EULEROS-SA-2026-1891

Summary:

An update for kernel is now available for EulerOS V2.0SP12(x86_64)

EulerOS Security has rated this update as having a security impact of Important.A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.General:

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Security Fix(es):

netfilter: ctnetlink: remove refcounting in expectation dumpers(CVE-2025-39764)

nvme: nvme-fc: Ensure -＞ioerr_work is cancelled in nvme_fc_delete_ctrl()(CVE-2025-40261)

ipv4: ip_gre: make ipgre_header() robust(CVE-2026-23011)

bonding: limit BOND_MODE_8023AD to Ethernet devices(CVE-2026-23099)

iommu: disable SVA when CONFIG_X86 is set(CVE-2025-71089)

mm/hugetlb: fix hugetlb_pmd_shared()(CVE-2026-23100)

uacce: ensure safe queue release with state management(CVE-2026-23063)

scsi: target: Reset t_task_cdb pointer in error case(CVE-2025-68782)

leds: led-class: Only Add LED to leds_list when it is fully ready(CVE-2026-23101)

usb: typec: ucsi: Handle incorrect num_connectors capability(CVE-2025-71108)

net/sched: sch_qfq: do not free existing class in qfq_change_class()(CVE-2026-22999)

SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf(CVE-2025-71120)

perf/x86/amd: Check event before enable to avoid GPF(CVE-2025-68798)

libceph: make decode_pool() more resilient against corrupted osdmaps(CVE-2025-71116)

NFSD: NFSv4 file creation neglects setting ACL(CVE-2025-68803)

x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1(CVE-2026-23005)

nbd: defer config put in recv_work(CVE-2025-68372)

net: hns3: using the num_tqps in the vf driver to apply for resources(CVE-2025-71064)

net: sock: fix...