Detections
Analytics

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2025-1040)

critical Nessus Plugin ID 214154

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation(CVE-2024-36017)

 netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()(CVE-2024-35898)

 ipvlan: Dont Use skb-sk in ipvlan_process_v{4,6}_outbound(CVE-2024-33621)

 net: fix information leakage in /proc/net/ptype(CVE-2022-48757)

 USB: core: Fix hang in usb_kill_urb by adding memory barriers(CVE-2022-48760)

 security/keys: fix slab-out-of-bounds in key_task_permission(CVE-2024-50301)

 ext4: avoid use-after-free in ext4_ext_show_leaf().(CVE-2024-49889)

 HID: core: fix shift-out-of-bounds in hid_report_raw_event(CVE-2022-48978)

 firmware_loader: Block path traversal(CVE-2024-47742)

 netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()(CVE-2024-47685)

 ext4: update orig_path in ext4_find_extent().(CVE-2024-49881)

 bpf: Fix out-of-bounds write in trie_get_next_key().(CVE-2024-50262)

 slip: make slhc_remember() more robust against malicious packets(CVE-2024-50033)

 tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().(CVE-2024-50154)

 ACPI: sysfs: validate return type of _STR method(CVE-2024-49860)

 udf: Fix preallocation discarding at indirect extent boundary(CVE-2022-48946)

 ppp: fix ppp_async_encode() illegal access(CVE-2024-50035)

 ext4: avoid OOB when system.data xattr changes underneath the filesystem(CVE-2024-47701)

 net: do not delay dst_entries_add() in dst_release()(CVE-2024-50036)

 ext4: fix slab-use-after-free in ext4_split_extent_at().(CVE-2024-49884)

 ext4: aovid use-after-free in ext4_ext_insert_extent().(CVE-2024-49883)

 drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes(CVE-2024-41089)

 rds: tcp: Fix use-after-free of net in reqsk_timer_handler().(CVE-2024-26865)

 net: USB: Fix wrong-direction WARNING in plusb.c(CVE-2023-52742)

 fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE(CVE-2024-45025)

 nsh: Restore skb-{protocol,data,mac_header} for outer header in nsh_gso_segment().(CVE-2024-36933)

 In the Linux kernel, the following vulnerability has been resolved:memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane).(CVE-2024-45021)

 udf: Avoid excessive partition lengths(CVE-2024-46777)

 Squashfs: sanity check symbolic link size(CVE-2024-46744)

 PCI: Add missing bridge lock to pci_bus_lock()(CVE-2024-46750)

 driver core: Fix uevent_show() vs driver detach race(CVE-2024-44952)

 scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory(CVE-2024-40901)

 HID: usbhid: free raw_report buffers in usbhid_stop(CVE-2021-47405)

 rtmutex: Drop rt_mutex::wait_lock before scheduling(CVE-2024-46829)

 of/irq: Prevent device address out-of-bounds read in interrupt map walk(CVE-2024-46743)

 scsi: aacraid: Fix double-free on probe failure(CVE-2024-46673)

 RDMA/cma: Fix rdma_resolve_route() memory leak(CVE-2021-47345)

 drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links(CVE-2024-46816)

 ELF: fix kernel.randomize_va_space double read(CVE-2024-46826)

 ext4: fix double brelse() the buffer of the extents path(CVE-2024-49882)

 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error(CVE-2024-49959)

 nbd: fix race between timeout and normal completion(CVE-2024-49855)

 net: phy: fix null-ptr-deref while probe() failed(CVE-2022-49021)

 RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency(CVE-2024-47696)

 posix-clock: Fix missing timespec64 check in pc_clock_settime().(CVE-2024-50195)

 mm: call the security_mmap_file() LSM hook in remap_file_pages().(CVE-2024-47745)

 ceph: remove the incorrect Fw reference check when dirtying pages(CVE-2024-50179)

 tty: n_gsm: Fix use-after-free in gsm_cleanup_mux(CVE-2024-50073)

 mm/swapfile: skip HugeTLB pages for unuse_vma(CVE-2024-50199)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?b43b175f

Plugin Details

Severity: Critical

ID: 214154

File Name: EulerOS_SA-2025-1040.nasl

Version: 1.1

Type: local

Published: 1/14/2025

Updated: 1/14/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS Score Source: CVE-2024-47685

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/14/2025

Vulnerability Publication Date: 2/4/2022

Reference Information

CVE: CVE-2021-47345, CVE-2021-47405, CVE-2022-48757, CVE-2022-48760, CVE-2022-48946, CVE-2022-48978, CVE-2022-49021, CVE-2023-52742, CVE-2024-26865, CVE-2024-33621, CVE-2024-35898, CVE-2024-36017, CVE-2024-36933, CVE-2024-40901, CVE-2024-41089, CVE-2024-44952, CVE-2024-45021, CVE-2024-45025, CVE-2024-46673, CVE-2024-46743, CVE-2024-46744, CVE-2024-46750, CVE-2024-46777, CVE-2024-46816, CVE-2024-46826, CVE-2024-46829, CVE-2024-47685, CVE-2024-47696, CVE-2024-47701, CVE-2024-47742, CVE-2024-47745, CVE-2024-49855, CVE-2024-49860, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49889, CVE-2024-49959, CVE-2024-50033, CVE-2024-50035, CVE-2024-50036, CVE-2024-50073, CVE-2024-50154, CVE-2024-50179, CVE-2024-50195, CVE-2024-50199, CVE-2024-50262, CVE-2024-50301