In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2189-1 advisory.

    The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
    - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
    - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763).
    - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664).
    - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678).
    - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
    - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
    - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
    - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
    - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
    - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494).
    - CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
    - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
    - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
    - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init     in net/sctp/socket.c (bsc#1218917).
    - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
    - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel (bsc#1220394).
    - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak     upon a kmalloc failure (bsc#1184509).
    - CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
    - CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration (bsc#1220416).
    - CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression (bsc#1220418).
    - CVE-2021-46909: Fixed PCI interrupt mapping in ARM footbridge (bsc#1220442).
    - CVE-2021-46938: Fixed double free of blk_mq_tag_set in dev remove after table load fails (bsc#1220554).
    - CVE-2021-46939: Fixed possible hung in trace_clock_global() (bsc#1220580).
    - CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 (bsc#1220628).
    - CVE-2021-46950: Fixed possible data corruption in md/raid1 when ending a failed write request     (bsc#1220662).
    - CVE-2021-46958: Fixed race between transaction aborts and fsyncs that could lead to use-after-free in     btrfs (bsc#1220521).
    - CVE-2021-46960: Fixed wrong error code from smb2_get_enc_key() (bsc#1220528).
    - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand()  (bsc#1220536).
    - CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx (bsc#1220538).
    - CVE-2021-46966: Fixed potential use-after-free issue in cm_write() (bsc#1220572).
    - CVE-2021-46981: Fixed NULL pointer in flush_workqueue (bsc#1220611).
    - CVE-2021-46988: Fixed possible crash in userfaultfd due to unreleased page (bsc#1220706).
    - CVE-2021-46990: Fixed crashes when toggling entry flush barrier in powerpc/64s (bsc#1220743).
    - CVE-2021-46998: Fixed a use after free bug in enic_hard_start_xmit() (bsc#1220625).
    - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
    - CVE-2021-47015: Fixed RX consumer index logic in the error path in bnxt_en (bsc#1220794).
    - CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket (bsc#1220637).
    - CVE-2021-47034: Fixed resolved pte update for kernel memory on radix in powerpc/64s (bsc#1220687).
    - CVE-2021-47045: Fixed null pointer dereference in lpfc_prep_els_iocb() (bsc#1220640).
    - CVE-2021-47049: Fixed Use after free in __vmbus_open() (bsc#1220692).
    - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
    - CVE-2021-47056: Fixed uninitialized lock in adf_vf2pf_shutdown() (bsc#1220769).
    - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed     (bsc#1220742).
    - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing     SRCU (bsc#1220745).
    - CVE-2021-47063: Fixed possible use-after-free in panel_bridge_detach() (bsc#1220777).
    - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
    - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
    - CVE-2021-47071: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220846).
    - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
    - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
    - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
    - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
    - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221532).
    - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221541).
    - CVE-2021-47114: Fixed data corruption by fallocate in ocfs2 (bsc#1221548).
    - CVE-2021-47117: Fixed bug on in ext4_es_cache_extent() as ext4_split_extent_at() failed (bsc#1221575).
    - CVE-2021-47118: Fixed possible use-after-free when initializing `cad_pid` (bsc#1221605).
    - CVE-2021-47119: Fixed memory leak in ext4_fill_super() (bsc#1221608).
    - CVE-2021-47138: Fixed possible out-of-bound memory access in cxgb4 when clearing filters (bsc#1221934).
    - CVE-2021-47141: Fixed possible NULL pointer dereference when freeing irqs (bsc#1221949).
    - CVE-2021-47142: Fixed a use-after-free in drm/amdgpu (bsc#1221952).
    - CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add() (bsc#1221988).
    - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
    - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
    - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
    - CVE-2021-47166: Fixed possible corruptionb in nfs_do_recoalesce() (bsc#1221998).
    - CVE-2021-47167: Fixed an Oopsable condition in __nfs_pageio_add_request() (bsc#1221991).
    - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() (bsc#1222002).
    - CVE-2021-47169: Fixed possible NULL pointer dereference in serial/rp2 (bsc#1222000).
    - CVE-2021-47171: Fixed memory leak in smsc75xx_bind() (bsc#1221994).
    - CVE-2021-47173: Fixed memory leak in uss720_probe() (bsc#1221993).
    - CVE-2021-47177: Fixed sysfs leak in alloc_iommu() (bsc#1221997).
    - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (bsc#1222001).
    - CVE-2021-47180: Fixed memory leak in nci_allocate_device() (bsc#1221999).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
    - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in     drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
    - CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c (bsc#1218220).
    - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
    - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system     (bsc#1209657).
    - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
    - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
    - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
    - CVE-2023-52469: Fixed use-after-free in kv_parse_power_table() (bsc#1220411).
    - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#122041).
    - CVE-2023-52474: Fixed bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests in hfi1 (bsc#1220445).
    - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
    - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
    - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
    - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
    - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
    - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
    - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
    - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
    - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
    - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
    - CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
    - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
    - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie (bsc#1222300).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
    - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
    - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
    - CVE-2023-7042: Fixed a NULL pointer dereference vulnerability in     ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
    - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in     net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-22099: Fixed NULL Pointer Dereference vulnerability in /net/bluetooth/rfcomm/core.c     (bsc#1219170).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-24855: Fixed a null pointer dereference due to race condition in scsi device driver in     lpfc_unregister_fcf_rescan() function (bsc#1219618).
    - CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000     xc4000_get_frequency() function (bsc#1219623).
    - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
    - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
    - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
    - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp  (bsc#1222632).
    - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt     (bsc#1222720).
    - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma  (bsc#1222610)
    - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp  (bsc#1222428).
    - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink  (bsc#1222630).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe     function in spi spi-fsl-dspi (bsc#1221966).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624).
    - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
    - CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
    - CVE-2024-26993: Fixed a reference leak in sysfs_break_active_protection() (bsc#1223693)
    - CVE-2023-52650: Added missing check for of_find_device_by_node() (bsc#1223770)
    - CVE-2024-26948: Added a dc_state NULL check in dc_state_release (bsc#1223664)
    - CVE-2024-27013: Limited printing rate when illegal packet received by tun  dev (bsc#1223745).
    - CVE-2024-27014: Prevented deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27046: Handled acti_netdevs allocation failure (bsc#1223827).
    - CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append (bsc#1221977).
    - CVE-2024-27072: Removed useless locks in usbtv_video_free() (bsc#1223837).
    - CVE-2024-27075: Avoided stack overflow warnings with clang (bsc#1223842).
    - CVE-2024-27073: Fixed a memory leak in budget_av_attach() (bsc#1223843).
    - CVE-2024-27074: Fixed a memory leak in go7007_load_encoder() (bsc#1223844).
    - CVE-2024-27078: Fixed a memory leak in tpg_alloc() (bsc#1223781).
    - CVE-2023-52652: Fixed a possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2024-23848: Fixed a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c     and drivers/media/cec/core/cec-api.c (bsc#1219104).
    - CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x (bsc#1223049).
    - CVE-2024-26817: Used calloc instead of kzalloc to avoid integer overflow (bsc#1222812)
    - CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo() (bsc#1221972).
    - CVE-2023-52620: Disallowed timeout for anonymous sets in nf_tables (bsc#1221825).
    - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26878: Fixed potential NULL pointer dereference, related to dquots (bsc#1223060).
    - CVE-2024-26901: Used kzalloc() to fix information leak in do_sys_name_to_handle() (bsc#1223198).
    - CVE-2024-26671: Fixed an IO hang from sbitmap wakeup race in blk_mq_mark_tag_wait() (bsc#1222357).
    - CVE-2024-26772: Avoided allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
    - CVE-2023-52614: Fixed a buffer overflow in trans_stat_show() (bsc#1221617).
    - CVE-2024-26855: Fixed a potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26857: Made sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26675: Limited MRU to 64K in ppp_async_ioctl() (bsc#1222379).
    - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
    - CVE-2023-52488: Converted from _raw_ to _noinc_ regmap functions for FIFO in sc16is7xx (bsc#1221162).
    - CVE-2024-26922: Validated the parameters of bo mapping operations more clearly (bsc#1223315).
    - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
    - CVE-2023-52635: Synchronized devfreq_monitor_[start/stop] for devfreq (bsc#1222294).
    - CVE-2024-26883: Checked for integer overflow when using roundup_pow_of_two()  (bsc#1223035).
    - CVE-2024-26884: Fixed a bpf hashtab overflow check on 32-bit architectures (bsc#1223189).
    - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
    - CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 (bsc#1222961).
    - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
    - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
    - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
    - CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
    - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
    - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
    - CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
    - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
    - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
    - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
    - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
    - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
    - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
    - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
    - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
    - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
    - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
    - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
    - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
    - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
    - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
    - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
    - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list     (bsc#1223660).
    - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
    - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
    - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
    - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
    - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
    - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path     (bsc#1223196).
    - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
    - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
    - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
    - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
    - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
    - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
    - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
    - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
    - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
    - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter     (bsc#1223076).
    - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
    - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
    - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
    - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
    - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
    - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
    - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them     (bsc#1222624).
    - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
    - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink  (bsc#1222630).
    - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp  (bsc#1222428).
    - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()     (bsc#1222613).
    - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma  (bsc#1222610)
    - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
    - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
    - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt     (bsc#1222720).
    - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp  (bsc#1222632).
    - CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt     (bsc#1222449).
    - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
    - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel     (bsc#1222557).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
    - CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
    - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
    - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
    - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
    - CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
    - CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
    - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
    - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
    - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
    - CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
    - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
    - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
    - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
    - CVE-2024-23850: Fixed double free of anonymous device after snapshot  creation failure (bsc#1219126).
    - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
    - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs     (HugeTLB pages) functionality (bsc#1219264).
    - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init     in net/sctp/socket.c (bsc#1218917).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
    - CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
    - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
    - CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
    - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from     userspace (bsc#1221825).
    - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
    - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
    - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
    - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in     amdgpu_ras_query_error_status_helper() (bsc#1221080).
    - CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
    - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
    - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO     (bsc#1221162).
    - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
    - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
    - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context     (bsc#1223496).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
    - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id     (bsc#1223499).
    - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0     (bsc#1223475).
    - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte()     (bsc#1222710).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
    - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and     drm_gem_ttm_mmap() (bsc#1222838).
    - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory.

    The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel (bsc#1220394).
    - CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration (bsc#1220416).
    - CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression (bsc#1220418).
    - CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
    - CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq     (bsc#1220554).
    - CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
    - CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 (bsc#1220628).
    - CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
    - CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs     (bsc#1220521).
    - CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
    - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand()  (bsc#1220536).
    - CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx (bsc#1220538).
    - CVE-2021-46966: Fixed potential use-after-free issue in cm_write() (bsc#1220572).
    - CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
    - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
    - CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s     (bsc#1220743).
    - CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
    - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
    - CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en     (bsc#1220794).
    - CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket (bsc#1220637).
    - CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
    - CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
    - CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
    - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
    - CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
    - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed     (bsc#1220742).
    - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing     SRCU (bsc#1220745).
    - CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
    - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
    - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
    - CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic     (bsc#1220846).
    - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
    - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
    - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
    - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
    - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221532).
    - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221541).
    - CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
    - CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4     (bsc#1221575).
    - CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
    - CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
    - CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
    - CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve     (bsc#1221949).
    - CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
    - CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add() (bsc#1221988).
    - CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo() (bsc#1221972).
    - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
    - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
    - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe     function in spi spi-fsl-dspi (bsc#1221966).
    - CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append (bsc#1221977).
    - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
    - CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
    - CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
    - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
    - CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
    - CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
    - CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
    - CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
    - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4     (bsc#1222001).
    - CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).
    - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions in thermal (bsc#1222878)
    - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
    - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
    - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
    - CVE-2022-0487: Fixed use-after-free in moxart_remove in moxart-mmc (bsc#1194516).
    - CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c (bsc#1218220).
    - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
    - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system     (bsc#1209657).
    - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
    - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
    - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
    - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests     (bsc#1220445).
    - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
    - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
    - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
    - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO     (bsc#1221162).
    - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
    - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
    - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
    - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
    - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
    - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
    - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
    - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
    - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
    - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
    - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from     userspace (bsc#1221825).
    - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
    - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
    - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
    - CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 (bsc#1222961).
    - CVE-2023-52650: Added missing check for of_find_device_by_node() (bsc#1223770)
    - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
    - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
    - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
    - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()     (bsc#1218336).
    - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in     net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
    - CVE-2024-24855: Fixed a null pointer dereference due to race condition in scsi device driver in     lpfc_unregister_fcf_rescan() function (bsc#1219618).
    - CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000     xc4000_get_frequency() function (bsc#1219623).
    - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
    - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
    - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
    - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
    - CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
    - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp  (bsc#1222632).
    - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt     (bsc#1222720).
    - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma  (bsc#1222610)
    - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()     (bsc#1222613).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
    - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
    - CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
    - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp  (bsc#1222428).
    - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink  (bsc#1222630).
    - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them     (bsc#1222624).
    - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
    - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x (bsc#1223049).
    - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
    - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
    - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
    - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
    - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
    - CVE-2024-26922: Validated the parameters of bo mapping operations more clearly (bsc#1223315).
    - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
    - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
    - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
    - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
    - CVE-2024-27072: Removed useless locks in usbtv_video_free() (bsc#1223837).
    - CVE-2024-27073: Fixed a memory leak in budget_av_attach() (bsc#1223843).
    - CVE-2024-27074: Fixed a memory leak in go7007_load_encoder() (bsc#1223844).
    - CVE-2024-27075: Avoided stack overflow warnings with clang (bsc#1223842).
    - CVE-2024-27078: Fixed a memory leak in tpg_alloc() (bsc#1223781).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory.

    The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
    - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
    - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
    - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-27042: Fixed drm/amdgpu for potential out-of-bounds access in amdgpu_discovery_reg_base_init()     (bsc#1223823).
    - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
    - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
    - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
    - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
    - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
    - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
    - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
    - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
    - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
    - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
    - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
    - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
    - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list     (bsc#1223660).
    - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
    - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
    - CVE-2024-26939: Fixed drm/i915/vma UAF on destroy against retire race (bsc#1223679).
    - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
    - CVE-2024-26915: Fixed drm/amdgpu reset IH OVERFLOW_CLEAR bit (bsc#1223207).
    - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
    - CVE-2024-26898: Fixed aoe potential use-after-free problem in aoecmd_cfg_pkts (bsc#1223016).
    - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
    - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path     (bsc#1223196).
    - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
    - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
    - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
    - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
    - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
    - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
    - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
    - CVE-2024-26876: Fixed drm/bridge/adv7511 crash on irq during probe (bsc#1223119).
    - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
    - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
    - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter     (bsc#1223076).
    - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
    - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
    - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
    - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
    - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
    - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them     (bsc#1222624).
    - CVE-2024-26791: Fixed btrfs/dev-replace properly validate device names (bsc#1222793).
    - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()     (bsc#1222613).
    - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
    - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26700: Fixed drm/amd/display MST Null pointer dereference  for RV (bsc#1222870).
    - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
    - CVE-2024-26679: Fixed inet read sk->sk_family once in inet_recv_error() (bsc#1222385).
    - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
    - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
    - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
    - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
    - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
    - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
    - CVE-2024-23850: Fixed double free of anonymous device after snapshot  creation failure (bsc#1219126).
    - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs     (HugeTLB pages) functionality (bsc#1219264).
    - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init     in net/sctp/socket.c (bsc#1218917).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
    - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
    - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from     userspace (bsc#1221825).
    - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
    - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
    - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
    - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in     amdgpu_ras_query_error_status_helper() (bsc#1221080).
    - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
    - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
    - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context     (bsc#1223496).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
    - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id     (bsc#1223499).
    - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0     (bsc#1223475).
    - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte()     (bsc#1222710).
    - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
    - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
    - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
    - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and     drm_gem_ttm_mmap() (bsc#1222838).
    - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory.

    The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel (bsc#1220394).
    - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak     upon a kmalloc failure (bsc#1184509).
    - CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
    - CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration (bsc#1220416).
    - CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression (bsc#1220418).
    - CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
    - CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq     (bsc#1220554).
    - CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
    - CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 (bsc#1220628).
    - CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
    - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets     (bsc#1220513).
    - CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs     (bsc#1220521).
    - CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
    - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand()  (bsc#1220536).
    - CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx (bsc#1220538).
    - CVE-2021-46966: Fixed potential use-after-free issue in cm_write() (bsc#1220572).
    - CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
    - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
    - CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s     (bsc#1220743).
    - CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
    - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
    - CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en     (bsc#1220794).
    - CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket (bsc#1220637).
    - CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
    - CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
    - CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
    - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
    - CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
    - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed     (bsc#1220742).
    - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing     SRCU (bsc#1220745).
    - CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
    - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
    - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
    - CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic     (bsc#1220846).
    - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
    - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
    - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
    - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
    - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221532).
    - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221541).
    - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
    - CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
    - CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4     (bsc#1221575).
    - CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
    - CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
    - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
    - CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
    - CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve     (bsc#1221949).
    - CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
    - CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add() (bsc#1221988).
    - CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo() (bsc#1221972).
    - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
    - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
    - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe     function in spi spi-fsl-dspi (bsc#1221966).
    - CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append (bsc#1221977).
    - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
    - CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
    - CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
    - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
    - CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
    - CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
    - CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
    - CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
    - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4     (bsc#1222001).
    - CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).
    - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions in thermal (bsc#1222878)
    - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
    - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
    - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
    - CVE-2022-0487: Fixed an use-after-free vulnerability in rtsx_usb_ms_drv_remove() in     drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
    - CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c (bsc#1218220).
    - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2022-48672: Fixed off-by-one error in unflatten_dt_nodes() (bsc#1223931).
    - CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
    - CVE-2022-48702: Fixed out of bounds access in  snd_emu10k1_pcm_channel_alloc() (bsc#1223923).
    - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system     (bsc#1209657).
    - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
    - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
    - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential     information disclosure or a denial of service (bsc#1215221).
    - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
    - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
    - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
    - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests     (bsc#1220445).
    - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
    - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
    - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
    - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO     (bsc#1221162).
    - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
    - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
    - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
    - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
    - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
    - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
    - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
    - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
    - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
    - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
    - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from     userspace (bsc#1221825).
    - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
    - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
    - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
    - CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 (bsc#1222961).
    - CVE-2023-52650: Added missing check for of_find_device_by_node() (bsc#1223770)
    - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
    - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
    - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
    - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()     (bsc#1218336).
    - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in     net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
    - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init     in net/sctp/socket.c (bsc#1218917).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
    - CVE-2024-24855: Fixed race condition in lpfc_unregister_fcf_rescan() that could lead to a kernel panic     or denial of service issue (bsc#1219618).
    - CVE-2024-24861: Fixed race condition in xc4000_get_frequency() that could lead to malfunction or denial     of service issue (bsc#1219623).
    - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
    - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
    - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
    - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2024-26704: fixed double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
    - CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
    - CVE-2024-26754: Fixed ab use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
    - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt     (bsc#1222720).
    - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
    - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()     (bsc#1222613).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
    - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
    - CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
    - CVE-2024-26791: Properly validated device names in btrfs dev-replace (bsc#1222793)
    - CVE-2024-26793: fixed use-after-free and null-ptr-deref in gtp_newlink() (bsc#1222428).
    - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
    - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them     (bsc#1222624).
    - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
    - CVE-2024-26839: Fixed a memory leak in init_credit_return() (bsc#1222975)
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x (bsc#1223049).
    - CVE-2024-26876: Fixed crash on irq during probe, related to adv7511_probe() (bsc#1223119).
    - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
    - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
    - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
    - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
    - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
    - CVE-2024-26922: Validated the parameters of bo mapping operations more clearly (bsc#1223315).
    - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
    - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
    - CVE-2024-27008: Fixed out of bounds access in nv04 (CVE-2024-27008 bsc#1223802).
    - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
    - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
    - CVE-2024-27072: Removed useless locks in usbtv_video_free() (bsc#1223837).
    - CVE-2024-27073: Fixed a memory leak in budget_av_attach() (bsc#1223843).
    - CVE-2024-27074: Fixed a memory leak in go7007_load_encoder() (bsc#1223844).
    - CVE-2024-27075: Avoided stack overflow warnings with clang (bsc#1223842).
    - CVE-2024-27078: Fixed a memory leak in tpg_alloc() (bsc#1223781).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory.

  - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to     elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local     user with the CAP_NET_RAW capability. (CVE-2021-23134)

  - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the     ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map.
    ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL     to vp_map and kfree take care of NULL. (CVE-2024-26930)

  - In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory     accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in     netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI     for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk()     patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. (CVE-2019-25160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1642-1 advisory.

    The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
    - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
    - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets     (bsc#1220513).
    - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
    - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init     in net/sctp/socket.c (bsc#1218917).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0     (bsc#1223475).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
    - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them     (bsc#1222624).
    - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
    - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt     (bsc#1222449).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the linux package has been released.

ID	Name	Product	Family	Severity
205827	EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2024-2120)	Nessus	Huawei Local Security Checks	high
202422	EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1911)	Nessus	Huawei Local Security Checks	high
201035	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2189-1)	Nessus	SuSE Local Security Checks	critical
198237	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)	Nessus	SuSE Local Security Checks	high
197174	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)	Nessus	SuSE Local Security Checks	high
197057	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)	Nessus	SuSE Local Security Checks	high
197056	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)	Nessus	SuSE Local Security Checks	high
197055	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)	Nessus	SuSE Local Security Checks	high
197048	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)	Nessus	SuSE Local Security Checks	high
197045	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1642-1)	Nessus	SuSE Local Security Checks	high
151965	Photon OS 4.0: Linux PHSA-2021-4.0-0065	Nessus	PhotonOS Local Security Checks	critical

Detections

Analytics

CVE-2022-48701

low

Tenable Plugins

high

high

critical

high

high

high

high

high

high

high

critical