In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call btrfs_commit_transaction(), and if that returns an error we jump to 'fail' label, where we kfree() the pending snapshot structure. This can result in a later use-after-free of the pending snapshot: 1) We allocated the pending snapshot and added it to the transaction's list of pending snapshots; 2) We call btrfs_commit_transaction(), and it fails either at the first call to btrfs_run_delayed_refs() or btrfs_start_dirty_block_groups(). In both cases, we don't abort the transaction and we release our transaction handle. We jump to the 'fail' label and free the pending snapshot structure. We return with the pending snapshot still in the transaction's list; 3) Another task commits the transaction. This time there's no error at all, and then during the transaction commit it accesses a pointer to the pending snapshot structure that the snapshot creation task has already freed, resulting in a user-after-free. This issue could actually be detected by smatch, which produced the following warning: fs/btrfs/ioctl.c:843 create_snapshot() warn: '&pending_snapshot->list' not removed from list So fix this by not having the snapshot creation ioctl directly add the pending snapshot to the transaction's list. Instead add the pending snapshot to the transaction handle, and then at btrfs_commit_transaction() we add the snapshot to the list only when we can guarantee that any error returned after that point will result in a transaction abort, in which case the ioctl code can safely free the pending snapshot and no one can access it anymore.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3912 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3912-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     October 07, 2024                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux     Version        : 5.10.226-1     CVE ID         : CVE-2021-3669 CVE-2022-48733 CVE-2023-31083 CVE-2023-52889                      CVE-2024-27397 CVE-2024-38577 CVE-2024-41011 CVE-2024-41042                      CVE-2024-41098 CVE-2024-42114 CVE-2024-42228 CVE-2024-42246                      CVE-2024-42259 CVE-2024-42265 CVE-2024-42272 CVE-2024-42276                      CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284                      CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288                      CVE-2024-42289 CVE-2024-42290 CVE-2024-42292 CVE-2024-42295                      CVE-2024-42297 CVE-2024-42301 CVE-2024-42302 CVE-2024-42304                      CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309                      CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313                      CVE-2024-43828 CVE-2024-43829 CVE-2024-43830 CVE-2024-43834                      CVE-2024-43835 CVE-2024-43839 CVE-2024-43841 CVE-2024-43846                      CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856                      CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43867                      CVE-2024-43871 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882                      CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43890                      CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43905                      CVE-2024-43907 CVE-2024-43908 CVE-2024-43914 CVE-2024-44935                      CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948                      CVE-2024-44952 CVE-2024-44954 CVE-2024-44960 CVE-2024-44965                      CVE-2024-44968 CVE-2024-44971 CVE-2024-44974 CVE-2024-44987                      CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44995                      CVE-2024-44998 CVE-2024-44999 CVE-2024-45003 CVE-2024-45006                      CVE-2024-45008 CVE-2024-45016 CVE-2024-45018 CVE-2024-45021                      CVE-2024-45025 CVE-2024-45028 CVE-2024-46673 CVE-2024-46674                      CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679                      CVE-2024-46685 CVE-2024-46689 CVE-2024-46702 CVE-2024-46707                      CVE-2024-46713 CVE-2024-46714 CVE-2024-46719 CVE-2024-46721                      CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725                      CVE-2024-46731 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739                      CVE-2024-46740 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745                      CVE-2024-46747 CVE-2024-46750 CVE-2024-46755 CVE-2024-46756                      CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46763                      CVE-2024-46771 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781                      CVE-2024-46782 CVE-2024-46783 CVE-2024-46791 CVE-2024-46798                      CVE-2024-46800 CVE-2024-46804 CVE-2024-46814 CVE-2024-46815                      CVE-2024-46817 CVE-2024-46818 CVE-2024-46819 CVE-2024-46822                      CVE-2024-46828 CVE-2024-46829 CVE-2024-46840 CVE-2024-46844

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For Debian 11 bullseye, these problems have been fixed in version     5.10.226-1.  This additionally includes many more bug fixes from     stable updates 5.10.224-5.10.226 inclusive.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.10.226-214.879. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-070 advisory.

    2024-10-24: CVE-2024-46828 was added to this advisory.

    2024-10-24: CVE-2024-46840 was added to this advisory.

    2024-10-24: CVE-2024-46822 was added to this advisory.

    2024-10-24: CVE-2024-46829 was added to this advisory.

    2024-10-24: CVE-2024-46819 was added to this advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix use-after-free after failure to create a snapshot (CVE-2022-48733)

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494)

    In the Linux kernel, the following vulnerability has been resolved:

    mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)

    In the Linux kernel, the following vulnerability has been resolved:

    perf/aux: Fix AUX buffer serialization (CVE-2024-46713)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (CVE-2024-46714)

    In the Linux kernel, the following vulnerability has been resolved:

    usb: typec: ucsi: Fix null pointer dereference in trace (CVE-2024-46719)

    In the Linux kernel, the following vulnerability has been resolved:

    apparmor: fix possible NULL pointer dereference (CVE-2024-46721)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (CVE-2024-46724)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: Fix out-of-bounds write warning (CVE-2024-46725)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amd/pm: fix the Out-of-bounds read warning (CVE-2024-46731)

    In the Linux kernel, the following vulnerability has been resolved:

    nvmet-tcp: fix kernel crash if commands allocation fails (CVE-2024-46737)

    In the Linux kernel, the following vulnerability has been resolved:

    VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738)

    In the Linux kernel, the following vulnerability has been resolved:

    uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739)

    In the Linux kernel, the following vulnerability has been resolved:

    of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743)

    In the Linux kernel, the following vulnerability has been resolved:

    Squashfs: sanity check symbolic link size (CVE-2024-46744)

    In the Linux kernel, the following vulnerability has been resolved:

    Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745)

    In the Linux kernel, the following vulnerability has been resolved:

    HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (CVE-2024-46747)

    In the Linux kernel, the following vulnerability has been resolved:

    PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750)

    In the Linux kernel, the following vulnerability has been resolved:

    wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (CVE-2024-46755)

    In the Linux kernel, the following vulnerability has been resolved:

    hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (CVE-2024-46756)

    In the Linux kernel, the following vulnerability has been resolved:

    hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (CVE-2024-46757)

    In the Linux kernel, the following vulnerability has been resolved:

    hwmon: (lm95234) Fix underflows seen when writing limit attributes (CVE-2024-46758)

    In the Linux kernel, the following vulnerability has been resolved:

    hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759)

    In the Linux kernel, the following vulnerability has been resolved:

    can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771)

    In the Linux kernel, the following vulnerability has been resolved:

    udf: Avoid excessive partition lengths (CVE-2024-46777)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781)

    In the Linux kernel, the following vulnerability has been resolved:

    ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783)

    In the Linux kernel, the following vulnerability has been resolved:

    ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798)

    In the Linux kernel, the following vulnerability has been resolved:

    sch/netem: fix use after free in netem_dequeue (CVE-2024-46800)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (CVE-2024-46819)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822)

    In the Linux kernel, the following vulnerability has been resolved:

    sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828)

    In the Linux kernel, the following vulnerability has been resolved:

    rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2561-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have     allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access     (bsc#1171988).
    - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
    - CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
    - CVE-2021-47191: Fix out-of-bound read in resp_readcap16() (bsc#1222866).
    - CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
    - CVE-2021-47267: usb: fix various gadget panics on 10gbps cabling (bsc#1224993).
    - CVE-2021-47270: usb: fix various gadgets null ptr deref on 10gbps cabling (bsc#1224997).
    - CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
    - CVE-2021-47293: net/sched: act_skbmod: Skip non-Ethernet packets (bsc#1224978).
    - CVE-2021-47294: netrom: Decrease sock refcount when sock timers expire (bsc#1224977).
    - CVE-2021-47297: net: fix uninit-value in caif_seqpkt_sendmsg (bsc#1224976).
    - CVE-2021-47309: net: validate lwtstate->data before returning from skb_tunnel_info() (bsc#1224967).
    - CVE-2021-47328: blacklist.conf: bsc#1225047 CVE-2021-47328: breaks kABI Also, does not apply.
    - CVE-2021-47354: drm/sched: Avoid data corruptions (bsc#1225140)
    - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
    - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
    - CVE-2021-47407: KVM: x86: Handle SRCU initialization failure during page track init (bsc#1225306).
    - CVE-2021-47418: net_sched: fix NULL deref in fifo_set_limit() (bsc#1225337).
    - CVE-2021-47434: xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1225232).
    - CVE-2021-47438: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (bsc#1225229)
    - CVE-2021-47445: drm/msm: Fix null pointer dereference on pointer edp (bsc#1225261)
    - CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
    - CVE-2021-47518: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (bsc#1225372).
    - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
    - CVE-2021-47544: tcp: fix page frag corruption on page fault (bsc#1225463).
    - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound     (bsc#1225505).
    - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
    - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
    - CVE-2021-47587: net: systemport: Add global locking for descriptor lifecycle (bsc#1226567).
    - CVE-2021-47602: mac80211: track only QoS data frames for admission control (bsc#1226554).
    - CVE-2021-47609: firmware: arm_scpi: Fix string overflow in SCPI genpd driver (bsc#1226562)
    - CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking (bsc#1226716)
    - CVE-2022-48733: btrfs: fix use-after-free after failure to create a snapshot (bsc#1226718).
    - CVE-2022-48740: selinux: fix double free of cond_list on error paths (bsc#1226699).
    - CVE-2022-48743: net: amd-xgbe: Fix skb data length underflow (bsc#1226705).
    - CVE-2022-48756: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (bsc#1226698)
    - CVE-2022-48759: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (bsc#1226711).
    - CVE-2022-48761: usb: xhci-plat: fix crash when suspend if remote wake enable (bsc#1226701).
    - CVE-2022-48772: media: lgdt3306a: Add a check against null-pointer-def (bsc#1226976).
    - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
    - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve     local privilege escalation (bsc#1215420).
    - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
    - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
    - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
    - CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
    - CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
    - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
    - CVE-2023-52754: media: imon: fix access to invalid resource for the second interface (bsc#1225490).
    - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
    - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
    - CVE-2023-52764: media: gspca: cpia1: shift-out-of-bounds in set_flicker (bsc#1225571).
    - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
    - CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
    - CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
    - CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
    - CVE-2023-52832: wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (bsc#1225577).
    - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
    - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
    - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
    - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
    - CVE-2023-52855: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency     (bsc#1225583).
    - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
    - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
    - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
    - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
    - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
    - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
    - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
    - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
    - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
    - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
    - CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
    - CVE-2024-26894: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (bsc#1223043).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
    - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
    - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
    - CVE-2024-27399: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (bsc#1224177).
    - CVE-2024-27410: Reject iftype change with mesh ID change (bsc#1224432).
    - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
    - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
    - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
    - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
    - CVE-2024-35822: usb: udc: remove warning when queue disabled ep (bsc#1224739).
    - CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
    - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
    - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
    - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
    - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
    - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
    - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
    - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
    - CVE-2024-35922: fbmon: prevent division by zero in fb_videomode_from_videomode() (bsc#1224660)
    - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
    - CVE-2024-35930: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1224651).
    - CVE-2024-35947: dyndbg: fix old BUG_ON in >control parser (bsc#1224647).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
    - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
    - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
    - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
    - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
    - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
    - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
    - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
    - CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
    - CVE-2024-36016: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (bsc#1225642).
    - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
    - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
    - CVE-2024-36952: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up     (bsc#1225898).
    - CVE-2024-36880: Bluetooth: qca: add missing firmware sanity checks (bsc#1225722).
    - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
    - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
    - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
    - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
    - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
    - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
    - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
    - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
    - CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
    - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
    - CVE-2024-36950: firewire: ohci: mask bus reset interrupts between ISR and bottom half (bsc#1225895).
    - CVE-2024-36960: drm/vmwgfx: Fix invalid reads in fence signaled events (bsc#1225872)
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
    - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
    - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
    - CVE-2024-38544: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (bsc#1226597)
    - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
    - CVE-2024-38546: drm: vc4: Fix possible null pointer dereference (bsc#1226593).
    - CVE-2024-38549: drm/mediatek: Add 0 size check to mtk_drm_gem_obj (bsc#1226735)
    - CVE-2024-38552: drm/amd/display: Fix potential index out of bounds in color (bsc#1226767)
    - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
    - CVE-2024-38565: wifi: ar5523: enable proper endpoint verification (bsc#1226747).
    - CVE-2024-38567: wifi: carl9170: add a proper sanity check for endpoints (bsc#1226769).
    - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
    - CVE-2024-38579: crypto: bcm - Fix pointer arithmetic (bsc#1226637).
    - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
    - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
    - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
    - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
    - CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754).
    - CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
    - CVE-2024-38621: media: stk1160: fix bounds checking in stk1160_copy_video() (bsc#1226895).
    - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
    - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
    - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
    - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
    - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
    - CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2381-1 advisory.

    The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
    - CVE-2021-47191: Fix out-of-bound read in resp_readcap16() (bsc#1222866).
    - CVE-2021-47267: usb: fix various gadget panics on 10gbps cabling (bsc#1224993).
    - CVE-2021-47270: usb: fix various gadgets null ptr deref on 10gbps cabling (bsc#1224997).
    - CVE-2021-47293: net/sched: act_skbmod: Skip non-Ethernet packets (bsc#1224978).
    - CVE-2021-47294: netrom: Decrease sock refcount when sock timers expire (bsc#1224977).
    - CVE-2021-47297: net: fix uninit-value in caif_seqpkt_sendmsg (bsc#1224976).
    - CVE-2021-47309: net: validate lwtstate->data before returning from skb_tunnel_info() (bsc#1224967).
    - CVE-2021-47354: drm/sched: Avoid data corruptions (bsc#1225140)
    - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
    - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
    - CVE-2021-47407: KVM: x86: Handle SRCU initialization failure during page track init (bsc#1225306).
    - CVE-2021-47418: net_sched: fix NULL deref in fifo_set_limit() (bsc#1225337).
    - CVE-2021-47434: xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1225232).
    - CVE-2021-47445: drm/msm: Fix null pointer dereference on pointer edp (bsc#1225261)
    - CVE-2021-47518: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (bsc#1225372).
    - CVE-2021-47544: tcp: fix page frag corruption on page fault (bsc#1225463).
    - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
    - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
    - CVE-2021-47587: net: systemport: Add global locking for descriptor lifecycle (bsc#1226567).
    - CVE-2021-47602: mac80211: track only QoS data frames for admission control (bsc#1226554).
    - CVE-2021-47609: firmware: arm_scpi: Fix string overflow in SCPI genpd driver (bsc#1226562)
    - CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking (bsc#1226716)
    - CVE-2022-48733: btrfs: fix use-after-free after failure to create a snapshot (bsc#1226718).
    - CVE-2022-48740: selinux: fix double free of cond_list on error paths (bsc#1226699).
    - CVE-2022-48743: net: amd-xgbe: Fix skb data length underflow (bsc#1226705).
    - CVE-2022-48756: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (bsc#1226698)
    - CVE-2022-48759: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (bsc#1226711).
    - CVE-2022-48761: usb: xhci-plat: fix crash when suspend if remote wake enable (bsc#1226701).
    - CVE-2022-48772: media: lgdt3306a: Add a check against null-pointer-def (bsc#1226976).
    - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
    - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
    - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
    - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52754: media: imon: fix access to invalid resource for the second interface (bsc#1225490).
    - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
    - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
    - CVE-2023-52764: media: gspca: cpia1: shift-out-of-bounds in set_flicker (bsc#1225571).
    - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
    - CVE-2023-52832: wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (bsc#1225577).
    - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
    - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
    - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
    - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
    - CVE-2023-52855: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency     (bsc#1225583).
    - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
    - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
    - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
    - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
    - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
    - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
    - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
    - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
    - CVE-2024-26894: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (bsc#1223043).
    - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
    - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
    - CVE-2024-27399: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (bsc#1224177).
    - CVE-2024-27410: Reject iftype change with mesh ID change (bsc#1224432).
    - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
    - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
    - CVE-2024-35822: usb: udc: remove warning when queue disabled ep (bsc#1224739).
    - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
    - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
    - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
    - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
    - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
    - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
    - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
    - CVE-2024-35922: fbmon: prevent division by zero in fb_videomode_from_videomode() (bsc#1224660)
    - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
    - CVE-2024-35930: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1224651).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
    - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
    - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
    - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
    - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
    - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
    - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
    - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
    - CVE-2024-36016: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (bsc#1225642).
    - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
    - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
    - CVE-2024-36592: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up     (bsc#1225898).
    - CVE-2024-36880: Bluetooth: qca: add missing firmware sanity checks (bsc#1225722).
    - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
    - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
    - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
    - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
    - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
    - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
    - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
    - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
    - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
    - CVE-2024-36950: firewire: ohci: mask bus reset interrupts between ISR and bottom half (bsc#1225895).
    - CVE-2024-36960: drm/vmwgfx: Fix invalid reads in fence signaled events (bsc#1225872)
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
    - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
    - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
    - CVE-2024-38544: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (bsc#1226597)
    - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
    - CVE-2024-38546: drm: vc4: Fix possible null pointer dereference (bsc#1226593).
    - CVE-2024-38549: drm/mediatek: Add 0 size check to mtk_drm_gem_obj (bsc#1226735)
    - CVE-2024-38552: drm/amd/display: Fix potential index out of bounds in color (bsc#1226767)
    - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
    - CVE-2024-38565: wifi: ar5523: enable proper endpoint verification (bsc#1226747).
    - CVE-2024-38567: wifi: carl9170: add a proper sanity check for endpoints (bsc#1226769).
    - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
    - CVE-2024-38579: crypto: bcm - Fix pointer arithmetic (bsc#1226637).
    - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
    - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
    - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
    - CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754).
    - CVE-2024-38621: media: stk1160: fix bounds checking in stk1160_copy_video() (bsc#1226895).
    - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
    - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
    - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
    - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2394-1 advisory.

    The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958.
    - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
    - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
    - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
    - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
    - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
    - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
    - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
    - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
    - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
    - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
    - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
    - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
    - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
    - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
    - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
    - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
    - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
    - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
    - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
    - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
    - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
    - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
    - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
    - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
    - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
    - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
    - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
    - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
    - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume     (bsc#1221282, bsc#1222072).
    - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
    - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
    - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
    - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
    - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
    - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
    - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device     attribute group (bsc#1224712).
    - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
    - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
    - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
    - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
    - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
    - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
    - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
    - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
    - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()     (bsc#1224498).
    - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
    - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
    - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
    - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
    - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
    - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
    - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path     (bsc#1224539).
    - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
    - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
    - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
    - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
    - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'     (bsc#1226841).
    - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
    - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
    - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
    - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
    - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
    - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
    - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
    - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
    - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
    - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
    - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
    - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
    - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
    - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
    - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
    - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
    - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
    - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
    - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
    - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
    - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
    - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
    - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
    - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
    - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
    - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
    - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE     (bsc#1226789).
    - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
    - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
    - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
    - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
    - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
    - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
    - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
    - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
    - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
    - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
    - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
    - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
    - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103.
    - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2372-1 advisory.

    The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958.
    - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
    - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
    - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
    - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
    - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
    - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
    - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
    - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
    - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
    - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
    - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
    - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
    - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
    - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
    - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
    - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
    - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
    - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
    - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
    - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
    - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
    - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
    - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
    - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
    - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
    - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
    - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
    - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
    - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume     (bsc#1221282bsc#1222072).
    - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
    - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (git-fixesbsc#1223641).
    - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
    - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
    - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
    - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device     attribute group (bsc#1224712).
    - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
    - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
    - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
    - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
    - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
    - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
    - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
    - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
    - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()     (bsc#1224498).
    - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
    - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
    - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
    - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
    - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
    - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path     (bsc#1224539).
    - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
    - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
    - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
    - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
    - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'     (bsc#1226841).
    - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
    - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
    - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
    - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
    - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
    - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
    - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
    - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
    - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
    - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
    - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
    - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
    - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
    - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
    - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
    - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
    - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
    - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
    - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
    - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
    - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
    - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
    - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
    - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
    - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
    - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE     (bsc#1226789).
    - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
    - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
    - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
    - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
    - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
    - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
    - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
    - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
    - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
    - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
    - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
    - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
    - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103.
    - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2360-1 advisory.

    The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
    - CVE-2021-47191: Fix out-of-bound read in resp_readcap16() (bsc#1222866).
    - CVE-2021-47267: usb: fix various gadget panics on 10gbps cabling (bsc#1224993).
    - CVE-2021-47270: usb: fix various gadgets null ptr deref on 10gbps cabling (bsc#1224997).
    - CVE-2021-47293: net/sched: act_skbmod: Skip non-Ethernet packets (bsc#1224978).
    - CVE-2021-47294: netrom: Decrease sock refcount when sock timers expire (bsc#1224977).
    - CVE-2021-47297: net: fix uninit-value in caif_seqpkt_sendmsg (bsc#1224976).
    - CVE-2021-47309: net: validate lwtstate->data before returning from skb_tunnel_info() (bsc#1224967).
    - CVE-2021-47354: drm/sched: Avoid data corruptions (bsc#1225140)
    - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
    - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
    - CVE-2021-47407: KVM: x86: Handle SRCU initialization failure during page track init (bsc#1225306).
    - CVE-2021-47418: net_sched: fix NULL deref in fifo_set_limit() (bsc#1225337).
    - CVE-2021-47434: xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1225232).
    - CVE-2021-47445: drm/msm: Fix null pointer dereference on pointer edp (bsc#1225261)
    - CVE-2021-47518: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (bsc#1225372).
    - CVE-2021-47544: tcp: fix page frag corruption on page fault (bsc#1225463).
    - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
    - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
    - CVE-2021-47587: net: systemport: Add global locking for descriptor lifecycle (bsc#1226567).
    - CVE-2021-47602: mac80211: track only QoS data frames for admission control (bsc#1226554).
    - CVE-2021-47609: firmware: arm_scpi: Fix string overflow in SCPI genpd driver (bsc#1226562)
    - CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking (bsc#1226716)
    - CVE-2022-48733: btrfs: fix use-after-free after failure to create a snapshot (bsc#1226718).
    - CVE-2022-48740: selinux: fix double free of cond_list on error paths (bsc#1226699).
    - CVE-2022-48743: net: amd-xgbe: Fix skb data length underflow (bsc#1226705).
    - CVE-2022-48756: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (bsc#1226698)
    - CVE-2022-48759: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (bsc#1226711).
    - CVE-2022-48761: usb: xhci-plat: fix crash when suspend if remote wake enable (bsc#1226701).
    - CVE-2022-48772: media: lgdt3306a: Add a check against null-pointer-def (bsc#1226976).
    - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
    - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
    - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52754: media: imon: fix access to invalid resource for the second interface (bsc#1225490).
    - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
    - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
    - CVE-2023-52764: media: gspca: cpia1: shift-out-of-bounds in set_flicker (bsc#1225571).
    - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
    - CVE-2023-52832: wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (bsc#1225577).
    - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
    - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
    - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
    - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
    - CVE-2023-52855: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency     (bsc#1225583).
    - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
    - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
    - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
    - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
    - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
    - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
    - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
    - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
    - CVE-2024-26894: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (bsc#1223043).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
    - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
    - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (git-fixesbsc#1223641).
    - CVE-2024-27399: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (bsc#1224177).
    - CVE-2024-27410: Reject iftype change with mesh ID change (bsc#1224432).
    - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
    - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
    - CVE-2024-35822: usb: udc: remove warning when queue disabled ep (bsc#1224739).
    - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
    - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
    - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
    - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
    - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
    - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
    - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
    - CVE-2024-35922: fbmon: prevent division by zero in fb_videomode_from_videomode() (bsc#1224660)
    - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
    - CVE-2024-35930: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1224651).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
    - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
    - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
    - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
    - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
    - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
    - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
    - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
    - CVE-2024-36016: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (bsc#1225642).
    - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
    - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
    - CVE-2024-36592: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up     (bsc#1225898).
    - CVE-2024-36880: Bluetooth: qca: add missing firmware sanity checks (bsc#1225722).
    - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
    - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
    - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
    - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
    - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
    - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
    - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
    - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
    - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
    - CVE-2024-36950: firewire: ohci: mask bus reset interrupts between ISR and bottom half (bsc#1225895).
    - CVE-2024-36960: drm/vmwgfx: Fix invalid reads in fence signaled events (bsc#1225872)
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
    - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
    - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
    - CVE-2024-38544: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (bsc#1226597)
    - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
    - CVE-2024-38546: drm: vc4: Fix possible null pointer dereference (bsc#1226593).
    - CVE-2024-38549: drm/mediatek: Add 0 size check to mtk_drm_gem_obj (bsc#1226735)
    - CVE-2024-38552: drm/amd/display: Fix potential index out of bounds in color (bsc#1226767)
    - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
    - CVE-2024-38565: wifi: ar5523: enable proper endpoint verification (bsc#1226747).
    - CVE-2024-38567: wifi: carl9170: add a proper sanity check for endpoints (bsc#1226769).
    - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634.
    - CVE-2024-38579: crypto: bcm - Fix pointer arithmetic (bsc#1226637).
    - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
    - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
    - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
    - CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754).
    - CVE-2024-38621: media: stk1160: fix bounds checking in stk1160_copy_video() (bsc#1226895).
    - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
    - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
    - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
    - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
208245	Debian dla-3912 : ata-modules-5.10.0-29-armmp-di - security update	Nessus	Debian Local Security Checks	high
208045	Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-070)	Nessus	Amazon Linux Local Security Checks	high
205734	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2939-1)	Nessus	SuSE Local Security Checks	high
202761	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2561-1)	Nessus	SuSE Local Security Checks	critical
202177	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2381-1)	Nessus	SuSE Local Security Checks	critical
202176	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2394-1)	Nessus	SuSE Local Security Checks	high
202100	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2372-1)	Nessus	SuSE Local Security Checks	high
202099	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2360-1)	Nessus	SuSE Local Security Checks	critical

Detections

Analytics

CVE-2022-48733

high

Tenable Plugins

high

high

high

critical

critical

high

high

critical