#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(241826);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/10");
script_cve_id(
"CVE-2022-49086",
"CVE-2022-49350",
"CVE-2022-49374",
"CVE-2022-49429",
"CVE-2022-49571",
"CVE-2022-49572",
"CVE-2022-49573",
"CVE-2022-49574",
"CVE-2022-49586",
"CVE-2022-49587",
"CVE-2022-49589",
"CVE-2022-49590",
"CVE-2022-49593",
"CVE-2022-49595",
"CVE-2022-49598",
"CVE-2022-49601",
"CVE-2022-49602",
"CVE-2022-49604",
"CVE-2022-49638",
"CVE-2022-49657",
"CVE-2022-49691",
"CVE-2022-49720",
"CVE-2022-49753",
"CVE-2022-49821",
"CVE-2022-49870",
"CVE-2022-49915",
"CVE-2023-52935",
"CVE-2023-52973",
"CVE-2023-52997",
"CVE-2023-53005",
"CVE-2023-53007",
"CVE-2023-53019",
"CVE-2023-53024",
"CVE-2023-53032",
"CVE-2023-53133",
"CVE-2025-21772",
"CVE-2025-21891",
"CVE-2025-21993",
"CVE-2025-21999",
"CVE-2025-22055",
"CVE-2025-22058",
"CVE-2025-22125",
"CVE-2025-37752",
"CVE-2025-37785",
"CVE-2025-37839"
);
script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2025-1800)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
usbnet: fix memory leak in error case(CVE-2022-49657)
block: Fix handling of offline queues in blk_mq_alloc_request_hctx().(CVE-2022-49720)
partitions: mac: fix handling of bogus partition table(CVE-2025-21772)
icmp: Fix data-races around sysctl.(CVE-2022-49638)
erspan: do not assume transport header is always set(CVE-2022-49691)
net: mdio: unexport __init-annotated mdio_bus_init().(CVE-2022-49350)
tipc: check attribute length for bearer name(CVE-2022-49374)
RDMA/hfi1: Prevent panic when SDMA is disabled(CVE-2022-49429)
tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.(CVE-2022-49601)
ip: Fix data-races around sysctl_ip_fwd_use_pmtu.(CVE-2022-49604)
ip: Fix a data-race around sysctl_fwmark_reflect.(CVE-2022-49602)
igmp: Fix data-races around sysctl_igmp_llm_reports.(CVE-2022-49590)
tcp: Fix a data-race around sysctl_tcp_probe_interval.(CVE-2022-49593)
tcp: Fix a data-race around sysctl_tcp_probe_threshold.(CVE-2022-49595)
tcp: Fix data-races around sysctl_tcp_mtu_probing.(CVE-2022-49598)
usbnet: fix memory leak in error case(CVE-2022-49589)
tcp: Fix data-races around sysctl_tcp_fastopen.(CVE-2022-49586)
tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.(CVE-2022-49572)
tcp: Fix a data-race around sysctl_tcp_notsent_lowat.(CVE-2022-49587)
tcp: Fix a data-race around sysctl_tcp_early_retrans.(CVE-2022-49573)
tcp: Fix data-races around sysctl_tcp_recovery.(CVE-2022-49574)
tcp: Fix data-races around sysctl_tcp_max_reordering.(CVE-2022-49571)
net: openvswitch: fix leak of nested actions(CVE-2022-49086)
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation(CVE-2023-53024)
mm/khugepaged: fix -anon_vma race(CVE-2023-52935)
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert().(CVE-2023-52997)
dmaengine: Fix double increment of client_count in dma_chan_get().(CVE-2022-49753)
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF(CVE-2023-52973)
ipvlan: ensure network headers are in skb linear part(CVE-2025-21891)
trace_events_hist: add check for return value of 'create_hist_field'(CVE-2023-53005)
net: mdio: validate parameter addr in mdiobus_get_phy().(CVE-2023-53019)
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.(CVE-2023-53032)
proc: fix UAF in proc_get_inode().(CVE-2025-21999)
ext4: fix OOB read when checking dotdot dir(CVE-2025-37785)
md/raid1,raid10: don't ignore IO flags(CVE-2025-22125)
net: fix geneve_opt length integer overflow(CVE-2025-22055)
udp: Fix memory accounting leak.(CVE-2025-22058)
mISDN: fix possible memory leak in mISDN_register_device().(CVE-2022-49915)
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK(CVE-2022-49870)
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser().(CVE-2023-53133)
mISDN: fix possible memory leak in mISDN_dsp_element_register().(CVE-2022-49821)
jbd2: remove wrong sb-s_sequence check(CVE-2025-37839)
net_sched: sch_sfq: move the limit validation(CVE-2025-37752)
tracing: Make sure trace_printk() can output as soon as it can be used(CVE-2023-53007)
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic().(CVE-2025-21993)
Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2025-1800
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?34968490");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-49720");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/15");
script_set_attribute(attribute:"patch_publication_date", value:"2025/07/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"kernel-4.18.0-147.5.2.19.h1851.eulerosv2r10",
"kernel-abi-stablelists-4.18.0-147.5.2.19.h1851.eulerosv2r10",
"kernel-tools-4.18.0-147.5.2.19.h1851.eulerosv2r10",
"kernel-tools-libs-4.18.0-147.5.2.19.h1851.eulerosv2r10",
"python3-perf-4.18.0-147.5.2.19.h1851.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation