In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 [Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 [Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 [Thu Feb 10 12:59:06 2022] Call Trace: [Thu Feb 10 12:59:06 2022] <IRQ> [Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 [Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117 [Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0 [Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0 [Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0 [Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20 [Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140 [Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10 [Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b [Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150 [Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30 [Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0 ... [Thu Feb 10 12:59:07 2022] Freed by task 58179: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30 [Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40 [Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170 [Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20 [Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0 [Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae [Thu Feb 10 12:59:07 2022] Last potentially related work creation: [Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0 [Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10 [Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0 [Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs] [Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0 [Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3499-1 advisory.

    The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
    - CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
    - CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3483-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
    - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch     (bsc#1226798)
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
    - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
    - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
    - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
    - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
    - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function     (bsc#1229569).
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
    - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
    - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
    - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
    - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
    - CVE-2024-27016: Validate pppoe header (bsc#1223807).
    - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
    - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
    - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number')     (bsc#1222387)
    - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
    - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42308: Update DRM patch reference (bsc#1229411)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2024-26669: Fix chain template offload (bsc#1222350).
    - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
    - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
    - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
    - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
    - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
    - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
    - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42139: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
    - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local     privilege escalation (bsc#1213580).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
    - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
    - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3408-1 advisory.

    The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
    - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3251-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-35965: Fix not validating setsockopt user input (bsc#1224579).
    - CVE-2024-35933: Fixed build regression (bsc#1224640).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2024-43863: Fix a deadlock in dma buf fence polling (bsc#1229497)
    - CVE-2024-41087: Fix double free on error (bsc#1228466).
    - CVE-2024-43907: Fix the null pointer dereference in apply_state_adjust_rules (bsc#1229787).
    - CVE-2024-43905: Fix the null pointer dereference for vega10_hwmgr (bsc#1229784).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2022-48910: Ensure we call ipv6_mc_down() at most once (bsc#1229632)
    - CVE-2023-52893: Fix null-deref in gsmi_get_variable (bsc#1229535)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2022-48875: Initialize struct pn533_out_arg properly (bsc#1229516).
    - CVE-2023-52907: Wait for out_urb's completion in pn533_usb_send_frame() (bsc#1229526).
    - CVE-2024-43871: Fix memory leakage caused by driver API devm_free_percpu() (bsc#1229490)
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-43872: Fix soft lockup under heavy CEQE load (bsc#1229489)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB     (bsc#1228709).
    - CVE-2024-42236: Prevent OOB read/write in usb_string_copy() (bsc#1228964).
    - CVE-2024-42244: Fix crash on resume (bsc#1228967).
    - CVE-2024-43879: Handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (bsc#1229482).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-41012: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
    - CVE-2021-47341: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (bsc#1224923).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2022-48769: Avoid EFIv2 runtime services on Apple x86 machines (bsc#1226629).
    - CVE-2024-43856: Fix call order in dmam_free_coherent (bsc#1229346).
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-40984: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (bsc#1227820).
    - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number')     (bsc#1222387)
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-42310: Fix null pointer dereference in cdv_intel_lvds_get_modes (bsc#1229358)
    - CVE-2024-42309: Fix null pointer dereference in psb_intel_lvds_get_modes (bsc#1229359)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42285: Fix a use-after-free related to destroying CM IDs (bsc#1229381)
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-38618: Set lower bound of start tick time (bsc#1226754).
    - CVE-2024-41035: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (bsc#1228485)
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2023-52708: Fix error handling in mmc_spi_probe() (bsc#1225483).
    - CVE-2021-47549: Fix UAF in sata_fsl_port_stop when rmmod sata_fsl (bsc#1225508).
    - CVE-2021-47373: Fix potential VPE leak on error (bsc#1225190).
    - CVE-2021-47425: Fix resource leak in reconfiguration device addition (bsc#1225223).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-41098: Fix null pointer dereference on error (bsc#1228467).
    - CVE-2021-4440: Drop USERGS_SYSRET64 paravirt call ( bsc#1227069).
    - CVE-2022-48786: Remove vsock from connected table when connect is interrupted by a signal (bsc#1227996).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-35915: Fix uninit-value in nci_dev_up and nci_ntf_packet (bsc#1224479).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-42090: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (bsc#1228449).
    - CVE-2024-42101: Fix null pointer dereference in nouveau_connector_get_modes (bsc#1228495).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2021-47257: fix null deref in parse dev addr (bsc#1224896).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3249-1 advisory.

    The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
    - CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
    - CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
    - CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).
    - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3252-1 advisory.

    The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-35965: Fix not validating setsockopt user input (bsc#1224579).
    - CVE-2024-35933: Fixed a build regression (bsc#1224640).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2024-43863: Fix a deadlock in dma buf fence polling (bsc#1229497)
    - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
    - CVE-2024-43907: Fix the null pointer dereference in apply_state_adjust_rules (bsc#1229787).
    - CVE-2024-43905: Fix the null pointer dereference for vega10_hwmgr (bsc#1229784).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2022-48910: Ensure we call ipv6_mc_down() at most once (bsc#1229632)
    - CVE-2023-52893: Fix null-deref in gsmi_get_variable (bsc#1229535)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2022-48875: Initialize struct pn533_out_arg properly (bsc#1229516).
    - CVE-2023-52907: Wait for out_urb's completion in pn533_usb_send_frame() (bsc#1229526).
    - CVE-2024-43871: Fix memory leakage caused by driver API devm_free_percpu() (bsc#1229490)
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-43872: Fix soft lockup under heavy CEQE load (bsc#1229489)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB     (bsc#1228709).
    - CVE-2024-42236: Prevent OOB read/write in usb_string_copy() (bsc#1228964).
    - CVE-2024-42244: Fix crash on resume (bsc#1228967).
    - CVE-2024-43879: Handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (bsc#1229482).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-41012: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
    - CVE-2021-47341: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (bsc#1224923).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2022-48769: Avoid EFIv2 runtime services on Apple x86 machines (bsc#1226629).
    - CVE-2024-43856: Fix call order in dmam_free_coherent (bsc#1229346).
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-40984: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (bsc#1227820).
    - CVE-2024-26677: Blacklist e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial     number') (bsc#1222387)
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-42310: Fix null pointer dereference in cdv_intel_lvds_get_modes (bsc#1229358)
    - CVE-2024-42309: Fix null pointer dereference in psb_intel_lvds_get_modes (bsc#1229359)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42285: Fix a use-after-free related to destroying CM IDs (bsc#1229381)
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-38618: Set lower bound of start tick time (bsc#1226754).
    - CVE-2024-41035: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (bsc#1228485)
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2023-52708: Fix error handling in mmc_spi_probe() (bsc#1225483).
    - CVE-2021-47549: Fix UAF in sata_fsl_port_stop when rmmod sata_fsl (bsc#1225508).
    - CVE-2021-47373: Fix potential VPE leak on error (bsc#1225190).
    - CVE-2021-47425: Fix resource leak in reconfiguration device addition (bsc#1225223).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-41098: Fix null pointer dereference on error (bsc#1228467).
    - CVE-2021-4440: Drop USERGS_SYSRET64 paravirt call (bsc#1227069).
    - CVE-2022-48786: Remove vsock from connected table when connect is interrupted by a signal (bsc#1227996).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-35915: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes CVE-2024-35915     bsc#1224479).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-42090: Fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (bsc#1228449).
    - CVE-2024-42101: Fix null pointer dereference in nouveau_connector_get_modes (bsc#1228495).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2021-47257: Fix null deref in parse dev addr (bsc#1224896).
    - CVE-2022-48751: Transitional solution for clcsock race issue (bsc#1226653).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3209-1 advisory.

    The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
    - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
    - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
    - CVE-2024-41087: Fix double free on error (bsc#1228466).
    - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
    - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
    - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808).
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function     (bsc#1229569).
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
    - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
    - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
    - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
    - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
    - CVE-2024-27016: Validate pppoe header (bsc#1223807).
    - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
    - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
    - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number')     (bsc#1222387)
    - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
    - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2024-26669: Fix chain template offload (bsc#1222350).
    - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
    - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
    - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
    - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
    - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
    - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
    - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42139: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
    - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local     privilege escalation (bsc#1213580).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613).
    - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
    - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3190-1 advisory.

    The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
    - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
    - CVE-2024-44939: fix null ptr deref in dtInsertEntry (bsc#1229820).
    - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
    - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
    - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
    - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function     (bsc#1229569).
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
    - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
    - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
    - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
    - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
    - CVE-2024-27016: Validate pppoe header (bsc#1223807).
    - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
    - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
    - CVE-2024-26677: Blacklist e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial     number') (bsc#1222387)
    - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
    - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2024-26669: Fix chain template offload (bsc#1222350).
    - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
    - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
    - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
    - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
    - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
    - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
    - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42139: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
    - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local     privilege escalation (bsc#1213580).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
    - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
    - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3189-1 advisory.

    The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2024-43907: drm/amdgpu/pm: fix the null pointer dereference in apply_state_adjust_rules     (bsc#1229787).
    - CVE-2024-43905: drm/amd/pm: fix the null pointer dereference for vega10_hwmgr (bsc#1229784).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43879: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()     (bsc#1229482).
    - CVE-2024-43872: RDMA/hns: Fix soft lockup under heavy CEQE load (bsc#1229489).
    - CVE-2024-43871: devres: Fix memory leakage caused by driver API devm_free_percpu() (bsc#1229490).
    - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-43863: drm/vmwgfx: Fix a deadlock in dma buf fence polling (bsc#1229497).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2024-43856: dma: fix call order in dmam_free_coherent (bsc#1229346).
    - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
    - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-42310: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (bsc#1229358).
    - CVE-2024-42309: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (bsc#1229359).
    - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42285: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (bsc#1229381).
    - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-42259: drm/i915/gem: fix Virtual Memory mapping boundaries calculation (bsc#1229156).
    - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket     (bsc#1228989).
    - CVE-2024-42244: usb: serial: mos7840: fix crash on resume (bsc#1228967).
    - CVE-2024-42236: usb: gadget: configfs: prevent OOB read/write in usb_string_copy() (bsc#1228964).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2024-42226: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without     TRB (bsc#1228709).
    - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727).
    - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()     (bsc#1228501).
    - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-42101: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (bsc#1228495).
    - CVE-2024-42090: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (bsc#1228449).
    - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-41098: ata: libata-core: Fix null pointer dereference on error (bsc#1228467).
    - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
    - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
    - CVE-2024-41035: usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor     (bsc#1228485).
    - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
    - CVE-2024-40984: ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.'     (bsc#1227820).
    - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754).
    - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()     (bsc#1226801)
    - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch     (bsc#1226798)
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-35965: Bluetooth: L2CAP: Fix not validating setsockopt user input (bsc#1224579).
    - CVE-2024-35933: Bluetooth: btintel: Fix null ptr deref in btintel_read_version (bsc#1224640).
    - CVE-2024-35915: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (bsc#1224479).
    - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).
    - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number')     (bsc#1222387)
    - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2023-52907: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (bsc#1229526).
    - CVE-2023-52893: gsmi: fix null-deref in gsmi_get_variable (bsc#1229535).
    - CVE-2023-52708: mmc: mmc_spi: fix error handling in mmc_spi_probe() (bsc#1225483).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2022-48910: net: ipv6: ensure we call ipv6_mc_down() at most once (bsc#1229632).
    - CVE-2022-48875: wifi: mac80211: sdata can be NULL during AMPDU start (bsc#1229516).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2022-48822: usb: f_fs: fix use-after-free for epfile (bsc#1228040).
    - CVE-2022-48786: vsock: remove vsock from connected table when connect is interrupted by a signal     (bsc#1227996).
    - CVE-2022-48769: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines (bsc#1226629).
    - CVE-2022-48751: net/smc: transitional solution for clcsock race issue (bsc#1226653).
    - CVE-2021-47549: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (bsc#1225508).
    - CVE-2021-47425: i2c: acpi: fix resource leak in reconfiguration device addition (bsc#1225223).
    - CVE-2021-47373: irqchip/gic-v3-its: Fix potential VPE leak on error (bsc#1225190).
    - CVE-2021-47341: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio     (bsc#1224923).
    - CVE-2021-47289: ACPI: fix NULL pointer dereference (bsc#1224984).
    - CVE-2021-47257: net: ieee802154: fix null deref in parse dev addr (bsc#1224896).
    - CVE-2021-4440: x86/xen: drop USERGS_SYSRET64 paravirt call (bsc#1227069).



Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.10.106-102.504. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-012 advisory.

    2024-12-05: CVE-2022-48865 was added to this advisory.

    2024-12-05: CVE-2022-48850 was added to this advisory.

    2024-09-12: CVE-2022-48912 was added to this advisory.

    2024-09-12: CVE-2022-48925 was added to this advisory.

    2024-09-12: CVE-2022-48943 was added to this advisory.

    2024-09-12: CVE-2022-48919 was added to this advisory.

    2024-08-27: CVE-2022-48855 was added to this advisory.

    2024-08-27: CVE-2022-48858 was added to this advisory.

    2024-08-27: CVE-2022-48847 was added to this advisory.

    2024-05-23: CVE-2021-47088 was added to this advisory.

    2024-04-25: CVE-2021-46937 was added to this advisory.

    2024-02-29: CVE-2022-0500 was added to this advisory.

    2023-08-31: CVE-2022-23038 was added to this advisory.

    2023-08-31: CVE-2022-23040 was added to this advisory.

    2023-08-31: CVE-2022-23960 was added to this advisory.

    2023-08-31: CVE-2022-23039 was added to this advisory.

    2023-08-31: CVE-2022-23042 was added to this advisory.

    2023-08-31: CVE-2022-1011 was added to this advisory.

    2023-08-31: CVE-2022-23036 was added to this advisory.

    2023-08-31: CVE-2022-23037 was added to this advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' (CVE-2021-46937)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/dbgfs: protect targets destructions with kdamond_lock (CVE-2021-47088)

    A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds     memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local     user to crash or escalate their privileges on the system. (CVE-2022-0500)

    A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
    This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in     privilege escalation. (CVE-2022-1011)

    A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
    This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a     use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel     information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to     multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV     device frontends are using the grant table interfaces for removing access rights of the backends in ways     being subject to race conditions, resulting in potential data leaks, data corruption by malicious     backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the     gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they     assume that a following removal of the granted access will always succeed, which is not true in case the     backend has mapped the granted page between those two operations. As a result the backend can keep access     to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
    The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of     a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038     gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,     9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no     longer in use, but the freeing of the related data page is not synchronized with dropping the granted     access. As a result the backend can keep access to the memory page even after it has been freed and then     re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to     revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which     can be triggered by the backend. CVE-2022-23042 (CVE-2022-23036)

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to     multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV     device frontends are using the grant table interfaces for removing access rights of the backends in ways     being subject to race conditions, resulting in potential data leaks, data corruption by malicious     backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the     gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they     assume that a following removal of the granted access will always succeed, which is not true in case the     backend has mapped the granted page between those two operations. As a result the backend can keep access     to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
    The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of     a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038     gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,     9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no     longer in use, but the freeing of the related data page is not synchronized with dropping the granted     access. As a result the backend can keep access to the memory page even after it has been freed and then     re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to     revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which     can be triggered by the backend. CVE-2022-23042 (CVE-2022-23037)

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to     multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV     device frontends are using the grant table interfaces for removing access rights of the backends in ways     being subject to race conditions, resulting in potential data leaks, data corruption by malicious     backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the     gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they     assume that a following removal of the granted access will always succeed, which is not true in case the     backend has mapped the granted page between those two operations. As a result the backend can keep access     to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
    The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of     a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038     gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,     9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no     longer in use, but the freeing of the related data page is not synchronized with dropping the granted     access. As a result the backend can keep access to the memory page even after it has been freed and then     re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to     revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which     can be triggered by the backend. CVE-2022-23042 (CVE-2022-23038)

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to     multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV     device frontends are using the grant table interfaces for removing access rights of the backends in ways     being subject to race conditions, resulting in potential data leaks, data corruption by malicious     backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the     gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they     assume that a following removal of the granted access will always succeed, which is not true in case the     backend has mapped the granted page between those two operations. As a result the backend can keep access     to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
    The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of     a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038     gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,     9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no     longer in use, but the freeing of the related data page is not synchronized with dropping the granted     access. As a result the backend can keep access to the memory page even after it has been freed and then     re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to     revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which     can be triggered by the backend. CVE-2022-23042 (CVE-2022-23039)

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to     multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV     device frontends are using the grant table interfaces for removing access rights of the backends in ways     being subject to race conditions, resulting in potential data leaks, data corruption by malicious     backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the     gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they     assume that a following removal of the granted access will always succeed, which is not true in case the     backend has mapped the granted page between those two operations. As a result the backend can keep access     to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
    The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of     a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038     gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,     9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no     longer in use, but the freeing of the related data page is not synchronized with dropping the granted     access. As a result the backend can keep access to the memory page even after it has been freed and then     re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to     revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which     can be triggered by the backend. CVE-2022-23042 (CVE-2022-23040)

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to     multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV     device frontends are using the grant table interfaces for removing access rights of the backends in ways     being subject to race conditions, resulting in potential data leaks, data corruption by malicious     backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the     gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they     assume that a following removal of the granted access will always succeed, which is not true in case the     backend has mapped the granted page between those two operations. As a result the backend can keep access     to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
    The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of     a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038     gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,     9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no     longer in use, but the freeing of the related data page is not synchronized with dropping the granted     access. As a result the backend can keep access to the memory page even after it has been freed and then     re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to     revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which     can be triggered by the backend. CVE-2022-23042 (CVE-2022-23042)

    The Amazon Linux kernel now enables, by default, a software mitigation for this issue, on all ARM-based     EC2 instance types. (CVE-2022-23960)

    An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in     net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-     bounds write problem. This flaw allows a local attacker with a user account on the system to gain access     to out-of-bounds memory, leading to a system crash or a privilege escalation threat. (CVE-2022-25636)

    A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and     net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap     objects and may cause a local privilege escalation threat. (CVE-2022-27666)

    In the Linux kernel, the following vulnerability has been resolved:

    watch_queue: Fix filter limit check (CVE-2022-48847)

    In the Linux kernel, the following vulnerability has been resolved:

    net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5: Fix a race on command flush flow (CVE-2022-48858)

    In the Linux kernel, the following vulnerability has been resolved:

    tipc: fix kernel panic when enabling bearer (CVE-2022-48865)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912)

    In the Linux kernel, the following vulnerability has been resolved:

    cifs: fix double free race when mount fails in cifs_get_root() (CVE-2022-48919)

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/cma: Do not change route.addr.src_addr outside state checks (CVE-2022-48925)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: x86/mmu: make apf token non-zero to fix bug (CVE-2022-48943)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.4.186-102.354. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-024 advisory.

    2024-12-05: CVE-2022-48850 was added to this advisory.

    2024-09-12: CVE-2022-48912 was added to this advisory.

    2024-09-12: CVE-2022-48919 was added to this advisory.

    2024-08-27: CVE-2022-48843 was added to this advisory.

    2024-08-27: CVE-2022-48855 was added to this advisory.

    2024-08-27: CVE-2022-48858 was added to this advisory.

    2024-05-23: CVE-2021-47088 was added to this advisory.

    2024-04-25: CVE-2021-46937 was added to this advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' (CVE-2021-46937)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/dbgfs: protect targets destructions with kdamond_lock (CVE-2021-47088)

    A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
    This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a     use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel     information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)

    A use-after-free vulnerability was found in the tc_new_tfilter function in net/sched/cls_api.c in the     Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation.
    (CVE-2022-1055)

    An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in     net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-     bounds write problem. This flaw allows a local attacker with a user account on the system to gain access     to out-of-bounds memory, leading to a system crash or a privilege escalation threat. (CVE-2022-25636)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/vrr: Set VRR capable prop only if it is attached to connector (CVE-2022-48843)

    In the Linux kernel, the following vulnerability has been resolved:

    net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5: Fix a race on command flush flow (CVE-2022-48858)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912)

    In the Linux kernel, the following vulnerability has been resolved:

    cifs: fix double free race when mount fails in cifs_get_root() (CVE-2022-48919)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 4.14.273-207.502. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1768 advisory.

    2024-12-05: CVE-2022-48850 was added to this advisory.

    2024-12-05: CVE-2022-48839 was added to this advisory.

    2024-09-12: CVE-2022-48919 was added to this advisory.

    2024-09-12: CVE-2022-48912 was added to this advisory.

    2024-08-14: CVE-2022-48855 was added to this advisory.

    A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
    This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a     use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel     information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)

    Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel     (CVE-2022-20368)

    In the Linux kernel, the following vulnerability has been resolved:

    net/packet: fix slab-out-of-bounds access in packet_recvmsg() (CVE-2022-48839)

    In the Linux kernel, the following vulnerability has been resolved:

    net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912)

    In the Linux kernel, the following vulnerability has been resolved:

    cifs: fix double free race when mount fails in cifs_get_root() (CVE-2022-48919)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
207959	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:3499-1)	Nessus	SuSE Local Security Checks	high
207884	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3483-1)	Nessus	SuSE Local Security Checks	high
207728	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:3408-1)	Nessus	SuSE Local Security Checks	high
207334	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:3251-1)	Nessus	SuSE Local Security Checks	high
207333	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:3249-1)	Nessus	SuSE Local Security Checks	high
207332	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3252-1)	Nessus	SuSE Local Security Checks	high
207050	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)	Nessus	SuSE Local Security Checks	high
206957	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)	Nessus	SuSE Local Security Checks	high
206954	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3189-1)	Nessus	SuSE Local Security Checks	high
160433	Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-012)	Nessus	Amazon Linux Local Security Checks	high
160422	Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-024)	Nessus	Amazon Linux Local Security Checks	high
159558	Amazon Linux 2 : kernel (ALAS-2022-1768)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2022-48919

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high