Detections
Analytics

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2247)

high Nessus Plugin ID 319967

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 crypto: algif_aead - Revert to operating out-of-place(CVE-2026-31431)

 nfsd: fix RELEASE_LOCKOWNER(CVE-2024-26629)

 bonding: limit BOND_MODE_8023AD to Ethernet devices(CVE-2026-23099)

 iommu: disable SVA when CONFIG_X86 is set(CVE-2025-71089)

 tls: Fix race condition in tls_sw_cancel_work_tx()(CVE-2026-23240)

 apparmor: replace recursive profile removal with iterative approach(CVE-2026-23404)

 macvlan: observe an RCU grace period in macvlan_common_newlink() error path(CVE-2026-23273)

 mm/hugetlb: fix hugetlb_pmd_shared()(CVE-2026-23100)

 ethtool: Avoid overflowing userspace buffer on stats query(CVE-2025-68795)

 uacce: ensure safe queue release with state management(CVE-2026-23063)

 leds: led-class: Only Add LED to leds_list when it is fully ready(CVE-2026-23101)

 smb: client: Don#39;t log plaintext credentials in cifs_set_cifscreds(CVE-2026-23303)

 uacce: implement mremap in uacce_vm_ops to return -EPERM(CVE-2026-23056)

 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit(CVE-2026-23277)

 netfilter: xt_CT: drop pending enqueued packets on template removal(CVE-2026-23391)

 apparmor: validate DFA start states are in bounds in unpack_pdb(CVE-2026-23269)

 macvlan: fix error recovery in macvlan_common_newlink()(CVE-2026-23209)

 regmap: Fix race condition in hwspinlock irqsave routine(CVE-2026-23071)

 net: usb: kaweth: validate USB endpoints(CVE-2026-23312)

 NFSD: Defer sub-object cleanup in export put callbacks(CVE-2026-31404)

 apparmor: fix side-effect bug in match_char() macro usage(CVE-2026-23406)

 nfnetlink_osf: validate individual option lengths in fingerprints(CVE-2026-23397)

 Squashfs: check metadata block offset is within range(CVE-2026-23388)

 uacce: fix isolate sysfs check condition(CVE-2026-23094)

 net: add xmit recursion limit to tunnel xmit functions(CVE-2026-23276)

 net/sched: Enforce that teql can only be used as root qdisc(CVE-2026-23074)

 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()(CVE-2026-23216)

 RDMA/umad: Reject negative data_len in ib_umad_write(CVE-2026-23243)

 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions(CVE-2026-23317)

 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly(CVE-2025-71096)

 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag(CVE-2026-23105)

 net: usb: kalmia: validate USB endpoints(CVE-2026-23365)

 net: usb: pegasus: validate USB endpoints(CVE-2026-23290)

 bonding: provide a net pointer to __skb_flow_dissect()(CVE-2026-23119)

 nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()(CVE-2026-23179)

 nvme-fc: release admin tagset if init fails(CVE-2026-23261)

 sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT(CVE-2026-23125)

 icmp: fix NULL pointer dereference in icmp_tag_validation()(CVE-2026-23398)

 net: usb: pegasus: fix memory leak in update_eth_regs_async()(CVE-2026-23021)

 scsi: qla2xxx: Delay module unload while fabric scan in progress(CVE-2025-71235)

 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels(CVE-2026-23274)

 x86/CPU/AMD: Add RDSEED fix for Zen5(CVE-2025-68313)

 vsock/virtio: fix potential underflow in virtio_transport_get_credit()(CVE-2026-23069)

 ip6_gre: make ip6gre_header() robust(CVE-2025-71098)

 platform/x86: classmate-laptop: Add missing NULL pointer checks(CVE-2026-23237)

 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset(CVE-2026-22976)

 tracing: Add recursion protection in kernel stack trace recording(CVE-2026-23138)

 scsi: qla2xxx: Fix bsg_done() causing double free(CVE-2025-71238)

 vsock/virtio: cap TX credit to local buffer size(CVE-2026-23086)

 netfilter: nf_tables: avoid chain re-validation if possible(CVE-2025-71160)

 io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop(CVE-2026-23113)

 apparmor: fix race on rawdata dereference(CVE-2026-23410)

 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()(CVE-2026-23193)

 apparmor: Fix double free of ns_name in aa_replace_profiles()(CVE-2026-23408)

 apparmor: fix race between freeing data and fs accessing it(CVE-2026-23411)

 bonding: annotate data-races around slave-gt;last_rx(CVE-2026-23212)

 be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list(CVE-2026-23084)

 inet: frags: flush pending skbs in fqdir_pre_exit()(CVE-2025-68768)

 netfilter: nf_tables: unconditionally bump set-gt;nelems before insertion(CVE-2026-23272)

 apparmor: fix differential encoding verification(CVE-2026-23409)

 net/sched: cls_u32: use skb_header_pointer_careful()(CVE-2026-23204)

 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs(CVE-2026-23340)

 scsi: target: Fix recursive locking in __configfs_open_file()(CVE-2026-23292)

 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase(CVE-2026-23351)

 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop(CVE-2026-23300)

 apparmor: fix: limit the number of levels of policy namespaces(CVE-2026-23405)

 scsi: qla2xxx: Validate sp before freeing associated memory(CVE-2025-71236)

 nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec(CVE-2026-23112)

 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race(CVE-2026-23271)

 scsi: qla2xxx: Free sp in error path to fix system crash(CVE-2025-71232)

 apparmor: fix unprivileged local user can do privileged policy management(CVE-2026-23268)

 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()(CVE-2026-23304)

 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()(CVE-2026-23407)

 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref(CVE-2026-23145)

 media: dvb-core: fix wrong reinitialization of ringbuffer on reopen(CVE-2026-23253)

 net: fix segmentation of forwarding fraglist GRO(CVE-2026-23154)

 Input: alps - fix use-after-free bugs caused by dev3_register_work(CVE-2025-68822)

 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock(CVE-2026-23368)

 crypto: authencesn - reject too-short AAD (assoclenlt;8) to match ESP/ESN spec(CVE-2026-23060)

 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled(CVE-2026-23381)

 apparmor: fix memory leak in verify_header(CVE-2026-23403)

 x86/efi: defer freeing of boot services memory(CVE-2026-23352)

 l2tp: avoid one data-race in l2tp_tunnel_del_work()(CVE-2026-23120)

 KVM: Don#39;t clobber irqfd routing type when deassigning irqfd(CVE-2026-23198)

 netdevsim: fix a race issue related to the operation on bpf_bound_progs list(CVE-2026-23126)

 net: add proper RCU protection to /proc/net/ptype(CVE-2026-23255)

 ice: Fix memory leak in ice_set_ringparam()(CVE-2026-23389)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?87c5405c

Plugin Details

Severity: High

ID: 319967

File Name: EulerOS_SA-2026-2247.nasl

Version: 1.1

Type: Local

Published: 6/9/2026

Updated: 6/9/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23112

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.6

Threat Score: 8.6

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-31431

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs-devel, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:perf, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/8/2026

Vulnerability Publication Date: 2/29/2024

CISA Known Exploited Vulnerability Due Dates: 5/15/2026

Reference Information

CVE: CVE-2024-26629, CVE-2025-68313, CVE-2025-68768, CVE-2025-68795, CVE-2025-68822, CVE-2025-71089, CVE-2025-71096, CVE-2025-71098, CVE-2025-71160, CVE-2025-71232, CVE-2025-71235, CVE-2025-71236, CVE-2025-71238, CVE-2026-22976, CVE-2026-23021, CVE-2026-23056, CVE-2026-23060, CVE-2026-23063, CVE-2026-23069, CVE-2026-23071, CVE-2026-23074, CVE-2026-23084, CVE-2026-23086, CVE-2026-23094, CVE-2026-23099, CVE-2026-23100, CVE-2026-23101, CVE-2026-23105, CVE-2026-23112, CVE-2026-23113, CVE-2026-23119, CVE-2026-23120, CVE-2026-23125, CVE-2026-23126, CVE-2026-23138, CVE-2026-23145, CVE-2026-23154, CVE-2026-23179, CVE-2026-23193, CVE-2026-23198, CVE-2026-23204, CVE-2026-23209, CVE-2026-23212, CVE-2026-23216, CVE-2026-23237, CVE-2026-23240, CVE-2026-23243, CVE-2026-23253, CVE-2026-23255, CVE-2026-23261, CVE-2026-23268, CVE-2026-23269, CVE-2026-23271, CVE-2026-23272, CVE-2026-23273, CVE-2026-23274, CVE-2026-23276, CVE-2026-23277, CVE-2026-23290, CVE-2026-23292, CVE-2026-23300, CVE-2026-23303, CVE-2026-23304, CVE-2026-23312, CVE-2026-23317, CVE-2026-23340, CVE-2026-23351, CVE-2026-23352, CVE-2026-23365, CVE-2026-23368, CVE-2026-23381, CVE-2026-23388, CVE-2026-23389, CVE-2026-23391, CVE-2026-23397, CVE-2026-23398, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411, CVE-2026-31404, CVE-2026-31431