Detections
Analytics

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2049)

critical Nessus Plugin ID 319313

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 ACPI: CPPC: Avoid out of bounds access when parsing _CPC data(CVE-2022-49145)

 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()(CVE-2022-50422)

 usb: idmouse: fix an uninit-value in idmouse_open(CVE-2022-50733)

 tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak(CVE-2022-50824)

 mmc: via-sdmmc: fix return value check of mmc_add_host()(CVE-2022-50846)

 bpf, cpumap: Make sure kthread is running before map update returns(CVE-2023-53577)

 netlink: fix potential deadlock in netlink_set_err()(CVE-2023-53731)

 ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()(CVE-2023-53826)

 udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().(CVE-2023-54004)

 af_unix: Fix data-race around unix_tot_inflight.(CVE-2023-54006)

 usb: rndis_host: Secure rndis_query check against int overflow(CVE-2023-54110)

 md/raid10: fix memleak for 'conf-bio_split'(CVE-2023-54123)

 autofs: fix memory leak of waitqueues in autofs_catatonic_mode(CVE-2023-54134)

 RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()(CVE-2023-54168)

 scsi: qla2xxx: Array index may go out of bound(CVE-2023-54179)

 net: Fix load-tearing on sk-sk_stamp in sock_recv_cmsgs().(CVE-2023-54218)

 ipv6: Fix an uninit variable access bug in __ip6_make_skb()(CVE-2023-54265)

 media: av7110: prevent underflow in write_ts_to_decoder()(CVE-2023-54284)

 dm flakey: don't corrupt the zero page(CVE-2023-54317)

 net: bridge: fix soft lockup in br_multicast_query_expired()(CVE-2025-39773)

 e1000: fix OOB in e1000_tbi_should_accept()(CVE-2025-71093)

 nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec(CVE-2026-23112)

 mISDN: annotate data-race around dev-work(CVE-2026-23121)

 macvlan: fix error recovery in macvlan_common_newlink()(CVE-2026-23209)

 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()(CVE-2026-23216)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?56ab4dbb

Plugin Details

Severity: Critical

ID: 319313

File Name: EulerOS_SA-2026-2049.nasl

Version: 1.1

Type: Local

Published: 6/6/2026

Updated: 6/6/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23112

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:huawei:euleros:uvp:2.10.0, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-abi-stablelists

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/1/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-49145, CVE-2022-50422, CVE-2022-50733, CVE-2022-50824, CVE-2022-50846, CVE-2023-53577, CVE-2023-53731, CVE-2023-53826, CVE-2023-54004, CVE-2023-54006, CVE-2023-54110, CVE-2023-54123, CVE-2023-54134, CVE-2023-54168, CVE-2023-54179, CVE-2023-54218, CVE-2023-54265, CVE-2023-54284, CVE-2023-54317, CVE-2025-39773, CVE-2025-71093, CVE-2026-23112, CVE-2026-23121, CVE-2026-23209, CVE-2026-23216