Detections
Analytics

EulerOS Virtualization 2.12.0 : kernel (EulerOS-SA-2026-2102)

critical Nessus Plugin ID 319345

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 netfilter: ctnetlink: remove refcounting in expectation dumpers(CVE-2025-39764)

 nvme: nvme-fc: Ensure -ioerr_work is cancelled in nvme_fc_delete_ctrl()(CVE-2025-40261)

 ipv4: ip_gre: make ipgre_header() robust(CVE-2026-23011)

 bonding: limit BOND_MODE_8023AD to Ethernet devices(CVE-2026-23099)

 iommu: disable SVA when CONFIG_X86 is set(CVE-2025-71089)

 mm/hugetlb: fix hugetlb_pmd_shared()(CVE-2026-23100)

 uacce: ensure safe queue release with state management(CVE-2026-23063)

 scsi: target: Reset t_task_cdb pointer in error case(CVE-2025-68782)

 leds: led-class: Only Add LED to leds_list when it is fully ready(CVE-2026-23101)

 usb: typec: ucsi: Handle incorrect num_connectors capability(CVE-2025-71108)

 net/sched: sch_qfq: do not free existing class in qfq_change_class()(CVE-2026-22999)

 SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf(CVE-2025-71120)

 perf/x86/amd: Check event before enable to avoid GPF(CVE-2025-68798)

 libceph: make decode_pool() more resilient against corrupted osdmaps(CVE-2025-71116)

 NFSD: NFSv4 file creation neglects setting ACL(CVE-2025-68803)

 x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1(CVE-2026-23005)

 nbd: defer config put in recv_work(CVE-2025-68372)

 net: hns3: using the num_tqps in the vf driver to apply for resources(CVE-2025-71064)

 net: sock: fix hardened usercopy panic in sock_recv_errqueue(CVE-2026-22977)

 uacce: implement mremap in uacce_vm_ops to return -EPERM(CVE-2026-23056)

 irqchip/gic-v3-its: Avoid truncating memory addresses(CVE-2026-23085)

 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer(CVE-2025-71104)

 net: openvswitch: fix middle attribute validation in push_nsh() action(CVE-2025-68785)

 libceph: make calc_target() set t-paused, not just clear it(CVE-2026-23047)

 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags(CVE-2025-68764)

 macvlan: fix error recovery in macvlan_common_newlink()(CVE-2026-23209)

 regmap: Fix race condition in hwspinlock irqsave routine(CVE-2026-23071)

 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec(CVE-2026-22998)

 net: hns3: add VLAN id validation before using(CVE-2025-71112)

 sctp: Prevent TOCTOU out-of-bounds write(CVE-2025-40331)

 crypto: virtio - Add spinlock protection with virtqueue notification(CVE-2026-23229)

 uacce: fix isolate sysfs check condition(CVE-2026-23094)

 net/sched: Enforce that teql can only be used as root qdisc(CVE-2026-23074)

 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()(CVE-2026-23216)

 ipvlan: Make the addrs_lock be per port(CVE-2026-23103)

 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly(CVE-2025-71096)

 net: hv_netvsc: reject RSS hash key programming without RX indirection table(CVE-2026-23054)

 nfsd: provide locking for v4_end_grace(CVE-2026-22980)

 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag(CVE-2026-23105)

 ACPICA: Avoid walking the Namespace if start_node is NULL(CVE-2025-71118)

 nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()(CVE-2026-23179)

 tpm: Cap the number of PCR banks(CVE-2025-71077)

 sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT(CVE-2026-23125)

 migrate: correct lock ordering for hugetlb file folios(CVE-2026-23097)

 net: usb: pegasus: fix memory leak in update_eth_regs_async()(CVE-2026-23021)

 net/mlx5: fw_tracer, Validate format string parameters(CVE-2025-68816)

 scsi: qla2xxx: Delay module unload while fabric scan in progress(CVE-2025-71235)

 net: use dst_dev_rcu() in sk_setup_caps()(CVE-2025-40170)

 pNFS: Fix a deadlock when returning a delegation during open()(CVE-2026-23050)

 scsi: Revert 'scsi: qla2xxx: Perform lockless command completion in abort path'(CVE-2025-68818)

 ipvs: fix ipv4 null-ptr-deref in route error path(CVE-2025-68813)

 fsnotify: do not generate ACCESS/MODIFY events on child for special files(CVE-2025-68788)

 vsock/virtio: fix potential underflow in virtio_transport_get_credit()(CVE-2026-23069)

 ip6_gre: make ip6gre_header() robust(CVE-2025-71098)

 platform/x86: classmate-laptop: Add missing NULL pointer checks(CVE-2026-23237)

 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset(CVE-2026-22976)

 blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init(CVE-2023-54271)

 KVM: arm64: Prevent access to vCPU events before init(CVE-2025-40102)

 tracing: Add recursion protection in kernel stack trace recording(CVE-2026-23138)

 scsi: qla2xxx: Fix bsg_done() causing double free(CVE-2025-71238)

 mm/secretmem: fix use-after-free race in fault handler(CVE-2025-40272)

 vsock/virtio: cap TX credit to local buffer size(CVE-2026-23086)

 iomap: adjust read range correctly for non-block-aligned positions(CVE-2025-68794)

 ipv6: use RCU in ip6_xmit()(CVE-2025-40135)

 libceph: make free_choose_arg_map() resilient to partial allocation(CVE-2026-22991)

 tracing: Do not register unsupported perf events(CVE-2025-71125)

 netfilter: nf_tables: avoid chain re-validation if possible(CVE-2025-71160)

 io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop(CVE-2026-23113)

 HID: uclogic: Correct devm device reference for hidinput input_dev name(CVE-2023-54207)

 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()(CVE-2026-23193)

 scsi: core: Wake up the error handler when final completions race against each other(CVE-2026-23110)

 vsock: fix lock inversion in vsock_assign_transport()(CVE-2025-40231)

 bonding: annotate data-races around slave-last_rx(CVE-2026-23212)

 be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list(CVE-2026-23084)

 inet: frags: flush pending skbs in fqdir_pre_exit()(CVE-2025-68768)

 ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()(CVE-2026-23003)

 io_uring: fix filename leak in __io_openat_prep()(CVE-2025-68814)

 RDMA/cm: Fix leaking the multicast GID table reference(CVE-2025-71084)

 net/sched: cls_u32: use skb_header_pointer_careful()(CVE-2026-23204)

 wifi: avoid kernel-infoleak from struct iw_point(CVE-2026-22978)

 scsi: qla2xxx: Validate sp before freeing associated memory(CVE-2025-71236)

 nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec(CVE-2026-23112)

 scsi: qla2xxx: Free sp in error path to fix system crash(CVE-2025-71232)

 ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()(CVE-2025-71085)

 macvlan: fix possible UAF in macvlan_forward_source()(CVE-2026-23001)

 drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP(CVE-2023-54263)

 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()(CVE-2025-68819)

 crypto: seqiv - Do not use req-iv after crypto_aead_encrypt(CVE-2025-71131)

 blk-mq: fix tags leak when shrink nr_hw_queues(CVE-2023-54227)

 net: usb: rtl8150: fix memory leak on usb_submit_urb() failure(CVE-2025-71154)

 ipv6: use RCU in ip6_output()(CVE-2025-40158)

 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()(CVE-2026-22990)

 net: fix segmentation of forwarding fraglist GRO(CVE-2026-23154)

 sched/deadline: only set free_cpus for online runqueues(CVE-2025-68780)

 crypto: authencesn - reject too-short AAD (assoclen8) to match ESP/ESN spec(CVE-2026-23060)

 l2tp: avoid one data-race in l2tp_tunnel_del_work()(CVE-2026-23120)

 ipv4: Fix reference count leak when using error routes with nexthop objects(CVE-2025-71097)

 uacce: fix cdev handling in the cleanup path(CVE-2026-23096)

 pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()(CVE-2026-23038)

 KVM: Don't clobber irqfd routing type when deassigning irqfd(CVE-2026-23198)

 netdevsim: fix a race issue related to the operation on bpf_bound_progs list(CVE-2026-23126)

 RDMA/umad: Reject negative data_len in ib_umad_write(CVE-2026-23243)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?47381389

Plugin Details

Severity: Critical

ID: 319345

File Name: EulerOS_SA-2026-2102.nasl

Version: 1.1

Type: Local

Published: 6/6/2026

Updated: 6/6/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23112

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:huawei:euleros:uvp:2.12.0, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/2/2026

Vulnerability Publication Date: 9/11/2025

Reference Information

CVE: CVE-2023-54207, CVE-2023-54227, CVE-2023-54263, CVE-2023-54271, CVE-2025-39764, CVE-2025-40102, CVE-2025-40135, CVE-2025-40158, CVE-2025-40170, CVE-2025-40231, CVE-2025-40261, CVE-2025-40272, CVE-2025-40331, CVE-2025-68372, CVE-2025-68764, CVE-2025-68768, CVE-2025-68780, CVE-2025-68782, CVE-2025-68785, CVE-2025-68788, CVE-2025-68794, CVE-2025-68798, CVE-2025-68803, CVE-2025-68813, CVE-2025-68814, CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-71064, CVE-2025-71077, CVE-2025-71084, CVE-2025-71085, CVE-2025-71089, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71104, CVE-2025-71108, CVE-2025-71112, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71125, CVE-2025-71131, CVE-2025-71154, CVE-2025-71160, CVE-2025-71232, CVE-2025-71235, CVE-2025-71236, CVE-2025-71238, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22980, CVE-2026-22990, CVE-2026-22991, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23005, CVE-2026-23011, CVE-2026-23021, CVE-2026-23038, CVE-2026-23047, CVE-2026-23050, CVE-2026-23054, CVE-2026-23056, CVE-2026-23060, CVE-2026-23063, CVE-2026-23069, CVE-2026-23071, CVE-2026-23074, CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23094, CVE-2026-23096, CVE-2026-23097, CVE-2026-23099, CVE-2026-23100, CVE-2026-23101, CVE-2026-23103, CVE-2026-23105, CVE-2026-23110, CVE-2026-23112, CVE-2026-23113, CVE-2026-23120, CVE-2026-23125, CVE-2026-23126, CVE-2026-23138, CVE-2026-23154, CVE-2026-23179, CVE-2026-23193, CVE-2026-23198, CVE-2026-23204, CVE-2026-23209, CVE-2026-23212, CVE-2026-23216, CVE-2026-23229, CVE-2026-23237, CVE-2026-23243