Detections
Analytics

EulerOS 2.0 SP15 : kernel (EulerOS-SA-2026-2485)

high Nessus Plugin ID 323212

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 crypto: algif_aead - Revert to operating out-of-place(CVE-2026-31431)

 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN(CVE-2026-31525)

 can: bcm: fix locking for bcm_op runtime updates(CVE-2026-23362)

 media: mediatek: vcodec: Use spinlock for context list protection lock(CVE-2025-71140)

 smb: client: Don#39;t log plaintext credentials in cifs_set_cifscreds(CVE-2026-23303)

 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex(CVE-2026-31473)

 regmap: maple: free entry on mas_store_gfp() failure(CVE-2026-23260)

 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()(CVE-2026-31426)

 apparmor: replace recursive profile removal with iterative approach(CVE-2026-23404)

 tls: Fix race condition in tls_sw_cancel_work_tx()(CVE-2026-23240)

 macvlan: observe an RCU grace period in macvlan_common_newlink() error path(CVE-2026-23273)

 i40e: Fix preempt count leak in napi poll tracepoint(CVE-2026-23313)

 PM: runtime: Fix a race condition related to device removal(CVE-2026-23452)

 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled(CVE-2026-23381)

 p data-testid='vuln-description'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority./pbr/(CVE-2026-23473)

 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock(CVE-2026-23368)

 net: add proper RCU protection to /proc/net/ptype(CVE-2026-23255)

 ice: Fix memory leak in ice_set_ringparam()(CVE-2026-23389)

 ipv6: add NULL checks for idev in SRv6 paths(CVE-2026-23442)

 tracing: Fix potential deadlock in cpu hotplug with osnoise(CVE-2026-31480)

 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz(CVE-2026-23377)

 tls: Purge async_hold in tls_decrypt_async_wait()(CVE-2026-23414)

 icmp: fix NULL pointer dereference in icmp_tag_validation()(CVE-2026-23398)

 apparmor: fix memory leak in verify_header(CVE-2026-23403)

 x86/efi: defer freeing of boot services memory(CVE-2026-23352)

 netfilter: nf_tables: always walk all pending catchall elements(CVE-2026-23278)

 nvme: fix admin queue leak on controller reset(CVE-2026-23360)

 media: dvb-net: fix OOB access in ULE extension header tables(CVE-2026-31405)

 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels(CVE-2026-23274)

 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled(CVE-2026-23293)

 media: dvb-core: fix wrong reinitialization of ringbuffer on reopen(CVE-2026-23253)

 nvme-fc: release admin tagset if init fails(CVE-2026-23261)

 tcp: secure_seq: add back ports to TS offset(CVE-2026-23247)

 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE(CVE-2026-23401)

 netfilter: bpf: defer hook memory release until rcu readers are done(CVE-2026-23412)

 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()(CVE-2026-23407)

 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()(CVE-2026-23304)

 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref(CVE-2026-23145)

 net: gro: fix outer network offset(CVE-2026-23254)

 netfilter: nf_tables: release flowtable after rcu grace period on error(CVE-2026-23392)

 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race(CVE-2026-23271)

 sunrpc: fix cache_request leak in cache_release(CVE-2026-31400)

 RDMA/umad: Reject negative data_len in ib_umad_write(CVE-2026-23243)

 af_unix: Give up GC if MSG_PEEK intervened.(CVE-2026-23394)

 clsact: Fix use-after-free in init/destroy rollback asymmetry(CVE-2026-23413)

 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop(CVE-2026-23300)

 apparmor: fix unprivileged local user can do privileged policy management(CVE-2026-23268)

 blktrace: fix __this_cpu_read/write in preemptible context(CVE-2026-23374)

 arm64: io: Extract user memory type in ioremap_prot()(CVE-2026-23346)

 xdp: produce a warning when calculated tailroom is negative(CVE-2026-23343)

 mm: thp: deny THP for files on anonymous inodes(CVE-2026-23375)

 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions(CVE-2026-23317)

 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase(CVE-2026-23351)

 Squashfs: check metadata block offset is within range(CVE-2026-23388)

 net: add xmit recursion limit to tunnel xmit functions(CVE-2026-23276)

 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs(CVE-2026-23340)

 scsi: target: Fix recursive locking in __configfs_open_file()(CVE-2026-23292)

 netfilter: nf_tables: unconditionally bump set-gt;nelems before insertion(CVE-2026-23272)

 apparmor: fix differential encoding verification(CVE-2026-23409)

 dmaengine: idxd: Fix leaking event log memory(CVE-2026-31440)

 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded(CVE-2026-23310)

 apparmor: fix: limit the number of levels of policy namespaces(CVE-2026-23405)

 net: annotate data-races around sk-gt;sk_{data_ready,write_space}(CVE-2026-23302)

 nfnetlink_osf: validate individual option lengths in fingerprints(CVE-2026-23397)

 erofs: add GFP_NOIO in the bio completion if needed(CVE-2026-31467)

 nvme: fix memory allocation in nvme_pr_read_keys()(CVE-2026-23244)

 arm64: Set __nocfi on swsusp_arch_resume()(CVE-2026-23128)

 nf_tables: nft_dynset: fix possible stateful expression memleak in error path(CVE-2026-23399)

 apparmor: fix side-effect bug in match_char() macro usage(CVE-2026-23406)

 NFSD: Defer sub-object cleanup in export put callbacks(CVE-2026-31404)

 audit: add fchmodat2() to change attributes class(CVE-2025-71239)

 netfilter: xt_CT: drop pending enqueued packets on template removal(CVE-2026-23391)

 bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim(CVE-2026-23319)

 apparmor: validate DFA start states are in bounds in unpack_pdb(CVE-2026-23269)

 bpf: Fix stack-out-of-bounds write in devmap(CVE-2026-23359)

 spi: fix use-after-free on controller registration failure(CVE-2026-31389)

 apparmor: Fix double free of ns_name in aa_replace_profiles()(CVE-2026-23408)

 spi: fix statistics allocation(CVE-2026-23475)

 smb: client: fix krb5 mount with username option(CVE-2026-31392)

 NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd(CVE-2026-31403)

 apparmor: fix race between freeing data and fs accessing it(CVE-2026-23411)

 apparmor: fix race on rawdata dereference(CVE-2026-23410)

 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting(CVE-2026-23371)

 dmaengine: idxd: Fix memory leak when a wq is reset(CVE-2026-31441)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?d498efd4

Plugin Details

Severity: High

ID: 323212

File Name: EulerOS_SA-2026-2485.nasl

Version: 1.1

Type: Local

Published: 6/27/2026

Updated: 6/27/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23413

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.6

Threat Score: 8.6

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-31431

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:perf-lite, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools-libs-devel, p-cpe:/a:huawei:euleros:perf, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, p-cpe:/a:huawei:euleros:kernel, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/26/2026

Vulnerability Publication Date: 4/9/2024

CISA Known Exploited Vulnerability Due Dates: 5/15/2026

Reference Information

CVE: CVE-2025-71140, CVE-2025-71239, CVE-2026-23128, CVE-2026-23145, CVE-2026-23240, CVE-2026-23243, CVE-2026-23244, CVE-2026-23247, CVE-2026-23253, CVE-2026-23254, CVE-2026-23255, CVE-2026-23260, CVE-2026-23261, CVE-2026-23268, CVE-2026-23269, CVE-2026-23271, CVE-2026-23272, CVE-2026-23273, CVE-2026-23274, CVE-2026-23276, CVE-2026-23278, CVE-2026-23292, CVE-2026-23293, CVE-2026-23300, CVE-2026-23302, CVE-2026-23303, CVE-2026-23304, CVE-2026-23310, CVE-2026-23313, CVE-2026-23317, CVE-2026-23319, CVE-2026-23340, CVE-2026-23343, CVE-2026-23346, CVE-2026-23351, CVE-2026-23352, CVE-2026-23359, CVE-2026-23360, CVE-2026-23362, CVE-2026-23368, CVE-2026-23371, CVE-2026-23374, CVE-2026-23375, CVE-2026-23377, CVE-2026-23381, CVE-2026-23388, CVE-2026-23389, CVE-2026-23391, CVE-2026-23392, CVE-2026-23394, CVE-2026-23397, CVE-2026-23398, CVE-2026-23399, CVE-2026-23401, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411, CVE-2026-23412, CVE-2026-23413, CVE-2026-23414, CVE-2026-23442, CVE-2026-23452, CVE-2026-23475, CVE-2026-31389, CVE-2026-31392, CVE-2026-31400, CVE-2026-31403, CVE-2026-31404, CVE-2026-31405, CVE-2026-31426, CVE-2026-31431, CVE-2026-31440, CVE-2026-31441, CVE-2026-31467, CVE-2026-31473, CVE-2026-31480, CVE-2026-31525