EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-2695)

high Nessus Plugin ID 326590

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

net: skbuff: propagate shared-frag marker through frag-transfer helpers(CVE-2026-43503)

mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()(CVE-2026-43281)

ptrace: slightly saner #39;get_dumpable()#39; logic(CVE-2026-46333)

crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption(CVE-2026-43033)

usb: ulpi: fix double free in ulpi_register_interface() error path(CVE-2026-31759)

openvswitch: defer tunnel netdev_put to RCU release(CVE-2026-31678)

KVM: x86: Use scratch field in MMIO fragment to hold small write values(CVE-2026-31588)

af_unix: read UNIX_DIAG_VFS data under unix_state_lock(CVE-2026-31673)

mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()(CVE-2026-31586)

ext4: publish jinode after initialization(CVE-2026-31450)

ext4: validate p_idx bounds in ext4_ext_correct_indexes(CVE-2026-31449)

net: fix fanout UAF in packet_release() via NETDEV_UP race(CVE-2026-31504)

netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()(CVE-2026-31674)

RDMA/umad: Reject negative data_len in ib_umad_write(CVE-2026-23243)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?dcd6b99d

Plugin Details

Severity: High

ID: 326590

File Name: EulerOS_SA-2026-2695.nasl

Version: 1.1

Type: Local

Published: 7/14/2026

Updated: 7/14/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

Percentile: 99.76

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-31759

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:huawei:euleros:2.0, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:perf, p-cpe:/a:huawei:euleros:kernel-tools-libs-devel, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/13/2026

Vulnerability Publication Date: 3/12/2026

Reference Information

CVE: CVE-2026-23243, CVE-2026-31449, CVE-2026-31450, CVE-2026-31504, CVE-2026-31586, CVE-2026-31588, CVE-2026-31673, CVE-2026-31674, CVE-2026-31678, CVE-2026-31759, CVE-2026-43033, CVE-2026-43281, CVE-2026-43503, CVE-2026-46333