

 NFSD: fix race between nfsd registration and exports_proc(CVE-2025-38232)

 software node: Correct a OOB check in software_node_get_reference_args()(CVE-2025-38342)

 net/sched: Always pass notifications when child class becomes empty(CVE-2025-38350)

 RDMA/mlx5: Initialize obj_event-obj_sub_list before xa_insert(CVE-2025-38387)

 Squashfs: check return result of sb_min_blocksize(CVE-2025-38415)

 nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request(CVE-2025-38430)

 bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT(CVE-2025-38439)

 md/raid1: Fix stack memory use after return in raid1_reshape(CVE-2025-38445)

 vsock: Fix transport_* TOCTOU(CVE-2025-38461)

 vsock: Fix transport_{g2h,h2g} TOCTOU(CVE-2025-38462)

 net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree(CVE-2025-38468)

 usb: net: sierra: check for no status endpoint(CVE-2025-38474)

 net/sched: sch_qfq: Fix race condition on qfq_aggregate(CVE-2025-38477)

 smb: client: fix use-after-free in cifs_oplock_break(CVE-2025-38527)

 iio: common: st_sensors: Fix use of uninitialize device structs(CVE-2025-38531)

 HID: core: Harden s32ton() against conversion to 0 bits(CVE-2025-38556)

 benet: fix BUG when creating VFs(CVE-2025-38569)

 net/packet: fix a race in packet_set_ring() and packet_notifier()(CVE-2025-38617)

 vsock: Do not allow binding to VMADDR_PORT_ANY(CVE-2025-38618)

 ice: Fix a null pointer dereference in ice_copy_and_init_pkg()(CVE-2025-38664)

 netfilter: nf_tables: reject duplicate device on updates(CVE-2025-38678)

 hv_netvsc: Fix panic during namespace deletion with VF(CVE-2025-38683)

 pNFS: Fix uninited ptr deref in block/scsi layout(CVE-2025-38691)

 media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()(CVE-2025-38694)

 scsi: libiscsi: Initialize iscsi_conn-dd_data only if memory is allocated(CVE-2025-38700)

 fbdev: fix potential buffer overflow in do_register_framebuffer()(CVE-2025-38702)

 loop: Avoid updating block size under exclusive owner(CVE-2025-38709)

 sctp: linearize cloned gso packets in sctp_rcv(CVE-2025-38718)

 nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()(CVE-2025-38724)

 smb3: fix for slab out of bounds on mount to ksmbd(CVE-2025-38728)

 NFS: Fix a race when updating an existing write(CVE-2025-39697)

 NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()(CVE-2025-39730)

 RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()(CVE-2025-39742)

 fs: Prevent file descriptor table allocations exceeding INT_MAX(CVE-2025-39756)

 drm/hisilicon/hibmc: fix the hibmc loaded failed bug(CVE-2025-39772)

 net: bridge: fix soft lockup in br_multicast_query_expired()(CVE-2025-39773)

 xfrm: Duplicate SPI Handling(CVE-2025-39797)

 NFS: Fix the setting of capabilities when automounting a new filesystem(CVE-2025-39798)

 bnxt_en: Fix memory corruption when FW resources change during ifdown(CVE-2025-39810)

 efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare(CVE-2025-39817)

 smb: client: fix race with concurrent opens in rename(2)(CVE-2025-39825)

 cifs: prevent NULL pointer dereference in UTF16 conversion(CVE-2025-39838)

 scsi: lpfc: Fix buffer free/clear order in deferred receive path(CVE-2025-39841)

 ppp: fix memory leak in pad_compress_skb(CVE-2025-39847)

 i40e: Fix potential invalid access when MAC list is empty(CVE-2025-39853)

 mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory(CVE-2025-39883)

 i40e: remove read access to debugfs files(CVE-2025-39901)

 mm/slub: avoid accessing metadata when pointer is invalid in object_err()(CVE-2025-39902)

 i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path(CVE-2025-39911)

 ceph: fix race condition validating r_parent before applying state(CVE-2025-39927)

 crypto: af_alg - Set merge to zero early in af_alg_sendmsg(CVE-2025-39931)

 dm-stripe: fix a possible integer overflow(CVE-2025-39940)

 cnic: Fix use-after-free bugs in cnic_delete_task(CVE-2025-39945)

 qed: Don't collect too many protection override GRC elements(CVE-2025-39949)

 tcp: Clear tcp_sk(sk)-fastopen_rsk in tcp_disconnect().(CVE-2025-39955)

 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg(CVE-2025-39964)

 i40e: fix validation of VF state in get resources(CVE-2025-39969)

 i40e: fix input validation logic for action_meta(CVE-2025-39970)

 nexthop: Forbid FDB status change while nexthop is in a group(CVE-2025-39980)

 media: rc: fix races with imon_disconnect()(CVE-2025-39993)

 media: tuner: xc5000: Fix use-after-free in xc5000_release(CVE-2025-39994)

 scsi: target: target_core_configfs: Add length check to avoid buffer overflow(CVE-2025-39998)

 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID(CVE-2025-40016)

 ipvs: Defer ip_vs_ftp unregister during netns cleanup(CVE-2025-40018)

 crypto: essiv - Check ssize for decryption and in-place encryption(CVE-2025-40019)

 tracing: dynevent: Add a missing lockdown check on dynevent(CVE-2025-40021)

 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O(CVE-2025-40026)

 pinctrl: check the return value of pinmux_ops::get_function_name()(CVE-2025-40030)

 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference(CVE-2025-40042)

 fs: udf: fix OOB read in lengthAllocDescs handling(CVE-2025-40044)

 uio_hv_generic: Let userspace take care of interrupt mask(CVE-2025-40048)

 ipv4: start using dst_dev_rcu()(CVE-2025-40074)

 tcp_metrics: use dst_dev_net_rcu()(CVE-2025-40075)

 nbd: restrict sockets to TCP and UDP(CVE-2025-40080)

 perf: arm_spe: Prevent overflow in PERF_IDX2OFF()(CVE-2025-40081)

 net/sched: sch_qfq: Fix null-deref in agg_dequeue(CVE-2025-40083)

 NFSD: Define a proc_layoutcommit for the FlexFiles layout type(CVE-2025-40087)

 KVM: arm64: Prevent access to vCPU events before init(CVE-2025-40102)

 ixgbevf: fix mailbox API compatibility by negotiating supported features(CVE-2025-40104)

 vfs: Don't leak disconnected dentries on umount(CVE-2025-40105)

 crypto: rng - Ensure set_ent is always present(CVE-2025-40109)

 drm/vmwgfx: Fix a null-ptr access in the cursor snooper(CVE-2025-40110)

 scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()(CVE-2025-40115)

 bpf: Enforce expected_attach_type for tailcall compatibility(CVE-2025-40123)

 dm: fix NULL pointer dereference in __dm_suspend()(CVE-2025-40134)

 mm: hugetlb: avoid soft lockup when mprotect to large memory area(CVE-2025-40153)

 EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller(CVE-2025-40157)

 usbnet: Fix using smp_processor_id() in preemptible code warnings(CVE-2025-40164)

 ext4: detect invalid INLINE_DATA + EXTENTS flag combination(CVE-2025-40167)

 pid: Add a judgment for ns null in pid_nr_ns(CVE-2025-40178)

 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()(CVE-2025-40194)

 fs: quota: create dedicated workqueue for quota_release_work(CVE-2025-40196)

 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()(CVE-2025-40198)

 x86/vmscape: Add conditional IBPB mitigation(CVE-2025-40300)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?38a2524f

Plugin Details

Severity: High

ID: 302981

File Name: EulerOS_SA-2026-1637.nasl

Version: 1.1

Type: local

Published: 3/18/2026

Updated: 3/18/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-39955

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, cpe:/o:huawei:euleros:uvp:2.13.1, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/18/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-21546, CVE-2022-49426, CVE-2022-49444, CVE-2022-49534, CVE-2022-49568, CVE-2022-49624, CVE-2022-49731, CVE-2022-49770, CVE-2022-49771, CVE-2022-49783, CVE-2022-49822, CVE-2022-49824, CVE-2022-49828, CVE-2022-49829, CVE-2022-49851, CVE-2022-49937, CVE-2022-49938, CVE-2022-49958, CVE-2022-49975, CVE-2022-49981, CVE-2022-49986, CVE-2022-49987, CVE-2022-49993, CVE-2022-50004, CVE-2022-50007, CVE-2022-50033, CVE-2022-50041, CVE-2022-50042, CVE-2022-50045, CVE-2022-50053, CVE-2022-50072, CVE-2022-50080, CVE-2022-50085, CVE-2022-50087, CVE-2022-50092, CVE-2022-50093, CVE-2022-50116, CVE-2022-50127, CVE-2022-50149, CVE-2022-50171, CVE-2022-50211, CVE-2022-50235, CVE-2022-50241, CVE-2022-50243, CVE-2022-50246, CVE-2022-50250, CVE-2022-50252, CVE-2022-50272, CVE-2022-50274, CVE-2022-50282, CVE-2022-50285, CVE-2022-50299, CVE-2022-50304, CVE-2022-50314, CVE-2022-50334, CVE-2022-50341, CVE-2022-50348, CVE-2022-50352, CVE-2022-50356, CVE-2022-50359, CVE-2022-50365, CVE-2022-50366, CVE-2022-50367, CVE-2022-50374, CVE-2022-50381, CVE-2022-50385, CVE-2022-50395, CVE-2022-50401, CVE-2022-50402, CVE-2022-50405, CVE-2022-50410, CVE-2022-50422, CVE-2022-50428, CVE-2022-50432, CVE-2022-50435, CVE-2022-50436, CVE-2022-50445, CVE-2022-50454, CVE-2022-50459, CVE-2022-50465, CVE-2022-50466, CVE-2022-50470, CVE-2022-50472, CVE-2022-50482, CVE-2022-50488, CVE-2022-50489, CVE-2022-50494, CVE-2022-50496, CVE-2022-50499, CVE-2022-50500, CVE-2022-50511, CVE-2022-50516, CVE-2022-50521, CVE-2022-50530, CVE-2022-50532, CVE-2022-50534, CVE-2022-50535, CVE-2022-50536, CVE-2022-50544, CVE-2022-50546, CVE-2022-50549, CVE-2022-50552, CVE-2022-50554, CVE-2022-50555, CVE-2022-50556, CVE-2022-50562, CVE-2022-50563, CVE-2022-50566, CVE-2022-50569, CVE-2022-50578, CVE-2022-50579, CVE-2023-53044, CVE-2023-53047, CVE-2023-53078, CVE-2023-53117, CVE-2023-53140, CVE-2023-53147, CVE-2023-53148, CVE-2023-53150, CVE-2023-53165, CVE-2023-53179, CVE-2023-53182, CVE-2023-53189, CVE-2023-53198, CVE-2023-53200, CVE-2023-53201, CVE-2023-53204, CVE-2023-53241, CVE-2023-53254, CVE-2023-53265, CVE-2023-53272, CVE-2023-53282, CVE-2023-53286, CVE-2023-53292, CVE-2023-53295, CVE-2023-53296, CVE-2023-53299, CVE-2023-53307, CVE-2023-53322, CVE-2023-53335, CVE-2023-53343, CVE-2023-53352, CVE-2023-53354, CVE-2023-53357, CVE-2023-53365, CVE-2023-53380, CVE-2023-53393, CVE-2023-53397, CVE-2023-53422, CVE-2023-53423, CVE-2023-53427, CVE-2023-53432, CVE-2023-53433, CVE-2023-53438, CVE-2023-53446, CVE-2023-53451, CVE-2023-53454, CVE-2023-53473, CVE-2023-53476, CVE-2023-53477, CVE-2023-53481, CVE-2023-53484, CVE-2023-53488, CVE-2023-53491, CVE-2023-53494, CVE-2023-53499, CVE-2023-53500, CVE-2023-53509, CVE-2023-53512, CVE-2023-53513, CVE-2023-53539, CVE-2023-53546, CVE-2023-53548, CVE-2023-53549, CVE-2023-53556, CVE-2023-53559, CVE-2023-53567, CVE-2023-53581, CVE-2023-53585, CVE-2023-53586, CVE-2023-53590, CVE-2023-53594, CVE-2023-53600, CVE-2023-53604, CVE-2023-53605, CVE-2023-53610, CVE-2023-53613, CVE-2023-53619, CVE-2023-53620, CVE-2023-53624, CVE-2023-53627, CVE-2023-53635, CVE-2023-53655, CVE-2023-53659, CVE-2023-53667, CVE-2023-53675, CVE-2023-53676, CVE-2023-53680, CVE-2023-53684, CVE-2023-53685, CVE-2023-53692, CVE-2023-53695, CVE-2023-53696, CVE-2023-53705, CVE-2023-53709, CVE-2023-53716, CVE-2023-53718, CVE-2023-53719, CVE-2023-53722, CVE-2023-53726, CVE-2023-53728, CVE-2023-53733, CVE-2023-7324, CVE-2024-21823, CVE-2024-58093, CVE-2025-21772, CVE-2025-21992, CVE-2025-22022, CVE-2025-22025, CVE-2025-22044, CVE-2025-22045, CVE-2025-22125, CVE-2025-23161, CVE-2025-37773, CVE-2025-37780, CVE-2025-37819, CVE-2025-37829, CVE-2025-37834, CVE-2025-37836, CVE-2025-37844, CVE-2025-37857, CVE-2025-37885, CVE-2025-37937, CVE-2025-37967, CVE-2025-37980, CVE-2025-37994, CVE-2025-38022, CVE-2025-38023, CVE-2025-38024, CVE-2025-38051, CVE-2025-38057, CVE-2025-38058, CVE-2025-38062, CVE-2025-38064, CVE-2025-38085, CVE-2025-38161, CVE-2025-38177, CVE-2025-38181, CVE-2025-38193, CVE-2025-38200, CVE-2025-38201, CVE-2025-38232, CVE-2025-38342, CVE-2025-38350, CVE-2025-38387, CVE-2025-38415, CVE-2025-38430, CVE-2025-38439, CVE-2025-38445, CVE-2025-38461, CVE-2025-38462, CVE-2025-38468, CVE-2025-38474, CVE-2025-38477, CVE-2025-38527, CVE-2025-38531, CVE-2025-38556, CVE-2025-38569, CVE-2025-38617, CVE-2025-38618, CVE-2025-38664, CVE-2025-38678, CVE-2025-38683, CVE-2025-38691, CVE-2025-38694, CVE-2025-38700, CVE-2025-38702, CVE-2025-38709, CVE-2025-38718, CVE-2025-38724, CVE-2025-38728, CVE-2025-39697, CVE-2025-39730, CVE-2025-39742, CVE-2025-39756, CVE-2025-39772, CVE-2025-39773, CVE-2025-39797, CVE-2025-39798, CVE-2025-39810, CVE-2025-39817, CVE-2025-39825, CVE-2025-39838, CVE-2025-39841, CVE-2025-39847, CVE-2025-39853, CVE-2025-39883, CVE-2025-39901, CVE-2025-39902, CVE-2025-39911, CVE-2025-39927, CVE-2025-39931, CVE-2025-39940, CVE-2025-39945, CVE-2025-39949, CVE-2025-39955, CVE-2025-39964, CVE-2025-39969, CVE-2025-39970, CVE-2025-39980, CVE-2025-39993, CVE-2025-39994, CVE-2025-39998, CVE-2025-40016, CVE-2025-40018, CVE-2025-40019, CVE-2025-40021, CVE-2025-40026, CVE-2025-40030, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40074, CVE-2025-40075, CVE-2025-40080, CVE-2025-40081, CVE-2025-40083, CVE-2025-40087, CVE-2025-40102, CVE-2025-40104, CVE-2025-40105, CVE-2025-40109, CVE-2025-40110, CVE-2025-40115, CVE-2025-40123, CVE-2025-40134, CVE-2025-40153, CVE-2025-40157, CVE-2025-40164, CVE-2025-40167, CVE-2025-40178, CVE-2025-40194, CVE-2025-40196, CVE-2025-40198, CVE-2025-40300