Detections
Analytics

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2293)

high Nessus Plugin ID 320255

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 iommu/sva: invalidate stale IOTLB entries for kernel address space(CVE-2025-71202)

 iommu: disable SVA when CONFIG_X86 is set(CVE-2025-71089)

 tls: Fix race condition in tls_sw_cancel_work_tx()(CVE-2026-23240)

 apparmor: replace recursive profile removal with iterative approach(CVE-2026-23404)

 macvlan: observe an RCU grace period in macvlan_common_newlink() error path(CVE-2026-23273)

 mm/hugetlb: fix hugetlb_pmd_shared()(CVE-2026-23100)

 leds: led-class: Only Add LED to leds_list when it is fully ready(CVE-2026-23101)

 smb: client: Don#39;t log plaintext credentials in cifs_set_cifscreds(CVE-2026-23303)

 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit(CVE-2026-23277)

 crypto: algif_aead - Revert to operating out-of-place(CVE-2026-31431)

 netfilter: xt_CT: drop pending enqueued packets on template removal(CVE-2026-23391)

 apparmor: validate DFA start states are in bounds in unpack_pdb(CVE-2026-23269)

 net: usb: kaweth: validate USB endpoints(CVE-2026-23312)

 NFSD: Defer sub-object cleanup in export put callbacks(CVE-2026-31404)

 apparmor: fix side-effect bug in match_char() macro usage(CVE-2026-23406)

 nfnetlink_osf: validate individual option lengths in fingerprints(CVE-2026-23397)

 crypto: virtio - Add spinlock protection with virtqueue notification(CVE-2026-23229)

 Squashfs: check metadata block offset is within range(CVE-2026-23388)

 net: add xmit recursion limit to tunnel xmit functions(CVE-2026-23276)

 RDMA/umad: Reject negative data_len in ib_umad_write(CVE-2026-23243)

 net: annotate data-races around sk-gt;sk_{data_ready,write_space}(CVE-2026-23302)

 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions(CVE-2026-23317)

 net: usb: kalmia: validate USB endpoints(CVE-2026-23365)

 tcp: secure_seq: add back ports to TS offset(CVE-2026-23247)

 net: usb: pegasus: validate USB endpoints(CVE-2026-23290)

 bonding: provide a net pointer to __skb_flow_dissect()(CVE-2026-23119)

 nvme-fc: release admin tagset if init fails(CVE-2026-23261)

 sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT(CVE-2026-23125)

 icmp: fix NULL pointer dereference in icmp_tag_validation()(CVE-2026-23398)

 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled(CVE-2026-23293)

 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels(CVE-2026-23274)

 vsock/virtio: fix potential underflow in virtio_transport_get_credit()(CVE-2026-23069)

 platform/x86: classmate-laptop: Add missing NULL pointer checks(CVE-2026-23237)

 ipv6: add NULL checks for idev in SRv6 paths(CVE-2026-23442)

 scsi: qla2xxx: Fix bsg_done() causing double free(CVE-2025-71238)

 vsock/virtio: cap TX credit to local buffer size(CVE-2026-23086)

 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting(CVE-2026-23371)

 apparmor: fix race on rawdata dereference(CVE-2026-23410)

 apparmor: Fix double free of ns_name in aa_replace_profiles()(CVE-2026-23408)

 apparmor: fix race between freeing data and fs accessing it(CVE-2026-23411)

 netfilter: nf_tables: unconditionally bump set-gt;nelems before insertion(CVE-2026-23272)

 apparmor: fix differential encoding verification(CVE-2026-23409)

 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs(CVE-2026-23340)

 scsi: target: Fix recursive locking in __configfs_open_file()(CVE-2026-23292)

 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase(CVE-2026-23351)

 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop(CVE-2026-23300)

 apparmor: fix: limit the number of levels of policy namespaces(CVE-2026-23405)

 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race(CVE-2026-23271)

 blktrace: fix __this_cpu_read/write in preemptible context(CVE-2026-23374)

 apparmor: fix unprivileged local user can do privileged policy management(CVE-2026-23268)

 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()(CVE-2026-23304)

 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()(CVE-2026-23407)

 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref(CVE-2026-23145)

 media: dvb-core: fix wrong reinitialization of ringbuffer on reopen(CVE-2026-23253)

 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock(CVE-2026-23368)

 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled(CVE-2026-23381)

 apparmor: fix memory leak in verify_header(CVE-2026-23403)

 x86/efi: defer freeing of boot services memory(CVE-2026-23352)

 net: add proper RCU protection to /proc/net/ptype(CVE-2026-23255)

 ice: Fix memory leak in ice_set_ringparam()(CVE-2026-23389)

 bonding: limit BOND_MODE_8023AD to Ethernet devices(CVE-2026-23099)

 uacce: ensure safe queue release with state management(CVE-2026-23063)

 uacce: implement mremap in uacce_vm_ops to return -EPERM(CVE-2026-23056)

 macvlan: fix error recovery in macvlan_common_newlink()(CVE-2026-23209)

 regmap: Fix race condition in hwspinlock irqsave routine(CVE-2026-23071)

 net/sched: Enforce that teql can only be used as root qdisc(CVE-2026-23074)

 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()(CVE-2026-23216)

 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag(CVE-2026-23105)

 nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()(CVE-2026-23179)

 scsi: qla2xxx: Delay module unload while fabric scan in progress(CVE-2025-71235)

 tracing: Add recursion protection in kernel stack trace recording(CVE-2026-23138)

 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()(CVE-2026-23193)

 bonding: annotate data-races around slave-gt;last_rx(CVE-2026-23212)

 be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list(CVE-2026-23084)

 net/sched: cls_u32: use skb_header_pointer_careful()(CVE-2026-23204)

 scsi: qla2xxx: Validate sp before freeing associated memory(CVE-2025-71236)

 nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec(CVE-2026-23112)

 scsi: qla2xxx: Free sp in error path to fix system crash(CVE-2025-71232)

 net: fix segmentation of forwarding fraglist GRO(CVE-2026-23154)

 crypto: authencesn - reject too-short AAD (assoclenlt;8) to match ESP/ESN spec(CVE-2026-23060)

 l2tp: avoid one data-race in l2tp_tunnel_del_work()(CVE-2026-23120)

 KVM: Don#39;t clobber irqfd routing type when deassigning irqfd(CVE-2026-23198)

 netdevsim: fix a race issue related to the operation on bpf_bound_progs list(CVE-2026-23126)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?5518418d

Plugin Details

Severity: High

ID: 320255

File Name: EulerOS_SA-2026-2293.nasl

Version: 1.1

Type: Local

Published: 6/10/2026

Updated: 6/10/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23112

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.6

Threat Score: 8.6

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-31431

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs-devel, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:perf, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/10/2026

Vulnerability Publication Date: 4/9/2024

CISA Known Exploited Vulnerability Due Dates: 5/15/2026

Reference Information

CVE: CVE-2025-71089, CVE-2025-71202, CVE-2025-71232, CVE-2025-71235, CVE-2025-71236, CVE-2025-71238, CVE-2026-23056, CVE-2026-23060, CVE-2026-23063, CVE-2026-23069, CVE-2026-23071, CVE-2026-23074, CVE-2026-23084, CVE-2026-23086, CVE-2026-23099, CVE-2026-23100, CVE-2026-23101, CVE-2026-23105, CVE-2026-23112, CVE-2026-23119, CVE-2026-23120, CVE-2026-23125, CVE-2026-23126, CVE-2026-23138, CVE-2026-23145, CVE-2026-23154, CVE-2026-23179, CVE-2026-23193, CVE-2026-23198, CVE-2026-23204, CVE-2026-23209, CVE-2026-23212, CVE-2026-23216, CVE-2026-23229, CVE-2026-23237, CVE-2026-23240, CVE-2026-23243, CVE-2026-23247, CVE-2026-23253, CVE-2026-23255, CVE-2026-23261, CVE-2026-23268, CVE-2026-23269, CVE-2026-23271, CVE-2026-23272, CVE-2026-23273, CVE-2026-23274, CVE-2026-23276, CVE-2026-23277, CVE-2026-23290, CVE-2026-23292, CVE-2026-23293, CVE-2026-23300, CVE-2026-23302, CVE-2026-23303, CVE-2026-23304, CVE-2026-23312, CVE-2026-23317, CVE-2026-23340, CVE-2026-23351, CVE-2026-23352, CVE-2026-23365, CVE-2026-23368, CVE-2026-23371, CVE-2026-23374, CVE-2026-23381, CVE-2026-23388, CVE-2026-23389, CVE-2026-23391, CVE-2026-23397, CVE-2026-23398, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411, CVE-2026-23442, CVE-2026-31404, CVE-2026-31431