In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x0002) - not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel: bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ? __die+0x1f/0x60 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface the new active one kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding] kernel: xfrm_output+0x61/0x3b0 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ip_push_pending_frames+0x56/0x80

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7123-1 advisory.

    It was discovered that the CIFS network file system implementation in the Linux kernel did not properly     validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this     to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6610)

    Supraja Sridhara, Benedict Schlter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the     Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit     emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service     (guest crash) or possibly execute arbitrary code. (CVE-2024-25744)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - MIPS architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - Null block device driver;

    - Character device driver;

    - ARM SCMI message protocol;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - I3C subsystem;

    - InfiniBand drivers;

    - Input Device core drivers;

    - Input Device (Miscellaneous) drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - Thunderbolt and USB4 drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Host Controller drivers;

    - USB Type-C Connector System Software Interface driver;

    - USB over IP driver;

    - VHOST drivers;

    - File systems infrastructure;

    - BTRFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - NTFS3 file system;

    - Proc file system;

    - SMB network file system;

    - Core kernel;

    - DMA mapping infrastructure;

    - RCU subsystem;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - Ethernet bridge;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Multipath TCP;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Landlock security;

    - Simplified Mandatory Access Control Kernel framework;

    - FireWire sound drivers;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2023-52751, CVE-2024-43902, CVE-2024-46791, CVE-2024-45018, CVE-2024-44987,     CVE-2024-46763, CVE-2024-46724, CVE-2024-26893, CVE-2024-42283, CVE-2024-46738, CVE-2024-46819,     CVE-2024-44982, CVE-2023-52889, CVE-2024-45025, CVE-2023-52918, CVE-2024-46800, CVE-2024-46756,     CVE-2024-46719, CVE-2024-39472, CVE-2024-42292, CVE-2024-45006, CVE-2024-46675, CVE-2024-44971,     CVE-2024-46731, CVE-2024-42286, CVE-2024-44954, CVE-2024-42274, CVE-2024-46746, CVE-2024-42276,     CVE-2024-43869, CVE-2024-43830, CVE-2024-42288, CVE-2024-41042, CVE-2024-42126, CVE-2024-43870,     CVE-2024-46805, CVE-2024-41078, CVE-2024-44966, CVE-2024-44989, CVE-2024-46795, CVE-2024-44988,     CVE-2024-38577, CVE-2024-43839, CVE-2024-43909, CVE-2024-46745, CVE-2024-42285, CVE-2024-43871,     CVE-2024-41081, CVE-2024-42289, CVE-2024-44965, CVE-2024-42271, CVE-2024-42284, CVE-2024-45009,     CVE-2024-41068, CVE-2024-44958, CVE-2024-46759, CVE-2024-42304, CVE-2024-43890, CVE-2024-41019,     CVE-2024-43846, CVE-2024-41012, CVE-2024-44983, CVE-2024-41072, CVE-2024-46702, CVE-2024-26800,     CVE-2024-42302, CVE-2023-52572, CVE-2024-46783, CVE-2024-43892, CVE-2024-45028, CVE-2024-44999,     CVE-2024-46814, CVE-2024-41022, CVE-2024-42281, CVE-2024-46679, CVE-2024-42290, CVE-2024-44960,     CVE-2024-41071, CVE-2024-41091, CVE-2024-44990, CVE-2024-46757, CVE-2024-38611, CVE-2024-47668,     CVE-2024-45008, CVE-2024-46707, CVE-2024-44935, CVE-2024-42299, CVE-2024-46771, CVE-2024-42265,     CVE-2024-43883, CVE-2024-46673, CVE-2024-46747, CVE-2024-43875, CVE-2024-44985, CVE-2024-42311,     CVE-2024-46798, CVE-2024-43884, CVE-2024-46725, CVE-2024-42318, CVE-2024-43873, CVE-2024-42296,     CVE-2024-43907, CVE-2024-43834, CVE-2024-46721, CVE-2024-47659, CVE-2024-45026, CVE-2024-47667,     CVE-2024-44986, CVE-2024-41020, CVE-2024-43849, CVE-2024-46744, CVE-2024-44946, CVE-2024-43861,     CVE-2024-42269, CVE-2024-46822, CVE-2024-46739, CVE-2024-44948, CVE-2024-46804, CVE-2024-41064,     CVE-2024-44995, CVE-2024-26669, CVE-2024-46781, CVE-2024-46732, CVE-2024-42246, CVE-2024-46780,     CVE-2024-46743, CVE-2024-44947, CVE-2024-47663, CVE-2024-46752, CVE-2024-43893, CVE-2024-45021,     CVE-2024-43856, CVE-2024-46714, CVE-2024-41011, CVE-2024-41070, CVE-2024-46832, CVE-2024-46737,     CVE-2024-43867, CVE-2024-42277, CVE-2024-44934, CVE-2024-46723, CVE-2024-43880, CVE-2024-43860,     CVE-2024-42297, CVE-2024-45003, CVE-2024-46810, CVE-2024-43889, CVE-2024-42287, CVE-2024-43854,     CVE-2024-42313, CVE-2024-42305, CVE-2024-41077, CVE-2024-38602, CVE-2024-46758, CVE-2024-46807,     CVE-2024-43853, CVE-2024-45007, CVE-2024-41090, CVE-2024-42280, CVE-2024-46844, CVE-2024-45011,     CVE-2024-47660, CVE-2024-47665, CVE-2024-46829, CVE-2024-44944, CVE-2024-41015, CVE-2024-42259,     CVE-2024-43914, CVE-2024-43829, CVE-2022-48666, CVE-2024-43828, CVE-2024-46755, CVE-2024-43858,     CVE-2024-46740, CVE-2024-46689, CVE-2024-42309, CVE-2024-42295, CVE-2024-41098, CVE-2023-52757,     CVE-2024-46782, CVE-2024-46777, CVE-2024-46685, CVE-2024-44969, CVE-2024-47669, CVE-2024-43882,     CVE-2024-42310, CVE-2024-43905, CVE-2024-44998, CVE-2024-42306, CVE-2024-40915, CVE-2024-46713,     CVE-2024-41059, CVE-2024-41017, CVE-2024-43879, CVE-2024-46677, CVE-2024-42312, CVE-2024-43908,     CVE-2024-46750, CVE-2024-46722, CVE-2024-42267, CVE-2024-46818, CVE-2024-26661, CVE-2024-43817,     CVE-2024-42272, CVE-2024-41065, CVE-2024-46828, CVE-2024-46840, CVE-2024-46676, CVE-2024-43841,     CVE-2024-46815, CVE-2024-26607, CVE-2023-52434, CVE-2024-46761, CVE-2024-42114, CVE-2024-41073,     CVE-2024-43894, CVE-2024-43835, CVE-2024-46817, CVE-2024-41060, CVE-2024-36484, CVE-2024-42301,     CVE-2024-44974, CVE-2024-43863, CVE-2024-41063)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7100-2 advisory.

    Supraja Sridhara, Benedict Schlter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the     Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit     emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service     (guest crash) or possibly execute arbitrary code. (CVE-2024-25744)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - MIPS architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - Null block device driver;

    - Character device driver;

    - ARM SCMI message protocol;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - I3C subsystem;

    - InfiniBand drivers;

    - Input Device core drivers;

    - Input Device (Miscellaneous) drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - Thunderbolt and USB4 drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Host Controller drivers;

    - USB Type-C Connector System Software Interface driver;

    - USB over IP driver;

    - VHOST drivers;

    - File systems infrastructure;

    - BTRFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - NTFS3 file system;

    - Proc file system;

    - SMB network file system;

    - Core kernel;

    - DMA mapping infrastructure;

    - RCU subsystem;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - Ethernet bridge;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Multipath TCP;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Landlock security;

    - Simplified Mandatory Access Control Kernel framework;

    - FireWire sound drivers;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2024-42288, CVE-2024-41098, CVE-2024-43849, CVE-2024-46689, CVE-2024-44987,     CVE-2024-40915, CVE-2024-46844, CVE-2024-45009, CVE-2024-46780, CVE-2024-41081, CVE-2024-43817,     CVE-2024-44965, CVE-2024-46832, CVE-2024-41072, CVE-2024-45011, CVE-2024-46814, CVE-2024-45026,     CVE-2024-44982, CVE-2024-46723, CVE-2024-46771, CVE-2024-46759, CVE-2024-41063, CVE-2024-46673,     CVE-2023-52889, CVE-2024-41020, CVE-2024-46677, CVE-2024-46798, CVE-2024-45021, CVE-2024-46676,     CVE-2024-47668, CVE-2024-42289, CVE-2024-45018, CVE-2024-46724, CVE-2024-41090, CVE-2024-43853,     CVE-2024-42272, CVE-2024-43828, CVE-2024-42292, CVE-2024-26800, CVE-2024-43871, CVE-2024-46758,     CVE-2024-36484, CVE-2024-46755, CVE-2024-46782, CVE-2024-43889, CVE-2024-46763, CVE-2024-41015,     CVE-2024-43858, CVE-2024-41012, CVE-2024-44960, CVE-2024-46747, CVE-2024-42311, CVE-2024-47660,     CVE-2024-42267, CVE-2024-44998, CVE-2024-43839, CVE-2024-43914, CVE-2024-46783, CVE-2024-47659,     CVE-2024-46725, CVE-2024-46840, CVE-2024-43873, CVE-2024-46737, CVE-2024-44946, CVE-2024-43841,     CVE-2024-26669, CVE-2024-42306, CVE-2024-26661, CVE-2024-42259, CVE-2024-41011, CVE-2024-46822,     CVE-2024-42287, CVE-2024-46746, CVE-2024-43860, CVE-2024-42246, CVE-2024-46800, CVE-2024-45007,     CVE-2024-42296, CVE-2024-47669, CVE-2024-44983, CVE-2024-43880, CVE-2024-42284, CVE-2022-48666,     CVE-2024-44990, CVE-2024-43894, CVE-2024-44989, CVE-2023-52918, CVE-2024-42295, CVE-2024-43869,     CVE-2024-42277, CVE-2024-46818, CVE-2024-42270, CVE-2024-45025, CVE-2024-42301, CVE-2024-43883,     CVE-2024-46714, CVE-2024-46815, CVE-2024-41073, CVE-2024-43905, CVE-2024-43882, CVE-2024-46719,     CVE-2024-42286, CVE-2024-44952, CVE-2024-42297, CVE-2024-41022, CVE-2024-46743, CVE-2024-43829,     CVE-2024-43909, CVE-2024-42265, CVE-2024-44944, CVE-2024-46807, CVE-2024-46739, CVE-2024-43867,     CVE-2024-44958, CVE-2024-44969, CVE-2024-42271, CVE-2024-46745, CVE-2024-42299, CVE-2024-45006,     CVE-2024-43908, CVE-2024-44966, CVE-2024-41065, CVE-2024-46777, CVE-2024-42309, CVE-2024-38602,     CVE-2024-44947, CVE-2024-43884, CVE-2024-43902, CVE-2024-47667, CVE-2024-46750, CVE-2024-41070,     CVE-2024-26893, CVE-2024-41017, CVE-2024-46810, CVE-2024-46828, CVE-2024-43893, CVE-2024-41077,     CVE-2024-46756, CVE-2024-46740, CVE-2024-42269, CVE-2024-43890, CVE-2024-45008, CVE-2024-46795,     CVE-2024-43854, CVE-2024-46713, CVE-2024-47663, CVE-2024-46702, CVE-2024-46781, CVE-2024-46722,     CVE-2024-42114, CVE-2024-44948, CVE-2024-44988, CVE-2024-42302, CVE-2024-41019, CVE-2024-46731,     CVE-2024-46819, CVE-2024-44995, CVE-2024-41059, CVE-2024-43856, CVE-2024-44954, CVE-2024-43863,     CVE-2024-38577, CVE-2024-43870, CVE-2024-41068, CVE-2024-41071, CVE-2024-38611, CVE-2024-46761,     CVE-2024-42304, CVE-2024-42310, CVE-2024-46707, CVE-2024-42290, CVE-2024-42276, CVE-2024-44935,     CVE-2024-46721, CVE-2024-46817, CVE-2024-46791, CVE-2024-44934, CVE-2024-45028, CVE-2024-46757,     CVE-2024-43879, CVE-2024-43907, CVE-2024-43846, CVE-2024-42280, CVE-2024-44999, CVE-2024-43861,     CVE-2024-42126, CVE-2024-26607, CVE-2024-46752, CVE-2024-42305, CVE-2024-43835, CVE-2024-41042,     CVE-2024-46675, CVE-2024-46804, CVE-2024-41091, CVE-2024-41060, CVE-2024-46744, CVE-2024-47665,     CVE-2024-39472, CVE-2024-46829, CVE-2024-42285, CVE-2024-42281, CVE-2024-43830, CVE-2024-42274,     CVE-2024-46679, CVE-2024-44985, CVE-2024-46805, CVE-2024-42312, CVE-2024-42283, CVE-2024-45003,     CVE-2024-44971, CVE-2024-42313, CVE-2024-46685, CVE-2024-46738, CVE-2024-44986, CVE-2024-43834,     CVE-2024-46732, CVE-2024-43875, CVE-2024-42318, CVE-2024-41064, CVE-2024-44974, CVE-2024-43892,     CVE-2024-41078)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7100-1 advisory.

    Supraja Sridhara, Benedict Schlter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the     Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit     emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service     (guest crash) or possibly execute arbitrary code. (CVE-2024-25744)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - MIPS architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - Null block device driver;

    - Character device driver;

    - ARM SCMI message protocol;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - I3C subsystem;

    - InfiniBand drivers;

    - Input Device core drivers;

    - Input Device (Miscellaneous) drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - Thunderbolt and USB4 drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Host Controller drivers;

    - USB Type-C Connector System Software Interface driver;

    - USB over IP driver;

    - VHOST drivers;

    - File systems infrastructure;

    - BTRFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - NTFS3 file system;

    - Proc file system;

    - SMB network file system;

    - Core kernel;

    - DMA mapping infrastructure;

    - RCU subsystem;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - Ethernet bridge;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Multipath TCP;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Landlock security;

    - Simplified Mandatory Access Control Kernel framework;

    - FireWire sound drivers;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2024-43817, CVE-2024-42304, CVE-2024-46756, CVE-2024-42318, CVE-2024-41090,     CVE-2024-41063, CVE-2024-44987, CVE-2024-46844, CVE-2024-46677, CVE-2024-44988, CVE-2024-42297,     CVE-2024-26893, CVE-2024-46673, CVE-2024-26800, CVE-2024-42305, CVE-2024-46731, CVE-2024-41091,     CVE-2024-46810, CVE-2024-41072, CVE-2022-48666, CVE-2024-38602, CVE-2024-46780, CVE-2024-46750,     CVE-2024-43858, CVE-2024-41020, CVE-2024-46755, CVE-2024-46829, CVE-2024-41068, CVE-2024-45003,     CVE-2024-42280, CVE-2024-42283, CVE-2024-43873, CVE-2024-46746, CVE-2024-44969, CVE-2024-46807,     CVE-2024-41081, CVE-2024-44971, CVE-2024-26607, CVE-2024-43880, CVE-2024-42281, CVE-2024-42274,     CVE-2024-43908, CVE-2024-42267, CVE-2024-47665, CVE-2024-45011, CVE-2024-46707, CVE-2024-42310,     CVE-2024-42309, CVE-2024-44965, CVE-2024-46747, CVE-2024-42259, CVE-2024-46804, CVE-2024-46679,     CVE-2024-45007, CVE-2024-45009, CVE-2024-46771, CVE-2024-46739, CVE-2024-41060, CVE-2024-46676,     CVE-2024-46822, CVE-2024-42272, CVE-2024-41059, CVE-2024-43839, CVE-2024-46817, CVE-2024-47669,     CVE-2024-44999, CVE-2024-42285, CVE-2024-44986, CVE-2024-43828, CVE-2024-43879, CVE-2024-44998,     CVE-2024-46724, CVE-2024-41015, CVE-2024-45025, CVE-2024-43849, CVE-2024-46818, CVE-2024-43830,     CVE-2024-46725, CVE-2024-43834, CVE-2024-42302, CVE-2024-36484, CVE-2024-43853, CVE-2024-46782,     CVE-2024-46740, CVE-2024-46732, CVE-2024-43869, CVE-2024-42312, CVE-2024-42292, CVE-2024-43884,     CVE-2024-44934, CVE-2024-44995, CVE-2024-43894, CVE-2024-46675, CVE-2024-43870, CVE-2024-44990,     CVE-2024-42287, CVE-2024-41065, CVE-2024-42301, CVE-2024-42290, CVE-2024-46702, CVE-2024-46719,     CVE-2024-46745, CVE-2024-46758, CVE-2024-46757, CVE-2024-44935, CVE-2024-42276, CVE-2024-43890,     CVE-2023-52918, CVE-2024-41077, CVE-2024-43905, CVE-2024-38611, CVE-2024-42269, CVE-2024-42284,     CVE-2024-41073, CVE-2024-46722, CVE-2024-41017, CVE-2024-47667, CVE-2024-45021, CVE-2024-43867,     CVE-2024-41098, CVE-2024-43909, CVE-2024-46723, CVE-2024-45026, CVE-2024-42114, CVE-2024-44944,     CVE-2024-43835, CVE-2024-44982, CVE-2024-43907, CVE-2024-46828, CVE-2024-43856, CVE-2024-46832,     CVE-2024-44954, CVE-2024-43846, CVE-2024-41070, CVE-2024-43892, CVE-2024-44985, CVE-2024-42306,     CVE-2024-43889, CVE-2024-44958, CVE-2024-46798, CVE-2024-44989, CVE-2024-42313, CVE-2024-46737,     CVE-2024-42289, CVE-2024-43829, CVE-2024-46744, CVE-2023-52889, CVE-2024-46689, CVE-2024-47663,     CVE-2024-46791, CVE-2024-43863, CVE-2024-43893, CVE-2024-43841, CVE-2024-46777, CVE-2024-46800,     CVE-2024-45028, CVE-2024-44952, CVE-2024-43883, CVE-2024-44946, CVE-2024-43882, CVE-2024-44960,     CVE-2024-38577, CVE-2024-46814, CVE-2024-42288, CVE-2024-44947, CVE-2024-41071, CVE-2024-41042,     CVE-2024-41064, CVE-2024-42311, CVE-2024-42270, CVE-2024-43861, CVE-2024-46752, CVE-2024-42296,     CVE-2024-41022, CVE-2024-42246, CVE-2024-43871, CVE-2024-42265, CVE-2024-43854, CVE-2024-41019,     CVE-2024-46815, CVE-2024-46743, CVE-2024-42126, CVE-2024-26661, CVE-2024-41012, CVE-2024-46761,     CVE-2024-45008, CVE-2024-46805, CVE-2024-45006, CVE-2024-42295, CVE-2024-46783, CVE-2024-42286,     CVE-2024-46714, CVE-2024-42299, CVE-2024-46781, CVE-2024-43914, CVE-2024-44966, CVE-2024-44974,     CVE-2024-45018, CVE-2024-46840, CVE-2024-46819, CVE-2024-40915, CVE-2024-46759, CVE-2024-43860,     CVE-2024-47668, CVE-2024-39472, CVE-2024-47660, CVE-2024-47659, CVE-2024-46795, CVE-2024-43875,     CVE-2024-46738, CVE-2024-42271, CVE-2024-26669, CVE-2024-44983, CVE-2024-41078, CVE-2024-46685,     CVE-2024-46713, CVE-2024-46721, CVE-2024-46763, CVE-2024-41011, CVE-2024-43902, CVE-2024-42277,     CVE-2024-44948)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8856 advisory.

    * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)

    * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

    * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

    * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

    * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)

    * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

    * kernel: nouveau: lock the client object tree. (CVE-2024-27062)

    * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

    * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

    * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)

    * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

    * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

    * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

    * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

    * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type     (CVE-2024-39503)

    * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

    * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)

    * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

    * kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.
    (CVE-2024-40984)

    * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

    * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

    * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

    * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

    * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

    * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

    * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

    * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

    * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

    * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

    * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

    * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

    * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

    * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)

    * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

    * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)

    * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

    * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)

    * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

    * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

    * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

    * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

    * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8870 advisory.

    * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)

    * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

    * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

    * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

    * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)

    * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

    * kernel: nouveau: lock the client object tree. (CVE-2024-27062)

    * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

    * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

    * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)

    * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

    * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

    * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

    * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

    * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type     (CVE-2024-39503)

    * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

    * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)

    * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

    * kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.
    (CVE-2024-40984)

    * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

    * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

    * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

    * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

    * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

    * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

    * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

    * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

    * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

    * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

    * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

    * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

    * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

    * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)

    * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

    * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)

    * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

    * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)

    * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

    * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

    * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

    * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

    * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8870 advisory.

    * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)
      * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)
      * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
      * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
      * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
      * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)
      * kernel: nouveau: lock the client object tree. (CVE-2024-27062)
      * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
      * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
      * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)
      * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
      * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
      * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
      * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
      * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type     (CVE-2024-39503)
      * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
      * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
      * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
      * kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.
    (CVE-2024-40984)
      * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
      * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
      * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
      * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
      * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)
      * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
      * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers     (CVE-2024-42070)
      * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
      * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
      * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
      * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
      * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
      * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
      * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
      * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)
      * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
      * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
      * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
      * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
      * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)
      * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
      * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
      * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8856 advisory.

    * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)
      * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)
      * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
      * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
      * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
      * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)
      * kernel: nouveau: lock the client object tree. (CVE-2024-27062)
      * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
      * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
      * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)
      * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
      * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
      * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
      * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
      * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type     (CVE-2024-39503)
      * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
      * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
      * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
      * kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.
    (CVE-2024-40984)
      * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
      * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
      * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
      * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
      * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)
      * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
      * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers     (CVE-2024-42070)
      * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
      * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
      * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
      * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
      * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
      * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
      * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
      * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)
      * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
      * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
      * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
      * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
      * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)
      * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
      * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
      * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8856 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)

    * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

    * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

    * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

    * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)

    * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

    * kernel: nouveau: lock the client object tree. (CVE-2024-27062)

    * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

    * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

    * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)

    * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

    * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

    * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

    * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

    * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type     (CVE-2024-39503)

    * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

    * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)

    * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

    * kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.
    (CVE-2024-40984)

    * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

    * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

    * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

    * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

    * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

    * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

    * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

    * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

    * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

    * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

    * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

    * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

    * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

    * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)

    * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

    * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)

    * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

    * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)

    * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

    * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

    * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

    * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

    * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8856 advisory.

    - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Waiman Long) [RHEL-62139]     {CVE-2024-47668}
    - bonding: fix xfrm real_dev null pointer dereference (Hangbin Liu) [RHEL-57239] {CVE-2024-44989}
    - bonding: fix null pointer deref in bond_ipsec_offload_ok (Hangbin Liu) [RHEL-57233] {CVE-2024-44990}
    - bpf: Fix overrunning reservations in ringbuf (Viktor Malik) [RHEL-49414] {CVE-2024-41009}
    - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CKI Backport Bot) [RHEL-49309]     {CVE-2022-48773}
    - ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-60669] {CVE-2024-46826}
    - nouveau: lock the client object tree. (Abdiel Janulgue) [RHEL-35118] {CVE-2024-27062}
    - dmaengine: fix NULL pointer in channel unregistration function (Jerry Snitselaar) [RHEL-28867]     {CVE-2023-52492}
    - dma-direct: Leak pages on dma_set_decrypted() failure (Jerry Snitselaar) [RHEL-37335] {CVE-2024-35939}
    - drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttila) [RHEL-53633]     {CVE-2024-41092}
    - kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292}
    - gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079}
    - of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541}
    - padata: Fix possible divide-by-0 panic in padata_mt_helper() (Steve Best) [RHEL-56162] {CVE-2024-43889}
    - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Xin Long) [RHEL-56234] {CVE-2024-44935}
    - net/mlx5e: Fix netif state handling (Michal Schmidt) [RHEL-43864] {CVE-2024-38608}
    - net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Michal Schmidt) [RHEL-43864]     {CVE-2024-38608}
    - r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44031]     {CVE-2024-38586}
    - netfilter: flowtable: initialise extack before use (Florian Westphal) [RHEL-58542] {CVE-2024-45018}
    - memcg: protect concurrent access to mem_cgroup_idr (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
    - memcontrol: ensure memcg acquired by id is properly set up (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
    - mm: memcontrol: fix cannot alloc the maximum memcg ID (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
    - mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
    - netfilter: nft_set_pipapo: do not free live element (Phil Sutter) [RHEL-34221] {CVE-2024-26924}
    - netfilter: nf_tables: missing iterator type in lookup walk (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
    - netfilter: nft_set_pipapo: walk over current view on netlink dump (Phil Sutter) [RHEL-35033]     {CVE-2024-27017}
    - netfilter: nftables: add helper function to flush set elements (Phil Sutter) [RHEL-35033]     {CVE-2024-27017}
    - netfilter: nf_tables: prefer nft_chain_validate (Phil Sutter) [RHEL-51040] {CVE-2024-41042}
    - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Phil Sutter)     [RHEL-51516] {CVE-2024-42070}
    - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Phil Sutter) [RHEL-43003]     {CVE-2024-35898}
    - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
    - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Phil Sutter)     [RHEL-47606] {CVE-2024-39503}
    - netfilter: ipset: Add list flush to cancel_gc (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
    - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Phil Sutter) [RHEL-42680]     {CVE-2024-26851}
    - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038     RHEL-37039] {CVE-2024-35839}
    - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039]     {CVE-2024-35839}
    - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038     RHEL-37039] {CVE-2024-35839}
    - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039]     {CVE-2024-35839}
    - dev/parport: fix the array out-of-bounds risk (Steve Best) [RHEL-54985] {CVE-2024-42301}
    - KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) [RHEL-35100]     {CVE-2024-26976}
    - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44279]     {CVE-2024-38540}
    - tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55069] {CVE-2024-42284}
    - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CKI Backport Bot) [RHEL-26831] {CVE-2024-24857}
    - drm/i915/dpt: Make DPT object unshrinkable (CKI Backport Bot) [RHEL-47856] {CVE-2024-40924}
    - tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48363] {CVE-2024-40983}
    - block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54763]     {CVE-2024-43854}
    - gso: do not skip outer ip header in case of ipip and net_failover (CKI Backport Bot) [RHEL-55790]     {CVE-2022-48936}
    - drm/amdgpu: avoid using null object of framebuffer (CKI Backport Bot) [RHEL-51405] {CVE-2024-41093}
    - ipv6: prevent possible NULL deref in fib6_nh_init() (Guillaume Nault) [RHEL-48170] {CVE-2024-40961}
    - mlxsw: spectrum_acl_erp: Fix object nesting warning (CKI Backport Bot) [RHEL-55568] {CVE-2024-43880}
    - ibmvnic: Add tx check to prevent skb leak (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
    - ibmvnic: rename local variable index to bufidx (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
    - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038     RHEL-37039] {CVE-2024-35839}
    - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039]     {CVE-2024-35839}
    - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038     RHEL-37039] {CVE-2024-35839}
    - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039]     {CVE-2024-35839}
    - USB: serial: mos7840: fix crash on resume (CKI Backport Bot) [RHEL-53680] {CVE-2024-42244}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8870 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)

    * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

    * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

    * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

    * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)

    * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

    * kernel: nouveau: lock the client object tree. (CVE-2024-27062)

    * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

    * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

    * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)

    * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

    * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

    * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

    * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

    * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type     (CVE-2024-39503)

    * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

    * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)

    * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

    * kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.
    (CVE-2024-40984)

    * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

    * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

    * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

    * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

    * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

    * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

    * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

    * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

    * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

    * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

    * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

    * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

    * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

    * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)

    * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

    * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)

    * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

    * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)

    * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

    * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

    * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

    * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

    * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44989 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null     pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might     call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG:
    unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface     the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x0002) -     not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm:
    ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40     04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1):
    bond_ipsec_add_sa_all: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48     8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00     00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one     kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all:
    failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel:
    RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08:
    0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12:
    0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS:
    00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000     CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel:
    bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ?
    __die+0x1f/0x60 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ?     page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ?     kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one     kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ?     nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add     SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface     the new active one kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding] kernel: xfrm_output+0x61/0x3b0     kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel:
    ip_push_pending_frames+0x56/0x80 (CVE-2024-44989)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3587-1 advisory.

    The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done  (bsc#1229607).
    - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance.  (bsc#1229633).
    - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
    - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
    - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
    - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
    - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
    - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
    - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations  (bsc#1230339).
    - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
    - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of     the list of MDB events to replay (bsc#1222973).
    - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
    - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
    - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
    - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
    - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
    - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command  (bsc#1228620 CVE-2024-41082).
    - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
    - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
    - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
    - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
    - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
    - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
    - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
    - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
    - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
    - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
    - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
    - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
    - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
    - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
    - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
    - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race  (bsc#1230178).
    - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
    - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
    - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
    - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
    - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
    - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
    - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
    - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
    - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
    - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
    - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
    - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
    - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
    - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
    - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
    - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
    - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe  error path (bsc#1230507).
    - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
    - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
    - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
    - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
    - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
    - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
    - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
    - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3  (bsc#1230582).
    - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access  (bsc#1230700).
    - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
    - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
    - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
    - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
    - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
    - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
    - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
    - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
    - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
    - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
    - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
    - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
    - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS  (bsc#1231116).
    - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
    - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
    - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3592-1 advisory.

    The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done  (bsc#1229607).
    - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance.  (bsc#1229633).
    - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
    - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
    - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
    - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
    - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
    - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
    - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations  (bsc#1230339).
    - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
    - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of     the list of MDB events to replay (bsc#1222973).
    - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
    - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
    - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
    - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
    - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
    - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command  (bsc#1228620 CVE-2024-41082).
    - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
    - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
    - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
    - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
    - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
    - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
    - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
    - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
    - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
    - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
    - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
    - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
    - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
    - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
    - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
    - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race  (bsc#1230178).
    - CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).
    - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
    - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
    - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
    - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
    - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
    - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
    - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
    - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
    - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
    - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
    - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
    - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
    - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
    - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
    - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
    - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
    - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe  error path (bsc#1230507).
    - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
    - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
    - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
    - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
    - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
    - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
    - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3  (bsc#1230582).
    - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access  (bsc#1230700).
    - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
    - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
    - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
    - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
    - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
    - CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
    - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
    - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
    - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
    - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
    - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
    - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS  (bsc#1231116).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3569-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done  (bsc#1229607).
    - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance.  (bsc#1229633).
    - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
    - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
    - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
    - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
    - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
    - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
    - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations  (bsc#1230339).
    - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
    - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of     the list of MDB events to replay (bsc#1222973).
    - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
    - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
    - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
    - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
    - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
    - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command  (bsc#1228620 CVE-2024-41082).
    - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
    - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
    - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
    - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
    - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
    - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
    - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
    - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
    - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
    - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
    - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
    - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
    - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
    - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
    - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
    - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race  (bsc#1230178).
    - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
    - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
    - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
    - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
    - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
    - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
    - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
    - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
    - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
    - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
    - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
    - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
    - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
    - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
    - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
    - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
    - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe  error path (bsc#1230507).
    - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
    - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
    - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
    - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
    - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
    - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
    - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3  (bsc#1230582).
    - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access  (bsc#1230700).
    - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
    - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
    - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
    - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
    - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
    - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
    - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
    - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
    - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
    - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
    - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS  (bsc#1231116).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3561-1 advisory.

    The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
    - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
    - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
    - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
    - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
    - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
    - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
    - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
    - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
    - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
    - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001).
    - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004).
    - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
    - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371).
    - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
    - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
    - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
    - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
    - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380).
    - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389).
    - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
    - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
    - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
    - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
    - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
    - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
    - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
    - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181).
    - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
    - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
    - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240).
    - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206).
    - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
    - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
    - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
    - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
    - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195).
    - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
    - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
    - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169).
    - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
    - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
    - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430).
    - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
    - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order     0 (bsc#1230435).
    - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455).
    - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
    - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457).
    - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
    - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
    - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
    - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
    - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()     (bsc#1230518).
    - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526).
    - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520).
    - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521).
    - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540).
    - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
    - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704).
    - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727).
    - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
    - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
    - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
    - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
    - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
    - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3564-1 advisory.

    The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
    - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
    - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
    - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
    - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
    - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
    - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
    - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
    - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
    - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
    - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001).
    - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004).
    - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
    - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371).
    - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
    - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
    - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
    - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
    - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380).
    - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389).
    - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
    - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
    - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
    - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
    - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
    - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
    - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
    - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181).
    - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
    - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
    - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240).
    - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206).
    - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
    - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
    - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
    - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
    - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195).
    - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
    - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
    - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169).
    - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
    - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
    - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430).
    - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
    - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order     0 (bsc#1230435).
    - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455).
    - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
    - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457).
    - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
    - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
    - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
    - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
    - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()     (bsc#1230518).
    - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526).
    - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520).
    - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521).
    - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540).
    - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
    - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704).
    - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727).
    - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
    - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
    - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
    - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
    - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
    - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3553-1 advisory.

    The SUSE Linux Enterprise 15 SP6 CoCo kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
    - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
    - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
    - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
    - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
    - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
    - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
    - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
    - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004).
    - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380).
    - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
    - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
    - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
    - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
    - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
    - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240).
    - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
    - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
    - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
    - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
    - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195).
    - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
    - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169).
    - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
    - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430).
    - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
    - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order     0 (bsc#1230435).
    - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455).
    - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
    - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457).
    - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
    - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
    - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
    - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
    - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()     (bsc#1230518).
    - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526).
    - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520).
    - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521).
    - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540).
    - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
    - CVE-2024-46727: Fixed NULL pointer dereference in resource_log_pipe_topology_update (bsc#1230707).
    - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704).
    - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727).
    - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
    - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
    - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
    - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
    - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
    - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3551-1 advisory.

    The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
    - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
    - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
    - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
    - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
    - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
    - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
    - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
    - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
    - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
    - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
    - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001).
    - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004).
    - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
    - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371).
    - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
    - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
    - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
    - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
    - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380).
    - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389).
    - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
    - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
    - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
    - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
    - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
    - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
    - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
    - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181).
    - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
    - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
    - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240).
    - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206).
    - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
    - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
    - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
    - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
    - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195).
    - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
    - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
    - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169).
    - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
    - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
    - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430).
    - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
    - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order     0 (bsc#1230435).
    - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455).
    - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
    - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457).
    - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
    - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
    - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
    - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
    - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()     (bsc#1230518).
    - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526).
    - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520).
    - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521).
    - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540).
    - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
    - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704).
    - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727).
    - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
    - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
    - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
    - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
    - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
    - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3912 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3912-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     October 07, 2024                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux     Version        : 5.10.226-1     CVE ID         : CVE-2021-3669 CVE-2022-48733 CVE-2023-31083 CVE-2023-52889                      CVE-2024-27397 CVE-2024-38577 CVE-2024-41011 CVE-2024-41042                      CVE-2024-41098 CVE-2024-42114 CVE-2024-42228 CVE-2024-42246                      CVE-2024-42259 CVE-2024-42265 CVE-2024-42272 CVE-2024-42276                      CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284                      CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288                      CVE-2024-42289 CVE-2024-42290 CVE-2024-42292 CVE-2024-42295                      CVE-2024-42297 CVE-2024-42301 CVE-2024-42302 CVE-2024-42304                      CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309                      CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313                      CVE-2024-43828 CVE-2024-43829 CVE-2024-43830 CVE-2024-43834                      CVE-2024-43835 CVE-2024-43839 CVE-2024-43841 CVE-2024-43846                      CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856                      CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43867                      CVE-2024-43871 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882                      CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43890                      CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43905                      CVE-2024-43907 CVE-2024-43908 CVE-2024-43914 CVE-2024-44935                      CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948                      CVE-2024-44952 CVE-2024-44954 CVE-2024-44960 CVE-2024-44965                      CVE-2024-44968 CVE-2024-44971 CVE-2024-44974 CVE-2024-44987                      CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44995                      CVE-2024-44998 CVE-2024-44999 CVE-2024-45003 CVE-2024-45006                      CVE-2024-45008 CVE-2024-45016 CVE-2024-45018 CVE-2024-45021                      CVE-2024-45025 CVE-2024-45028 CVE-2024-46673 CVE-2024-46674                      CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679                      CVE-2024-46685 CVE-2024-46689 CVE-2024-46702 CVE-2024-46707                      CVE-2024-46713 CVE-2024-46714 CVE-2024-46719 CVE-2024-46721                      CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725                      CVE-2024-46731 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739                      CVE-2024-46740 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745                      CVE-2024-46747 CVE-2024-46750 CVE-2024-46755 CVE-2024-46756                      CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46763                      CVE-2024-46771 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781                      CVE-2024-46782 CVE-2024-46783 CVE-2024-46791 CVE-2024-46798                      CVE-2024-46800 CVE-2024-46804 CVE-2024-46814 CVE-2024-46815                      CVE-2024-46817 CVE-2024-46818 CVE-2024-46819 CVE-2024-46822                      CVE-2024-46828 CVE-2024-46829 CVE-2024-46840 CVE-2024-46844

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For Debian 11 bullseye, these problems have been fixed in version     5.10.226-1.  This additionally includes many more bug fixes from     stable updates 5.10.224-5.10.226 inclusive.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5782 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5782-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     October 03, 2024                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : linux     CVE ID         : CVE-2023-31083 CVE-2024-27017 CVE-2024-35937 CVE-2024-35943                      CVE-2024-35966 CVE-2024-40972 CVE-2024-41016 CVE-2024-41096                      CVE-2024-41098 CVE-2024-42228 CVE-2024-42314 CVE-2024-43835                      CVE-2024-43859 CVE-2024-43884 CVE-2024-43892 CVE-2024-44931                      CVE-2024-44938 CVE-2024-44939 CVE-2024-44940 CVE-2024-44946                      CVE-2024-44947 CVE-2024-44974 CVE-2024-44977 CVE-2024-44982                      CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987                      CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991                      CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000                      CVE-2024-45002 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007                      CVE-2024-45008 CVE-2024-45009 CVE-2024-45010 CVE-2024-45011                      CVE-2024-45016 CVE-2024-45018 CVE-2024-45019 CVE-2024-45021                      CVE-2024-45022 CVE-2024-45025 CVE-2024-45026 CVE-2024-45028                      CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675                      CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685                      CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702                      CVE-2024-46707 CVE-2024-46711 CVE-2024-46713 CVE-2024-46714                      CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719                      CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723                      CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46731                      CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737                      CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743                      CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747                      CVE-2024-46750 CVE-2024-46752 CVE-2024-46755 CVE-2024-46756                      CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761                      CVE-2024-46763 CVE-2024-46770 CVE-2024-46771 CVE-2024-46773                      CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782                      CVE-2024-46783 CVE-2024-46784 CVE-2024-46791 CVE-2024-46794                      CVE-2024-46795 CVE-2024-46798 CVE-2024-46800 CVE-2024-46802                      CVE-2024-46804 CVE-2024-46805 CVE-2024-46807 CVE-2024-46810                      CVE-2024-46812 CVE-2024-46814 CVE-2024-46815 CVE-2024-46817                      CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46822                      CVE-2024-46826 CVE-2024-46828 CVE-2024-46829 CVE-2024-46830                      CVE-2024-46832 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840                      CVE-2024-46844 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849                      CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855                      CVE-2024-46857 CVE-2024-46858 CVE-2024-46859 CVE-2024-46865

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For the stable distribution (bookworm), these problems have been fixed in     version 6.1.112-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-511.el9 build changelog.

  - In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting     max_usage Commit c73be61cede5 (pipe: Add general notification queue support) a regression was introduced     that would lock up resized pipes under certain conditions. See the reproducer in [1]. The commit resizing     the pipe ring size was moved to a different function, doing that moved the wakeup for pipe->wr_wait before     actually raising pipe->max_usage. If a pipe was full before the resize occured it would result in the     wakeup never actually triggering pipe_write. Set @max_usage and @nr_accounted before waking writers if     this isn't a watch queue. [Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]     (CVE-2023-52672)

  - In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix     pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in     pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site     pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem     occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an     i.MX8MP based system. * Normal case 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0 0-0022:
    write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI|08 {ff,00,00,00,00}     Output P3 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 * Race case 0-0022: write register AI|08     {ff,00,00,00,00} Output P3 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register *** 0-0022:
    write register AI|12 {fc,00,00,00,00} Config P3 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt     mask P0 (CVE-2024-42253)

  - In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null     pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might     call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG:
    unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface     the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x0002) -     not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm:
    ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40     04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1):
    bond_ipsec_add_sa_all: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48     8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00     00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one     kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all:
    failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel:
    RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08:
    0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12:
    0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS:
    00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000     CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel:
    bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ?
    __die+0x1f/0x60 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ?     page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ?     kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one     kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ?     nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add     SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface     the new active one kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding] kernel: xfrm_output+0x61/0x3b0     kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel:
    ip_push_pending_frames+0x56/0x80 (CVE-2024-44989)

  - In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in     bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.
    (CVE-2024-44990)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the linux package has been released.

ID	Name	Product	Family	Severity
211654	Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-7123-1)	Nessus	Ubuntu Local Security Checks	high
210893	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12815)	Nessus	Oracle Linux Local Security Checks	high
210775	Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7100-2)	Nessus	Ubuntu Local Security Checks	high
210741	Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7100-1)	Nessus	Ubuntu Local Security Checks	high
210615	RockyLinux 8 : kernel (RLSA-2024:8856)	Nessus	Rocky Linux Local Security Checks	high
210611	RockyLinux 8 : kernel-rt (RLSA-2024:8870)	Nessus	Rocky Linux Local Security Checks	high
210445	AlmaLinux 8 : kernel-rt (ALSA-2024:8870)	Nessus	Alma Linux Local Security Checks	high
210440	AlmaLinux 8 : kernel (ALSA-2024:8856)	Nessus	Alma Linux Local Security Checks	high
210415	RHEL 8 : kernel (RHSA-2024:8856)	Nessus	Red Hat Local Security Checks	high
210399	Oracle Linux 8 : kernel (ELSA-2024-8856)	Nessus	Oracle Linux Local Security Checks	high
210359	RHEL 8 : kernel-rt (RHSA-2024:8870)	Nessus	Red Hat Local Security Checks	high
208901	CBL Mariner 2.0 Security Update: kernel (CVE-2024-44989)	Nessus	MarinerOS Local Security Checks	medium
208720	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3587-1)	Nessus	SuSE Local Security Checks	high
208715	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3592-1)	Nessus	SuSE Local Security Checks	high
208671	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2024:3569-1)	Nessus	SuSE Local Security Checks	high
208668	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3561-1)	Nessus	SuSE Local Security Checks	high
208667	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3564-1)	Nessus	SuSE Local Security Checks	high
208425	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:3553-1)	Nessus	SuSE Local Security Checks	high
208423	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3551-1)	Nessus	SuSE Local Security Checks	high
208245	Debian dla-3912 : ata-modules-5.10.0-29-armmp-di - security update	Nessus	Debian Local Security Checks	high
208099	Debian dsa-5782 : affs-modules-6.1.0-21-4kc-malta-di - security update	Nessus	Debian Local Security Checks	high
207605	CentOS 9 : kernel-5.14.0-511.el9	Nessus	CentOS Local Security Checks	medium
207269	Photon OS 4.0: Linux PHSA-2024-4.0-0693	Nessus	PhotonOS Local Security Checks	high
207221	Photon OS 5.0: Linux PHSA-2024-5.0-0374	Nessus	PhotonOS Local Security Checks	high

Detections

Analytics

CVE-2024-44989

medium

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

medium

high

high

high

high

high

high

high

high

high

medium

high

high