In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754 trace_9p_client_res include/trace/events/9p.h:146 [inline] p9_client_rpc+0x1314/0x1340 net/9p/client.c:754 p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031 v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122 legacy_get_tree+0x114/0x290 fs/fs_context.c:662 vfs_get_tree+0xa7/0x570 fs/super.c:1797 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x742/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2175 [inline] allocate_slab mm/slub.c:2338 [inline] new_slab+0x2de/0x1400 mm/slub.c:2391 ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525 __slab_alloc mm/slub.c:3610 [inline] __slab_alloc_node mm/slub.c:3663 [inline] slab_alloc_node mm/slub.c:3835 [inline] kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852 p9_tag_alloc net/9p/client.c:278 [inline] p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641 p9_client_rpc+0x27e/0x1340 net/9p/client.c:688 p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031 v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122 legacy_get_tree+0x114/0x290 fs/fs_context.c:662 vfs_get_tree+0xa7/0x570 fs/super.c:1797 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x742/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 If p9_check_errors() fails early in p9_client_rpc(), req->rc.tag will not be properly initialized. However, trace_9p_client_res() ends up trying to print it out anyway before p9_client_rpc() finishes. Fix this issue by assigning default values to p9_fcall fields such as 'tag' and (just in case KMSAN unearths something new) 'id' during the tag allocation stage.

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12581 advisory.

    - net/mlx5e: drop shorter ethernet frames (Manjunath Patil)  [Orabug: 36879157]  {CVE-2024-41090}     {CVE-2024-41091}
    - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik)     [Orabug: 36835599] {CVE-2024-39503}
    - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug:
    36836328] {CVE-2024-40916}
    - s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592]     {CVE-2024-38661}
    - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598]     {CVE-2024-39276}
    - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449]     {CVE-2024-35976}
    - net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971}
    - kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson)     [Orabug: 36809288] {CVE-2024-39480}
    - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301}
    - drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471}
    - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636]     {CVE-2024-39467}
    - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564]     {CVE-2024-38583}
    - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512]     {CVE-2024-36288}
    - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618}
    - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551]     {CVE-2024-33621}
    - netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563]     {CVE-2024-36270}
    - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836]     {CVE-2024-38659}
    - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844]     {CVE-2024-38780}
    - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug:
    36763570] {CVE-2024-36286}
    - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587]     {CVE-2024-37353}
    - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258]     {CVE-2024-39488}
    - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591]     {CVE-2024-37356}
    - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489}
    - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602]     {CVE-2024-38621}
    - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583]     {CVE-2024-39292}
    - ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015}
    - stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763]     {CVE-2024-38627}
    - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814]     {CVE-2024-38633}
    - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug:
    36763819] {CVE-2024-38634}
    - soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635}
    - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832]     {CVE-2024-38637}
    - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589}
    - drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061]     {CVE-2024-36014}
    - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549}
    - drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan     Shanmugam) [Orabug: 36753424] {CVE-2024-38552}
    - ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612}
    - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462]     {CVE-2024-38558}
    - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599]     {CVE-2024-38596}
    - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613}
    - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559}
    - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560}
    - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485]     {CVE-2024-38565}
    - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508]     {CVE-2024-38567}
    - cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615}
    - md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648]     {CVE-2024-38598}
    - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651]     {CVE-2024-38599}
    - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578}
    - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579}
    - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557]     {CVE-2024-38582}
    - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661]     {CVE-2024-38601}
    - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068]     {CVE-2024-36016}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12585 advisory.

    - net/mlx5e: drop shorter ethernet frames (Manjunath Patil)  [Orabug: 36879157]  {CVE-2024-41090}     {CVE-2024-41091}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12584 advisory.

    - net/mlx5e: drop shorter ethernet frames (Manjunath Patil)  [Orabug: 36879157]  {CVE-2024-41090}     {CVE-2024-41091}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6953-1 advisory.

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - M68K architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Accessibility subsystem;

    - Character device driver;

    - Clock framework and drivers;

    - CPU frequency scaling framework;

    - Hardware crypto device drivers;

    - Buffer Sharing and Synchronization framework;

    - FireWire subsystem;

    - ARM SCMI message protocol;

    - GPU drivers;

    - HW tracing;

    - InfiniBand drivers;

    - Macintosh device drivers;

    - Multiple devices driver;

    - Media drivers;

    - Network drivers;

    - Pin controllers subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - SoundWire subsystem;

    - Greybus lights staging drivers;

    - TTY drivers;

    - Framebuffer layer;

    - Virtio drivers;

    - 9P distributed file system;

    - eCrypt file system;

    - EROFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFFS2 file system;

    - Network file system client;

    - NILFS2 file system;

    - SMB network file system;

    - Mellanox drivers;

    - Kernel debugger infrastructure;

    - IRQ subsystem;

    - Tracing infrastructure;

    - Dynamic debug library;

    - 9P file system network protocol;

    - Bluetooth subsystem;

    - Networking core;

    - IPv4 networking;

    - IPv6 networking;

    - Netfilter;

    - NET/ROM layer;

    - NFC subsystem;

    - NSH protocol;

    - Open vSwitch;

    - Phonet protocol;

    - TIPC protocol;

    - TLS protocol;

    - Unix domain sockets;

    - Wireless networking;

    - eXpress Data Path;

    - XFRM subsystem;

    - ALSA framework; (CVE-2024-26584, CVE-2023-52434, CVE-2024-36933, CVE-2024-36286, CVE-2024-36886,     CVE-2024-38579, CVE-2022-48772, CVE-2024-39493, CVE-2024-38637, CVE-2024-36016, CVE-2023-52752,     CVE-2024-38558, CVE-2024-39488, CVE-2024-38559, CVE-2024-36919, CVE-2024-36905, CVE-2024-39489,     CVE-2024-39475, CVE-2021-47131, CVE-2024-26585, CVE-2024-38578, CVE-2024-38567, CVE-2024-38596,     CVE-2024-38598, CVE-2024-36940, CVE-2024-38552, CVE-2024-37356, CVE-2024-38780, CVE-2024-38589,     CVE-2024-36959, CVE-2024-27399, CVE-2024-36017, CVE-2024-38661, CVE-2024-36939, CVE-2024-36904,     CVE-2024-36902, CVE-2024-38381, CVE-2024-36883, CVE-2024-37353, CVE-2024-38560, CVE-2024-39292,     CVE-2024-36934, CVE-2024-38621, CVE-2024-38599, CVE-2024-36941, CVE-2022-48655, CVE-2024-26886,     CVE-2024-36014, CVE-2024-38613, CVE-2024-27398, CVE-2024-27019, CVE-2024-36954, CVE-2024-39471,     CVE-2024-26583, CVE-2024-35947, CVE-2024-31076, CVE-2024-38659, CVE-2024-38549, CVE-2024-38618,     CVE-2024-38565, CVE-2024-27401, CVE-2022-48674, CVE-2024-38582, CVE-2024-38634, CVE-2024-38627,     CVE-2024-39480, CVE-2024-36015, CVE-2023-52585, CVE-2024-36270, CVE-2024-26907, CVE-2024-38615,     CVE-2024-38600, CVE-2024-38612, CVE-2024-36946, CVE-2024-39301, CVE-2024-38601, CVE-2024-38635,     CVE-2024-33621, CVE-2024-36964, CVE-2024-38633, CVE-2024-39467, CVE-2024-38607, CVE-2024-36971,     CVE-2024-35976, CVE-2024-38587, CVE-2023-52882, CVE-2024-36950, CVE-2024-39276, CVE-2024-36960,     CVE-2024-38583)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6951-1 advisory.

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - M68K architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Accessibility subsystem;

    - Character device driver;

    - Clock framework and drivers;

    - CPU frequency scaling framework;

    - Hardware crypto device drivers;

    - Buffer Sharing and Synchronization framework;

    - FireWire subsystem;

    - GPU drivers;

    - HW tracing;

    - Macintosh device drivers;

    - Multiple devices driver;

    - Media drivers;

    - Network drivers;

    - Pin controllers subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - SoundWire subsystem;

    - Greybus lights staging drivers;

    - TTY drivers;

    - Framebuffer layer;

    - Virtio drivers;

    - 9P distributed file system;

    - eCrypt file system;

    - EROFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFFS2 file system;

    - Network file system client;

    - NILFS2 file system;

    - SMB network file system;

    - Kernel debugger infrastructure;

    - IRQ subsystem;

    - Tracing infrastructure;

    - Dynamic debug library;

    - 9P file system network protocol;

    - Bluetooth subsystem;

    - Networking core;

    - IPv4 networking;

    - IPv6 networking;

    - Netfilter;

    - NET/ROM layer;

    - NFC subsystem;

    - NSH protocol;

    - Open vSwitch;

    - Phonet protocol;

    - TIPC protocol;

    - Unix domain sockets;

    - Wireless networking;

    - eXpress Data Path;

    - XFRM subsystem;

    - ALSA framework; (CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399, CVE-2024-39276,     CVE-2024-38596, CVE-2024-36933, CVE-2024-36919, CVE-2024-35976, CVE-2024-37356, CVE-2023-52585,     CVE-2024-38558, CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633, CVE-2024-36886,     CVE-2024-27398, CVE-2024-39493, CVE-2024-26886, CVE-2024-31076, CVE-2024-38559, CVE-2024-38615,     CVE-2024-36971, CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353, CVE-2024-38621,     CVE-2024-36883, CVE-2024-39488, CVE-2024-38661, CVE-2024-36939, CVE-2024-38589, CVE-2024-38565,     CVE-2024-38381, CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017, CVE-2024-36946,     CVE-2024-27401, CVE-2024-38579, CVE-2024-38612, CVE-2024-38598, CVE-2024-38635, CVE-2024-38587,     CVE-2024-38567, CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019, CVE-2024-38601,     CVE-2024-39489, CVE-2024-39467, CVE-2023-52882, CVE-2024-38583, CVE-2024-39480, CVE-2024-38607,     CVE-2024-36940, CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582, CVE-2024-36950,     CVE-2024-38552, CVE-2024-33621, CVE-2024-36954, CVE-2024-39475, CVE-2024-39301, CVE-2024-38599,     CVE-2024-36902, CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941, CVE-2024-36014,     CVE-2024-38618, CVE-2024-36904, CVE-2024-36270, CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2571-1 advisory.

    The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
    - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
    - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
    - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
    - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
    - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
    - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
    - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
    - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
    - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
    - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096).
    - CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086).
    - CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022).
    - CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009).
    - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
    - CVE-2023-52759: Ignore negated quota changes (bsc#1225560).
    - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
    - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs     (bsc#1225097).
    - CVE-2023-52864: Fixed opening of char device (bsc#1225132).
    - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
    - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
    - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
    - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
    - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
    - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
    - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751).
    - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
    - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
    - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
    - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
    - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules     (bsc#1226799).
    - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
    - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'     (bsc#1226841).
    - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879).
    - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
    - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE     (bsc#1226789).
    - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
    - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
    - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
    - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
    - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
    - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
    - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
    - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
    - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
    - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
    - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
    - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
    - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772).
    - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
    - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810).
    - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
    - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
    - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
    - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
    - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439).
    - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
    - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702).
    - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
    - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
    - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
    - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
    - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
    - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()     (bsc#1224498).
    - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
    - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723).
    - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
    - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
    - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
    - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
    - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
    - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939).
    - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
    - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763).
    - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
    - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
    - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
    - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path     (bsc#1224539).
    - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
    - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515).
    - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
    - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
    - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
    - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
    - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655).
    - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
    - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
    - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
    - CVE-2024-35998: Fixed lock ordering potential deadlock in  cifs_sync_mid_result (bsc#1224549).
    - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
    - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
    - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
    - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
    - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523).
    - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698).
    - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606).
    - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
    - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659).

    The following non-security bugs were fixed:

    - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478).
    - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158).
    - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
    - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
    - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
    - PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
    - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
    - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
    - Revert 'build initrd without systemd' (bsc#1195775)'
    - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688).
    - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688).
    - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688).
    - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
    - bpf: correct loop detection for iterators convergence (bsc#1225903).
    - bpf: exact states comparison for iterator convergence checks (bsc#1225903).
    - bpf: extract __check_reg_arg() utility function (bsc#1225903).
    - bpf: extract same_callsites() as utility function (bsc#1225903).
    - bpf: extract setup_func_entry() utility function (bsc#1225903).
    - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
    - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
    - bpf: print full verifier states on infinite loop detection (bsc#1225903).
    - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
    - bpf: widening for callback iterators (bsc#1225903).
    - cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
    - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
    - ceph: always check dir caps asynchronously (bsc#1226022).
    - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
    - ceph: break the check delayed cap loop every 5s (bsc#1226022).
    - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
    - crypto: deflate - Add aliases to deflate (bsc#1227190).
    - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190).
    - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
    - kABI: bpf: verifier kABI workaround (bsc#1225903).
    - net: ena: Fix redundant device NUMA node override (jsc#PED-8688).
    - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
    - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442).
    - nfs: Bump default write congestion size (bsc#1218442).
    - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
    - nvme-fabrics: short-circuit reconnect retries (bsc#1186716).
    - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049).
    - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049).
    - nvme: do not retry authentication failures (bsc#1186716).
    - nvme: return kernel error codes for admin queue connect (bsc#1186716).
    - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716).
    - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716).
    - ocfs2: adjust enabling place for la window (bsc#1219224).
    - ocfs2: fix sparse warnings (bsc#1219224).
    - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
    - ocfs2: speed up chain-list searching (bsc#1219224).
    - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
    - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
    - s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072).
    - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
    - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
    - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903).
    - selftests/bpf: test widening for iterating callbacks (bsc#1225903).
    - selftests/bpf: tests for iterating callbacks (bsc#1225903).
    - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903).
    - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
    - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903).
    - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
    - tcp: Dump bound-only sockets in inet_diag (bsc#1204562).
    - x86/mce: Dynamically size space for machine check records (bsc#1222241).
    - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2493-1 advisory.

    The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
    - CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
    - CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
    - CVE-2021-47438: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (bsc#1225229)
    - CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
    - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
    - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound     (bsc#1225505).
    - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve     local privilege escalation (bsc#1215420).
    - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
    - CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
    - CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
    - CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
    - CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
    - CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
    - CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
    - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
    - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
    - CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
    - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
    - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
    - CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
    - CVE-2024-35947: dyndbg: fix old BUG_ON in >control parser (bsc#1224647).
    - CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
    - CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
    - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
    - CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
    - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
    - CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)

    The following non-security bugs were fixed:

    - PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity check (git-fixes).
    - SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
    - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
    - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
    - kgdb: Add kgdb_has_hit_break function (git-fixes).
    - kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h (git-fixes).
    - net: hsr: fix placement of logical operator in a multi-line statement (bsc#1223021).
    - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes).
    - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
    - sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1227407).
    - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
    - x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys (git-fixes).
    - x86/boot/e820: Fix typo in e820.c comment (git-fixes).
    - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
    - x86/fpu: Return proper error codes from user access functions (git-fixes).
    - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
    - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
    - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
    - x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (git-fixes).
    - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
    - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5730 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5730-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     July 15, 2024                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : linux     CVE ID         : CVE-2022-43945 CVE-2022-48772 CVE-2024-25741 CVE-2024-26629                      CVE-2024-27019 CVE-2024-31076 CVE-2024-33621 CVE-2024-33847                      CVE-2024-34027 CVE-2024-35247 CVE-2024-36014 CVE-2024-36015                      CVE-2024-36016 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288                      CVE-2024-36489 CVE-2024-36894 CVE-2024-36971 CVE-2024-36974                      CVE-2024-36978 CVE-2024-37078 CVE-2024-37353 CVE-2024-37356                      CVE-2024-38381 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548                      CVE-2024-38549 CVE-2024-38552 CVE-2024-38555 CVE-2024-38558                      CVE-2024-38559 CVE-2024-38560 CVE-2024-38565 CVE-2024-38567                      CVE-2024-38578 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583                      CVE-2024-38586 CVE-2024-38587 CVE-2024-38589 CVE-2024-38590                      CVE-2024-38596 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599                      CVE-2024-38601 CVE-2024-38605 CVE-2024-38607 CVE-2024-38612                      CVE-2024-38613 CVE-2024-38615 CVE-2024-38618 CVE-2024-38619                      CVE-2024-38621 CVE-2024-38627 CVE-2024-38633 CVE-2024-38634                      CVE-2024-38635 CVE-2024-38637 CVE-2024-38659 CVE-2024-38661                      CVE-2024-38662 CVE-2024-38780 CVE-2024-39276 CVE-2024-39292                      CVE-2024-39301 CVE-2024-39467 CVE-2024-39468 CVE-2024-39469                      CVE-2024-39471 CVE-2024-39475 CVE-2024-39476 CVE-2024-39480                      CVE-2024-39482 CVE-2024-39484 CVE-2024-39488 CVE-2024-39489                      CVE-2024-39493 CVE-2024-39495 CVE-2024-39499 CVE-2024-39501                      CVE-2024-39502 CVE-2024-39503 CVE-2024-39505 CVE-2024-39506                      CVE-2024-39509 CVE-2024-40901 CVE-2024-40902 CVE-2024-40904                      CVE-2024-40905 CVE-2024-40912 CVE-2024-40916 CVE-2024-40929                      CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40941                      CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40958                      CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40963                      CVE-2024-40968 CVE-2024-40971 CVE-2024-40974 CVE-2024-40976                      CVE-2024-40978 CVE-2024-40980 CVE-2024-40981 CVE-2024-40983                      CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40990                      CVE-2024-40993 CVE-2024-40995 CVE-2024-41000 CVE-2024-41004                      CVE-2024-41005 CVE-2024-41006

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For the oldstable distribution (bullseye), these problems have been fixed     in version 5.10.221-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
205492	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2896-1)	Nessus	SuSE Local Security Checks	high
205422	Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12581)	Nessus	Oracle Linux Local Security Checks	high
205420	Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2024-12585)	Nessus	Oracle Linux Local Security Checks	high
205419	Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12584)	Nessus	Oracle Linux Local Security Checks	high
205288	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6953-1)	Nessus	Ubuntu Local Security Checks	high
205223	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6951-1)	Nessus	Ubuntu Local Security Checks	high
202999	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2571-1)	Nessus	SuSE Local Security Checks	high
202761	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2561-1)	Nessus	SuSE Local Security Checks	critical
202563	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2493-1)	Nessus	SuSE Local Security Checks	high
202458	Debian dsa-5730 : affs-modules-5.10.0-29-4kc-malta-di - security update	Nessus	Debian Local Security Checks	high
202176	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2394-1)	Nessus	SuSE Local Security Checks	high
202100	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2372-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2024-39301

medium

Tenable Plugins

high

high

high

high

high

high

high

critical

high

high

high

high