EULEROS-SA-2026-1629

Summary:

An update for kernel is now available for EulerOS Virtualization release 2.13.0

EulerOS Security has rated this update as having a security impact of Moderate.A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.General:

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Security Fix(es):

scsi: target: Fix WRITE_SAME No Data Buffer crash(CVE-2022-21546)

iommu/arm-smmu-v3-sva: Fix mm use-after-free(CVE-2022-49426)

module: fix [e_shstrndx].sh_size=0 OOB access(CVE-2022-49444)

scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT(CVE-2022-49534)

KVM: Don't null dereference ops-＞destroy(CVE-2022-49568)

net: atlantic: remove aq_nic_deinit() when resume(CVE-2022-49624)

ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()(CVE-2022-49731)

ceph: avoid putting the realm twice when decoding snaps fails(CVE-2022-49770)

dm ioctl: fix misbehavior if list_versions races with module loading(CVE-2022-49771)

x86/fpu: Drop fpregs lock before inheriting FPU permissions(CVE-2022-49783)

cifs: Fix connections leak when tlink setup failed(CVE-2022-49822)

ata: libata-transport: fix error handling in ata_tlink_add()(CVE-2022-49824)

hugetlbfs: don't delete error page from pagecache(CVE-2022-49828)

drm/scheduler: fix fence ref counting(CVE-2022-49829)

riscv: fix reserved memory setup(CVE-2022-49851)

media: mceusb: Use new usb_control_msg_*() routines(CVE-2022-49937)

cifs: fix small mempool leak in SMB2_negotiate()(CVE-2022-49938)

net/sched: fix netdevice reference leaks in attach_default_qdiscs()(CVE-2022-49958)

bpf: Don't redirect packets with invalid pkt_len(CVE-2022-49975)

HID: hidraw: fix...