In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP ...... [130747.334329] Call trace: [130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x64/0xe8 [ext4] [130747.335368] ext4_find_extent+0x300/0x330 [ext4] [130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4] [130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4] [130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4] [130747.336995] ext4_readpage+0x54/0x100 [ext4] [130747.337359] generic_file_buffered_read+0x410/0xae8 [130747.337767] generic_file_read_iter+0x114/0x190 [130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4] [130747.338556] __vfs_read+0x11c/0x188 [130747.338851] vfs_read+0x94/0x150 [130747.339110] ksys_read+0x74/0xf0 This patch's modification is according to Jan Kara's suggestion in: https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/ "I see. Now I understand your patch. Honestly, seeing how fragile is trying to fix extent tree after split has failed in the middle, I would probably go even further and make sure we fix the tree properly in case of ENOSPC and EDQUOT (those are easily user triggerable). Anything else indicates a HW problem or fs corruption so I'd rather leave the extent tree as is and don't try to fix it (which also means we will not create overlapping extents)."

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run     fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762!     [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP ...... [130747.334329] Call trace: [130747.334553]     ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x64/0xe8 [ext4]     [130747.335368] ext4_find_extent+0x300/0x330 [ext4] [130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4]     [130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4] [130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4]     [130747.336995] ext4_readpage+0x54/0x100 [ext4] [130747.337359] generic_file_buffered_read+0x410/0xae8     [130747.337767] generic_file_read_iter+0x114/0x190 [130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4]     [130747.338556] __vfs_read+0x11c/0x188 [130747.338851] vfs_read+0x94/0x150 [130747.339110]     ksys_read+0x74/0xf0 This patch's modification is according to Jan Kara's suggestion in:
    https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/ I see.
    Now I understand your patch. Honestly, seeing how fragile is trying to fix extent tree after split has     failed in the middle, I would probably go even further and make sure we fix the tree properly in case of     ENOSPC and EDQUOT (those are easily user triggerable). Anything else indicates a HW problem or fs     corruption so I'd rather leave the extent tree as is and don't try to fix it (which also means we will not     create overlapping extents). (CVE-2021-47117)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel (bsc#1220394).
    - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak     upon a kmalloc failure (bsc#1184509).
    - CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
    - CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration (bsc#1220416).
    - CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression (bsc#1220418).
    - CVE-2021-46909: Fixed PCI interrupt mapping in ARM footbridge (bsc#1220442).
    - CVE-2021-46938: Fixed double free of blk_mq_tag_set in dev remove after table load fails (bsc#1220554).
    - CVE-2021-46939: Fixed possible hung in trace_clock_global() (bsc#1220580).
    - CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 (bsc#1220628).
    - CVE-2021-46950: Fixed possible data corruption in md/raid1 when ending a failed write request     (bsc#1220662).
    - CVE-2021-46958: Fixed race between transaction aborts and fsyncs that could lead to use-after-free in     btrfs (bsc#1220521).
    - CVE-2021-46960: Fixed wrong error code from smb2_get_enc_key() (bsc#1220528).
    - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand()  (bsc#1220536).
    - CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx (bsc#1220538).
    - CVE-2021-46966: Fixed potential use-after-free issue in cm_write() (bsc#1220572).
    - CVE-2021-46981: Fixed NULL pointer in flush_workqueue (bsc#1220611).
    - CVE-2021-46988: Fixed possible crash in userfaultfd due to unreleased page (bsc#1220706).
    - CVE-2021-46990: Fixed crashes when toggling entry flush barrier in powerpc/64s (bsc#1220743).
    - CVE-2021-46998: Fixed a use after free bug in enic_hard_start_xmit() (bsc#1220625).
    - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
    - CVE-2021-47015: Fixed RX consumer index logic in the error path in bnxt_en (bsc#1220794).
    - CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket (bsc#1220637).
    - CVE-2021-47034: Fixed resolved pte update for kernel memory on radix in powerpc/64s (bsc#1220687).
    - CVE-2021-47045: Fixed null pointer dereference in lpfc_prep_els_iocb() (bsc#1220640).
    - CVE-2021-47049: Fixed Use after free in __vmbus_open() (bsc#1220692).
    - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
    - CVE-2021-47056: Fixed uninitialized lock in adf_vf2pf_shutdown() (bsc#1220769).
    - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed     (bsc#1220742).
    - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing     SRCU (bsc#1220745).
    - CVE-2021-47063: Fixed possible use-after-free in panel_bridge_detach() (bsc#1220777).
    - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
    - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
    - CVE-2021-47071: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220846).
    - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
    - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
    - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
    - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
    - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221532).
    - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221541).
    - CVE-2021-47114: Fixed data corruption by fallocate in ocfs2 (bsc#1221548).
    - CVE-2021-47117: Fixed bug on in ext4_es_cache_extent() as ext4_split_extent_at() failed (bsc#1221575).
    - CVE-2021-47118: Fixed possible use-after-free when initializing `cad_pid` (bsc#1221605).
    - CVE-2021-47119: Fixed memory leak in ext4_fill_super() (bsc#1221608).
    - CVE-2021-47138: Fixed possible out-of-bound memory access in cxgb4 when clearing filters (bsc#1221934).
    - CVE-2021-47141: Fixed possible NULL pointer dereference when freeing irqs (bsc#1221949).
    - CVE-2021-47142: Fixed a use-after-free in drm/amdgpu (bsc#1221952).
    - CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add() (bsc#1221988).
    - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
    - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
    - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
    - CVE-2021-47166: Fixed possible corruptionb in nfs_do_recoalesce() (bsc#1221998).
    - CVE-2021-47167: Fixed an Oopsable condition in __nfs_pageio_add_request() (bsc#1221991).
    - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() (bsc#1222002).
    - CVE-2021-47169: Fixed possible NULL pointer dereference in serial/rp2 (bsc#1222000).
    - CVE-2021-47171: Fixed memory leak in smsc75xx_bind() (bsc#1221994).
    - CVE-2021-47173: Fixed memory leak in uss720_probe() (bsc#1221993).
    - CVE-2021-47177: Fixed sysfs leak in alloc_iommu() (bsc#1221997).
    - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (bsc#1222001).
    - CVE-2021-47180: Fixed memory leak in nci_allocate_device() (bsc#1221999).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
    - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in     drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
    - CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c (bsc#1218220).
    - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
    - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system     (bsc#1209657).
    - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
    - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
    - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
    - CVE-2023-52469: Fixed use-after-free in kv_parse_power_table() (bsc#1220411).
    - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#122041).
    - CVE-2023-52474: Fixed bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests in hfi1 (bsc#1220445).
    - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
    - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
    - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
    - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
    - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
    - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
    - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
    - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
    - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
    - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
    - CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
    - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
    - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie (bsc#1222300).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
    - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
    - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
    - CVE-2023-7042: Fixed a NULL pointer dereference vulnerability in     ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
    - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in     net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-22099: Fixed NULL Pointer Dereference vulnerability in /net/bluetooth/rfcomm/core.c     (bsc#1219170).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-24855: Fixed a null pointer dereference due to race condition in scsi device driver in     lpfc_unregister_fcf_rescan() function (bsc#1219618).
    - CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000     xc4000_get_frequency() function (bsc#1219623).
    - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
    - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
    - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
    - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp  (bsc#1222632).
    - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt     (bsc#1222720).
    - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma  (bsc#1222610)
    - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp  (bsc#1222428).
    - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink  (bsc#1222630).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe     function in spi spi-fsl-dspi (bsc#1221966).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624).
    - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
    - CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
    - CVE-2024-26993: Fixed a reference leak in sysfs_break_active_protection() (bsc#1223693)
    - CVE-2023-52650: Added missing check for of_find_device_by_node() (bsc#1223770)
    - CVE-2024-26948: Added a dc_state NULL check in dc_state_release (bsc#1223664)
    - CVE-2024-27013: Limited printing rate when illegal packet received by tun  dev (bsc#1223745).
    - CVE-2024-27014: Prevented deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27046: Handled acti_netdevs allocation failure (bsc#1223827).
    - CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append (bsc#1221977).
    - CVE-2024-27072: Removed useless locks in usbtv_video_free() (bsc#1223837).
    - CVE-2024-27075: Avoided stack overflow warnings with clang (bsc#1223842).
    - CVE-2024-27073: Fixed a memory leak in budget_av_attach() (bsc#1223843).
    - CVE-2024-27074: Fixed a memory leak in go7007_load_encoder() (bsc#1223844).
    - CVE-2024-27078: Fixed a memory leak in tpg_alloc() (bsc#1223781).
    - CVE-2023-52652: Fixed a possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2024-23848: Fixed a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c     and drivers/media/cec/core/cec-api.c (bsc#1219104).
    - CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x (bsc#1223049).
    - CVE-2024-26817: Used calloc instead of kzalloc to avoid integer overflow (bsc#1222812)
    - CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo() (bsc#1221972).
    - CVE-2023-52620: Disallowed timeout for anonymous sets in nf_tables (bsc#1221825).
    - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26878: Fixed potential NULL pointer dereference, related to dquots (bsc#1223060).
    - CVE-2024-26901: Used kzalloc() to fix information leak in do_sys_name_to_handle() (bsc#1223198).
    - CVE-2024-26671: Fixed an IO hang from sbitmap wakeup race in blk_mq_mark_tag_wait() (bsc#1222357).
    - CVE-2024-26772: Avoided allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
    - CVE-2023-52614: Fixed a buffer overflow in trans_stat_show() (bsc#1221617).
    - CVE-2024-26855: Fixed a potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26857: Made sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26675: Limited MRU to 64K in ppp_async_ioctl() (bsc#1222379).
    - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
    - CVE-2023-52488: Converted from _raw_ to _noinc_ regmap functions for FIFO in sc16is7xx (bsc#1221162).
    - CVE-2024-26922: Validated the parameters of bo mapping operations more clearly (bsc#1223315).
    - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
    - CVE-2023-52635: Synchronized devfreq_monitor_[start/stop] for devfreq (bsc#1222294).
    - CVE-2024-26883: Checked for integer overflow when using roundup_pow_of_two()  (bsc#1223035).
    - CVE-2024-26884: Fixed a bpf hashtab overflow check on 32-bit architectures (bsc#1223189).
    - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
    - CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 (bsc#1222961).
    - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
    - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
    - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
    - CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
    - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
    - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
    - CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory.

    The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel (bsc#1220394).
    - CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration (bsc#1220416).
    - CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression (bsc#1220418).
    - CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
    - CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq     (bsc#1220554).
    - CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
    - CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 (bsc#1220628).
    - CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
    - CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs     (bsc#1220521).
    - CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
    - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand()  (bsc#1220536).
    - CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx (bsc#1220538).
    - CVE-2021-46966: Fixed potential use-after-free issue in cm_write() (bsc#1220572).
    - CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
    - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
    - CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s     (bsc#1220743).
    - CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
    - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
    - CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en     (bsc#1220794).
    - CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket (bsc#1220637).
    - CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
    - CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
    - CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
    - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
    - CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
    - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed     (bsc#1220742).
    - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing     SRCU (bsc#1220745).
    - CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
    - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
    - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
    - CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic     (bsc#1220846).
    - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
    - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
    - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
    - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
    - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221532).
    - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221541).
    - CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
    - CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4     (bsc#1221575).
    - CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
    - CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
    - CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
    - CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve     (bsc#1221949).
    - CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
    - CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add() (bsc#1221988).
    - CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo() (bsc#1221972).
    - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
    - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
    - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe     function in spi spi-fsl-dspi (bsc#1221966).
    - CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append (bsc#1221977).
    - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
    - CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
    - CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
    - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
    - CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
    - CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
    - CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
    - CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
    - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4     (bsc#1222001).
    - CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).
    - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions in thermal (bsc#1222878)
    - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
    - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
    - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
    - CVE-2022-0487: Fixed use-after-free in moxart_remove in moxart-mmc (bsc#1194516).
    - CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c (bsc#1218220).
    - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
    - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system     (bsc#1209657).
    - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
    - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
    - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
    - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests     (bsc#1220445).
    - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
    - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
    - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
    - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO     (bsc#1221162).
    - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
    - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
    - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
    - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
    - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
    - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
    - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
    - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
    - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
    - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
    - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from     userspace (bsc#1221825).
    - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
    - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
    - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
    - CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 (bsc#1222961).
    - CVE-2023-52650: Added missing check for of_find_device_by_node() (bsc#1223770)
    - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
    - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
    - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
    - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()     (bsc#1218336).
    - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in     net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
    - CVE-2024-24855: Fixed a null pointer dereference due to race condition in scsi device driver in     lpfc_unregister_fcf_rescan() function (bsc#1219618).
    - CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000     xc4000_get_frequency() function (bsc#1219623).
    - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
    - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
    - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
    - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
    - CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
    - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp  (bsc#1222632).
    - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt     (bsc#1222720).
    - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma  (bsc#1222610)
    - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()     (bsc#1222613).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
    - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
    - CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
    - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp  (bsc#1222428).
    - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink  (bsc#1222630).
    - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them     (bsc#1222624).
    - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
    - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x (bsc#1223049).
    - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
    - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
    - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
    - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
    - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
    - CVE-2024-26922: Validated the parameters of bo mapping operations more clearly (bsc#1223315).
    - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
    - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
    - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
    - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
    - CVE-2024-27072: Removed useless locks in usbtv_video_free() (bsc#1223837).
    - CVE-2024-27073: Fixed a memory leak in budget_av_attach() (bsc#1223843).
    - CVE-2024-27074: Fixed a memory leak in go7007_load_encoder() (bsc#1223844).
    - CVE-2024-27075: Avoided stack overflow warnings with clang (bsc#1223842).
    - CVE-2024-27078: Fixed a memory leak in tpg_alloc() (bsc#1223781).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory.

    The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel (bsc#1220394).
    - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak     upon a kmalloc failure (bsc#1184509).
    - CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
    - CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration (bsc#1220416).
    - CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression (bsc#1220418).
    - CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
    - CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq     (bsc#1220554).
    - CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
    - CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 (bsc#1220628).
    - CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
    - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets     (bsc#1220513).
    - CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs     (bsc#1220521).
    - CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
    - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand()  (bsc#1220536).
    - CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx (bsc#1220538).
    - CVE-2021-46966: Fixed potential use-after-free issue in cm_write() (bsc#1220572).
    - CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
    - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
    - CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s     (bsc#1220743).
    - CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
    - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
    - CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en     (bsc#1220794).
    - CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket (bsc#1220637).
    - CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
    - CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
    - CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
    - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
    - CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
    - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed     (bsc#1220742).
    - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing     SRCU (bsc#1220745).
    - CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
    - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
    - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
    - CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic     (bsc#1220846).
    - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
    - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
    - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
    - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
    - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221532).
    - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221541).
    - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
    - CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
    - CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4     (bsc#1221575).
    - CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
    - CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
    - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
    - CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
    - CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve     (bsc#1221949).
    - CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
    - CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add() (bsc#1221988).
    - CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo() (bsc#1221972).
    - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
    - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
    - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe     function in spi spi-fsl-dspi (bsc#1221966).
    - CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append (bsc#1221977).
    - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
    - CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
    - CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
    - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
    - CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
    - CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
    - CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
    - CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
    - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4     (bsc#1222001).
    - CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).
    - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions in thermal (bsc#1222878)
    - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
    - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
    - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
    - CVE-2022-0487: Fixed an use-after-free vulnerability in rtsx_usb_ms_drv_remove() in     drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
    - CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c (bsc#1218220).
    - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
    - CVE-2022-48672: Fixed off-by-one error in unflatten_dt_nodes() (bsc#1223931).
    - CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
    - CVE-2022-48702: Fixed out of bounds access in  snd_emu10k1_pcm_channel_alloc() (bsc#1223923).
    - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system     (bsc#1209657).
    - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
    - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
    - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential     information disclosure or a denial of service (bsc#1215221).
    - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
    - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
    - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
    - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests     (bsc#1220445).
    - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
    - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
    - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
    - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO     (bsc#1221162).
    - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
    - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
    - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
    - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
    - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
    - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
    - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
    - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
    - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
    - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
    - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from     userspace (bsc#1221825).
    - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
    - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
    - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
    - CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 (bsc#1222961).
    - CVE-2023-52650: Added missing check for of_find_device_by_node() (bsc#1223770)
    - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
    - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
    - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
    - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()     (bsc#1218336).
    - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in     net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
    - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init     in net/sctp/socket.c (bsc#1218917).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1219169).
    - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
    - CVE-2024-24855: Fixed race condition in lpfc_unregister_fcf_rescan() that could lead to a kernel panic     or denial of service issue (bsc#1219618).
    - CVE-2024-24861: Fixed race condition in xc4000_get_frequency() that could lead to malfunction or denial     of service issue (bsc#1219623).
    - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
    - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
    - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
    - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
    - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
    - CVE-2024-26704: fixed double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
    - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
    - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
    - CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
    - CVE-2024-26754: Fixed ab use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
    - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt     (bsc#1222720).
    - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
    - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()     (bsc#1222613).
    - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found()     (bsc#1222618).
    - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
    - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
    - CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
    - CVE-2024-26791: Properly validated device names in btrfs dev-replace (bsc#1222793)
    - CVE-2024-26793: fixed use-after-free and null-ptr-deref in gtp_newlink() (bsc#1222428).
    - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
    - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them     (bsc#1222624).
    - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
    - CVE-2024-26839: Fixed a memory leak in init_credit_return() (bsc#1222975)
    - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
    - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
    - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
    - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
    - CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x (bsc#1223049).
    - CVE-2024-26876: Fixed crash on irq during probe, related to adv7511_probe() (bsc#1223119).
    - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
    - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
    - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
    - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
    - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
    - CVE-2024-26922: Validated the parameters of bo mapping operations more clearly (bsc#1223315).
    - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
    - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
    - CVE-2024-27008: Fixed out of bounds access in nv04 (CVE-2024-27008 bsc#1223802).
    - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
    - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
    - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
    - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
    - CVE-2024-27072: Removed useless locks in usbtv_video_free() (bsc#1223837).
    - CVE-2024-27073: Fixed a memory leak in budget_av_attach() (bsc#1223843).
    - CVE-2024-27074: Fixed a memory leak in go7007_load_encoder() (bsc#1223844).
    - CVE-2024-27075: Avoided stack overflow warnings with clang (bsc#1223842).
    - CVE-2024-27078: Fixed a memory leak in tpg_alloc() (bsc#1223781).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory.

  - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to     elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local     user with the CAP_NET_RAW capability. (CVE-2021-23134)

  - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the     ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map.
    ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL     to vp_map and kfree take care of NULL. (CVE-2024-26930)

  - In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory     accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in     netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI     for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk()     patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. (CVE-2019-25160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory.

    The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2020-36780: Fixed a reference leak when pm_runtime_get_sync fails in i2c (bsc#1220556).
    - CVE-2020-36782: Fixed a reference leak when pm_runtime_get_sync fails in i2c imx-lpi2c (bsc#1220560).
    - CVE-2020-36783: Fixed a reference leak when pm_runtime_get_sync fails in i2c img-scb (bsc#1220561).
    - CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
    - CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
    - CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
    - CVE-2021-46930: Fixed a list_head check warning caused by uninitialization of list_head in usb mtu3     (bsc#1220484).
    - CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq     (bsc#1220554).
    - CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
    - CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583).
    - CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566).
    - CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
    - CVE-2021-46951: Fixed an integer underflow of efi_tpm_final_log_size in tpm_read_log_efi in tpm efi     (bsc#1220615).
    - CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs     (bsc#1220521).
    - CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
    - CVE-2021-46961: Fixed an error on not enabling irqs when handling spurious interrups in irqchip/gic-v3     (bsc#1220529).
    - CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532).
    - CVE-2021-46963: Fixed a denial of service in qla2xxx_mqueuecommand() in scsi qla2xxx (bsc#1220536)
    - CVE-2021-46971: Fixed unconditional security_locked_down() call in perf/core (bsc#1220697).
    - CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
    - CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631).
    - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON in userfaultfd (bsc#1220706).
    - CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s     (bsc#1220743).
    - CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
    - CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
    - CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
    - CVE-2021-47000: Fixed an inode leak on getattr error in __fh_to_dentry in ceph (bsc#1220669).
    - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
    - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
    - CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en     (bsc#1220794).
    - CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785).
    - CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
    - CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
    - CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
    - CVE-2021-47051: Fixed a PM reference leak in lpspi_prepare_xfer_hardware() in spi fsl-lpspi     (bsc#1220764).
    - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
    - CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
    - CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779).
    - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing     SRCU (bsc#1220745).
    - CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
    - CVE-2021-47065: Fixed an array overrun in rtw_get_tx_power_params() in rtw88 (bsc#1220749).
    - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
    - CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue,     ipc/msg, ipc/sem (bsc#1220826).
    - CVE-2021-47070: Fixed a memory leak in error handling paths on memory allocated by vmbus_alloc_ring in     uio_hv_generic (bsc#1220829).
    - CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic     (bsc#1220846).
    - CVE-2021-47073: Fixed a oops on rmmod dell_smbios exit_dell_smbios_wmi() in platform/x86 dell-smbios-wmi     (bsc#1220850).
    - CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
    - CVE-2021-47082: Fixed a double free in tun_free_netdev in tun (bsc#1220969).
    - CVE-2021-47109: Fixed an overflow in neighbour table in neighbour (bsc#1221534).
    - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221532).
    - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm     (bsc#1221541).
    - CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
    - CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4     (bsc#1221575).
    - CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
    - CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
    - CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606).
    - CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
    - CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3     (bsc#1221935).
    - CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve     (bsc#1221949).
    - CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
    - CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989).
    - CVE-2021-47153: Fixed an out-of-range memory access during bus reset in the case of a block transaction     in i2c/i801 (bsc#1221969).
    - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe     function in spi spi-fsl-dspi (bsc#1221966).
    - CVE-2021-47165: Fixed a NULL pointer dereference when component was not probed during shutdown in     drm/mesonhe (bsc#1221965).
    - CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
    - CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
    - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
    - CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
    - CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004).
    - CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
    - CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124     (bsc#1221992).
    - CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
    - CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
    - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4     (bsc#1222001).
    - CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
    - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()     (bsc#1222660).
    - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145,     bsc#1222664).
    - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
    - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work     functions in btrfs (bsc#1222706).
    - CVE-2022-0487: Fixed an use-after-free vulnerability in rtsx_usb_ms_drv_remove() in     drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
    - CVE-2022-4744: Fixed a double-free that could lead to DoS or privilege escalation in TUN/TAP device     driver functionality (bsc#1209635).
    - CVE-2022-48626: Fixed a potential use-after-free on remove path in moxart (bsc#1220366).
    - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system     (bsc#1209657).
    - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
    - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
    - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
    - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length in nvmet-tcp     (bsc#1220320).
    - CVE-2023-52469: Fixed an use-after-free in kv_parse_power_table in drivers/amd/pm (bsc#1220411).
    - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
    - CVE-2023-52474: Fixed a data corruption in user SDMA requests in IB/hfi1 (bsc#1220445).
    - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
    - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
    - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command     (bsc#1220883).
    - CVE-2023-52500: Fixed leaking tags when processing  OPC_INB_SET_CONTROLLER_CONFIG command in scsi in     pm80xx (bsc#1220883).
    - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
    - CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946).
    - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
    - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
    - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
    - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
    - CVE-2023-52607: Fixed null-pointer dereference in pgtable_cache_add kasprintf() in powerpc/mm     (bsc#1221061).
    - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
    - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's     deletion of SKB races (bsc#1218447).
    - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
    - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
    - CVE-2023-7042: Fixed a null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in     drivers/net/wireless/ath/ath10k/wmi-tlv.c in net (bsc#1218336).
    - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in     net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
    - CVE-2024-22099: Fixed a null pointer dereference in /net/bluetooth/rfcomm/core.C in bluetooth     (bsc#1219170).
    - CVE-2024-26600: Fixed null pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
    - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
    - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
    - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
    - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.4.129-62.227. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-004 advisory.

    A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the     ability to transmit within the wireless transmission range of an access point can abuse a flaw where     previous contents of wifi fragments can be unintentionally transmitted to another device. (CVE-2020-24586)

    A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can     abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under     different keys, treating them as valid. This flaw allows an attacker to send a fragment under an incorrect     key, treating them as a valid fragment under the new key. The highest threat from this vulnerability is to     confidentiality. (CVE-2020-24587)

    A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can     inject custom data into the wireless communication circumventing checks on the data.  This can cause the     frame to pass checks and be considered a valid frame of a different type. (CVE-2020-24588)

    Frames used for authentication and key management between the AP and connected clients.  Some clients may     take these redirected frames masquerading as control mechanisms from the AP. (CVE-2020-26139)

    A vulnerability was found in Linux kernel's WiFi implementation.  An attacker within wireless range can     inject a control packet fragment where the kernel does not verify the Message Integrity Check     (authenticity) of fragmented TKIP frames. (CVE-2020-26141)

    A flaw was found in ath10k_htt_rx_proc_rx_frag_ind_hl in drivers/net/wireless/ath/ath10k/htt_rx.c in the     Linux kernel WiFi implementations, where it accepts a second (or subsequent) broadcast fragments even when     sent in plaintext and then process them as full unfragmented frames. The highest threat from this     vulnerability is to integrity. (CVE-2020-26145)

    A flaw was found in ieee80211_rx_h_defragment in net/mac80211/rx.c in the Linux Kernel's WiFi     implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when     another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
    The highest threat from this vulnerability is to integrity. (CVE-2020-26147)

    A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID     are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a     security threat and breach system integrity, confidentiality and even lead to a denial of service problem.
    (CVE-2020-26541)

    A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP),     Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable     to an impersonation attack where an active attacker can impersonate the initiating device without any     previous knowledge. (CVE-2020-26558)

    A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to     potentially enable information disclosure via adjacent access. The highest threat from this vulnerability     is to data confidentiality and integrity. (CVE-2021-0129)

    A flaw was found in the Linux kernel's KVM implementation, where improper handing of the VM_IO|VM_PFNMAP     VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest.
    This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in     local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity,     and system availability. (CVE-2021-22543)

    A flaw was found in the Linux kernel's handling of the removal of Bluetooth HCI controllers. This flaw     allows an attacker with a local account to exploit a race condition, leading to corrupted memory and     possible privilege escalation. The highest threat from this vulnerability is to confidentiality,     integrity, as well as system availability. (CVE-2021-32399)

    A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux     kernel, where a local attacker with an access rights could cause a denial of service problem on the system     The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in     other places. The highest threat from this vulnerability is to data integrity, confidentiality and system     availability. (CVE-2021-33034)

    The canbus filesystem in the Linux kernel contains an information leak of kernel memory to devices on the     CAN bus network link layer.  An attacker with the ability to dump messages on the CAN bus is able to learn     of uninitialized stack values by dumbing messages on the can bus. (CVE-2021-34693)

    An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux     kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a     system crash or a leak of internal kernel information. The highest threat from this vulnerability is to     system availability. (CVE-2021-3506)

    A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in     the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the     system. (CVE-2021-3564)

    A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in     the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call     hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(),     hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system     or escalate their privileges on the system. (CVE-2021-3573)

    A flaw was found in the Linux kernels NFC implementation, A NULL pointer dereference and BUG leading to a     denial of service can be triggered by a local unprivileged user causing a kernel panic. (CVE-2021-38208)

    In the Linux kernel, the following vulnerability has been resolved:

    HID: usbhid: fix info leak in hid_submit_ctrl

    In hid_submit_ctrl(), the way of calculating the report length doesn'ttake into account that report->size     can be zero. When running thesyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) tocalculate     transfer_buffer_length as 16384. When this urb is passed tothe usb core layer, KMSAN reports an info leak     of 16384 bytes.

    To fix this, first modify hid_report_len() to account for the zeroreport size case by using DIV_ROUND_UP     for the division. Then, call itfrom hid_submit_ctrl(). (CVE-2021-46906)

    In the Linux kernel, the following vulnerability has been resolved:

    dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (CVE-2021-46938)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)

    In the Linux kernel, the following vulnerability has been resolved:

    md/raid1: properly indicate failure when ending a failed write request

    This patch addresses a data corruption bug in raid1 arrays using bitmaps.Without this fix, the bitmap bits     for the failed I/O end up being cleared.

    Since we are in the failure leg of raid1_end_write_request, the requesteither needs to be retried     (R1BIO_WriteError) or failed (R1BIO_Degraded). (CVE-2021-46950)

    In the Linux kernel, the following vulnerability has been resolved:

    tpm: efi: Use local variable for calculating final log size (CVE-2021-46951)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure (CVE-2021-46953)

    In the Linux kernel, the following vulnerability has been resolved:

    openvswitch: fix stack OOB read while fragmenting IPv4 packets (CVE-2021-46955)

    In the Linux kernel, the following vulnerability has been resolved:

    virtiofs: fix memory leak in virtio_fs_probe() (CVE-2021-46956)

    In the Linux kernel, the following vulnerability has been resolved:

    spi: Fix use-after-free with devm_spi_alloc_* (CVE-2021-46959)

    In the Linux kernel, the following vulnerability has been resolved:

    cifs: Return correct error code from smb2_get_enc_key (CVE-2021-46960)

    In the Linux kernel, the following vulnerability has been resolved:

    irqchip/gic-v3: Do not enable irqs when handling spurious interrups (CVE-2021-46961)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (CVE-2021-46963)

    In the Linux kernel, the following vulnerability has been resolved:

    nbd: Fix NULL pointer in flush_workqueue (CVE-2021-46981)

    In the Linux kernel, the following vulnerability has been resolved:

    kyber: fix out of bounds access when preempted (CVE-2021-46984)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: scan: Fix a memory leak in an error handling path (CVE-2021-46985)

    In the Linux kernel, the following vulnerability has been resolved:

    userfaultfd: release page in error path to avoid BUG_ON (CVE-2021-46988)

    In the Linux kernel, the following vulnerability has been resolved:

    hfsplus: prevent corruption in shrinking truncate (CVE-2021-46989)

    In the Linux kernel, the following vulnerability has been resolved:

    i40e: Fix use-after-free in i40e_client_subtask() (CVE-2021-46991)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nftables: avoid overflows in nft_hash_buckets() (CVE-2021-46992)

    In the Linux kernel, the following vulnerability has been resolved:

    sched: Fix out-of-bound access in uclamp (CVE-2021-46993)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: do asoc update earlier in sctp_sf_do_dupcook_a (CVE-2021-46999)

    In the Linux kernel, the following vulnerability has been resolved:

    ceph: fix inode leak on getattr error in __fh_to_dentry (CVE-2021-47000)

    In the Linux kernel, the following vulnerability has been resolved:

    ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook (CVE-2021-47006)

    In the Linux kernel, the following vulnerability has been resolved:

    net: Only allow init netns to set default tcp cong to a restricted algo (CVE-2021-47010)

    In the Linux kernel, the following vulnerability has been resolved:

    net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)

    In the Linux kernel, the following vulnerability has been resolved:

    bnxt_en: Fix RX consumer index logic in the error path. (CVE-2021-47015)

    In the Linux kernel, the following vulnerability has been resolved:

    bus: qcom: Put child node before return (CVE-2021-47054)

    In the Linux kernel, the following vulnerability has been resolved:

    mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055)

    In the Linux kernel, the following vulnerability has been resolved:

    regmap: set debugfs_name to NULL after it is freed (CVE-2021-47058)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (CVE-2021-47060)

    In the Linux kernel, the following vulnerability has been resolved:

    uio_hv_generic: Fix a memory leak in error handling paths (CVE-2021-47071)

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/rxe: Clear all QP fields if creation failed (CVE-2021-47078)

    In the Linux kernel, the following vulnerability has been resolved:

    neighbour: allow NUD_NOARP entries to be forced GCed (CVE-2021-47109)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/kvm: Disable kvmclock on all CPUs on shutdown (CVE-2021-47110)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/kvm: Teardown PV features on boot CPU as well (CVE-2021-47112)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (CVE-2021-47117)

    In the Linux kernel, the following vulnerability has been resolved:

    pid: take a reference when initializing `cad_pid` (CVE-2021-47118)

    In the Linux kernel, the following vulnerability has been resolved:

    HID: magicmouse: fix NULL-deref on disconnect (CVE-2021-47120)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (CVE-2021-47126)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nft_ct: skip expectations for confirmed conntrack (CVE-2021-47129)

    In the Linux kernel, the following vulnerability has been resolved:

    cxgb4: avoid accessing registers when clearing filters (CVE-2021-47138)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: Fix a use-after-free (CVE-2021-47142)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amd/amdgpu: fix refcount leak (CVE-2021-47144)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: do not BUG_ON in link_to_fixup_dir (CVE-2021-47145)

    In the Linux kernel, the following vulnerability has been resolved:

    mld: fix panic in mld_newpack() (CVE-2021-47146)

    In the Linux kernel, the following vulnerability has been resolved:

    net: dsa: fix a crash if ->get_sset_count() fails (CVE-2021-47159)

    In the Linux kernel, the following vulnerability has been resolved:

    tipc: skb_linearize the head skb when reassembling msgs (CVE-2021-47162)

    In the Linux kernel, the following vulnerability has been resolved:

    tipc: wait and exit until all work queues are done (CVE-2021-47163)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() (CVE-2021-47166)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (CVE-2021-47167)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: fix an incorrect limit in filelayout_decode_layout() (CVE-2021-47168)

    In the Linux kernel, the following vulnerability has been resolved:

    USB: usbfs: Don't WARN about excessively large memory allocations (CVE-2021-47170)

    In the Linux kernel, the following vulnerability has been resolved:

    net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu/vt-d: Fix sysfs leak in alloc_iommu() (CVE-2021-47177)

    In the Linux kernel, the following vulnerability has been resolved:

    net: bridge: fix vlan tunnel dst refcnt when egressing (CVE-2021-47222)

    In the Linux kernel, the following vulnerability has been resolved:

    net: bridge: fix vlan tunnel dst null pointer dereference (CVE-2021-47223)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (CVE-2021-47230)

    In the Linux kernel, the following vulnerability has been resolved:

    net: cdc_eem: fix tx fixup skb leak (CVE-2021-47236)

    In the Linux kernel, the following vulnerability has been resolved:

    net: ipv4: fix memory leak in ip_mc_add1_src (CVE-2021-47238)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: synproxy: Fix out of bounds when parsing TCP options (CVE-2021-47245)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Fix page reclaim for dead peer hairpin (CVE-2021-47246)

    In the Linux kernel, the following vulnerability has been resolved:

    udp: fix race between close() and udp_abort() (CVE-2021-47248)

    In the Linux kernel, the following vulnerability has been resolved:

    net: rds: fix memory leak in rds_recvmsg (CVE-2021-47249)

    In the Linux kernel, the following vulnerability has been resolved:

    net: ipv4: fix memory leak in netlbl_cipsov4_add_std (CVE-2021-47250)

    In the Linux kernel, the following vulnerability has been resolved:

    gfs2: Fix use-after-free in gfs2_glock_shrink_scan (CVE-2021-47254)

    In the Linux kernel, the following vulnerability has been resolved:

    kvm: LAPIC: Restore guard to prevent illegal APIC register access (CVE-2021-47255)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/memory-failure: make sure wait for page writeback in memory_failure (CVE-2021-47256)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Fix error handling of scsi_host_alloc() (CVE-2021-47258)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Fix use-after-free in nfs4_init_client() (CVE-2021-47259)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Fix a potential NULL dereference in nfs_get_client() (CVE-2021-47260)

    In the Linux kernel, the following vulnerability has been resolved:

    IB/mlx5: Fix initializing CQ fragments buffer (CVE-2021-47261)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message (CVE-2021-47262)

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/ipoib: Fix warning caused by destroying non-initial netns (CVE-2021-47266)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Correct the length check which causes memory corruption (CVE-2021-47274)

    In the Linux kernel, the following vulnerability has been resolved:

    ftrace: Do not blindly read the ip address in ftrace_bug() (CVE-2021-47276)

    In the Linux kernel, the following vulnerability has been resolved:

    kvm: avoid speculation-based attacks from out-of-range memslot accesses (CVE-2021-47277)

    In the Linux kernel, the following vulnerability has been resolved:

    drm: Fix use-after-free read in drm_getunique() (CVE-2021-47280)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 4.14.238-182.421. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1685 advisory.

    A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP),     Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable     to an impersonation attack where an active attacker can impersonate the initiating device without any     previous knowledge. (CVE-2020-26558)

    A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to     potentially enable information disclosure via adjacent access. The highest threat from this vulnerability     is to data confidentiality and integrity. (CVE-2021-0129)

    A denial-of-service (DoS) flaw was identified  in the Linux kernel due to an incorrect memory barrier in     xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem. (CVE-2021-29650)

    A flaw was found in the Linux kernel's handling of the removal of Bluetooth HCI controllers. This flaw     allows an attacker with a local account to exploit a race condition, leading to corrupted memory and     possible privilege escalation. The highest threat from this vulnerability is to confidentiality,     integrity, as well as system availability. (CVE-2021-32399)

    A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux     kernel, where a local attacker with an access rights could cause a denial of service problem on the system     The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in     other places. The highest threat from this vulnerability is to data integrity, confidentiality and system     availability. (CVE-2021-33034)

    In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because     of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a     side-channel attack, aka CID-9183671af6db. (CVE-2021-33624)

    A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in     the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the     system. (CVE-2021-3564)

    A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in     the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call     hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(),     hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system     or escalate their privileges on the system. (CVE-2021-3573)

    In the Linux kernel, the following vulnerability has been resolved:

    HID: usbhid: fix info leak in hid_submit_ctrl

    In hid_submit_ctrl(), the way of calculating the report length doesn'ttake into account that report->size     can be zero. When running thesyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) tocalculate     transfer_buffer_length as 16384. When this urb is passed tothe usb core layer, KMSAN reports an info leak     of 16384 bytes.

    To fix this, first modify hid_report_len() to account for the zeroreport size case by using DIV_ROUND_UP     for the division. Then, call itfrom hid_submit_ctrl(). (CVE-2021-46906)

    In the Linux kernel, the following vulnerability has been resolved:

    dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (CVE-2021-46938)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)

    In the Linux kernel, the following vulnerability has been resolved:

    md/raid1: properly indicate failure when ending a failed write request

    This patch addresses a data corruption bug in raid1 arrays using bitmaps.Without this fix, the bitmap bits     for the failed I/O end up being cleared.

    Since we are in the failure leg of raid1_end_write_request, the requesteither needs to be retried     (R1BIO_WriteError) or failed (R1BIO_Degraded). (CVE-2021-46950)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure (CVE-2021-46953)

    In the Linux kernel, the following vulnerability has been resolved:

    openvswitch: fix stack OOB read while fragmenting IPv4 packets (CVE-2021-46955)

    In the Linux kernel, the following vulnerability has been resolved:

    spi: Fix use-after-free with devm_spi_alloc_* (CVE-2021-46959)

    In the Linux kernel, the following vulnerability has been resolved:

    cifs: Return correct error code from smb2_get_enc_key (CVE-2021-46960)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: scan: Fix a memory leak in an error handling path (CVE-2021-46985)

    In the Linux kernel, the following vulnerability has been resolved:

    userfaultfd: release page in error path to avoid BUG_ON (CVE-2021-46988)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nftables: avoid overflows in nft_hash_buckets() (CVE-2021-46992)

    In the Linux kernel, the following vulnerability has been resolved:

    ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook (CVE-2021-47006)

    In the Linux kernel, the following vulnerability has been resolved:

    net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)

    In the Linux kernel, the following vulnerability has been resolved:

    bus: qcom: Put child node before return (CVE-2021-47054)

    In the Linux kernel, the following vulnerability has been resolved:

    mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055)

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/rxe: Clear all QP fields if creation failed (CVE-2021-47078)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (CVE-2021-47117)

    In the Linux kernel, the following vulnerability has been resolved:

    pid: take a reference when initializing `cad_pid` (CVE-2021-47118)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: Fix a use-after-free (CVE-2021-47142)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: do not BUG_ON in link_to_fixup_dir (CVE-2021-47145)

    In the Linux kernel, the following vulnerability has been resolved:

    mld: fix panic in mld_newpack() (CVE-2021-47146)

    In the Linux kernel, the following vulnerability has been resolved:

    tipc: skb_linearize the head skb when reassembling msgs (CVE-2021-47162)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() (CVE-2021-47166)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: fix an incorrect limit in filelayout_decode_layout() (CVE-2021-47168)

    In the Linux kernel, the following vulnerability has been resolved:

    net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu/vt-d: Fix sysfs leak in alloc_iommu() (CVE-2021-47177)

    In the Linux kernel, the following vulnerability has been resolved:

    net: bridge: fix vlan tunnel dst refcnt when egressing (CVE-2021-47222)

    In the Linux kernel, the following vulnerability has been resolved:

    net: bridge: fix vlan tunnel dst null pointer dereference (CVE-2021-47223)

    In the Linux kernel, the following vulnerability has been resolved:

    net: cdc_eem: fix tx fixup skb leak (CVE-2021-47236)

    In the Linux kernel, the following vulnerability has been resolved:

    net: ipv4: fix memory leak in ip_mc_add1_src (CVE-2021-47238)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: synproxy: Fix out of bounds when parsing TCP options (CVE-2021-47245)

    In the Linux kernel, the following vulnerability has been resolved:

    udp: fix race between close() and udp_abort() (CVE-2021-47248)

    In the Linux kernel, the following vulnerability has been resolved:

    net: rds: fix memory leak in rds_recvmsg (CVE-2021-47249)

    In the Linux kernel, the following vulnerability has been resolved:

    net: ipv4: fix memory leak in netlbl_cipsov4_add_std (CVE-2021-47250)

    In the Linux kernel, the following vulnerability has been resolved:

    gfs2: Fix use-after-free in gfs2_glock_shrink_scan (CVE-2021-47254)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/memory-failure: make sure wait for page writeback in memory_failure (CVE-2021-47256)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Fix error handling of scsi_host_alloc() (CVE-2021-47258)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Fix use-after-free in nfs4_init_client() (CVE-2021-47259)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Fix a potential NULL dereference in nfs_get_client() (CVE-2021-47260)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Correct the length check which causes memory corruption (CVE-2021-47274)

    In the Linux kernel, the following vulnerability has been resolved:

    ftrace: Do not blindly read the ip address in ftrace_bug() (CVE-2021-47276)

    In the Linux kernel, the following vulnerability has been resolved:

    kvm: avoid speculation-based attacks from out-of-range memslot accesses (CVE-2021-47277)

    In the Linux kernel, the following vulnerability has been resolved:

    drm: Fix use-after-free read in drm_getunique() (CVE-2021-47280)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
276196	TencentOS Server 3: kernel (TSSA-2024:1027)	Nessus	Tencent Local Security Checks	high
243743	Linux Distros Unpatched Vulnerability : CVE-2021-47117	Nessus	Misc.	medium
239742	TencentOS Server 2: kernel (TSSA-2024:1030)	Nessus	Tencent Local Security Checks	high
239227	TencentOS Server 4: kernel (TSSA-2025:0048)	Nessus	Tencent Local Security Checks	critical
198237	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)	Nessus	SuSE Local Security Checks	high
197057	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)	Nessus	SuSE Local Security Checks	high
197055	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)	Nessus	SuSE Local Security Checks	high
197048	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)	Nessus	SuSE Local Security Checks	high
194454	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)	Nessus	SuSE Local Security Checks	high
160459	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-002 (ALASKERNEL-5.10-2022-002)	Nessus	Amazon Linux Local Security Checks	high
160440	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-004 (ALASKERNEL-5.4-2022-004)	Nessus	Amazon Linux Local Security Checks	high
151793	Amazon Linux 2 : kernel, --advisory ALAS2-2021-1685 (ALAS-2021-1685)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2021-47117

medium

Tenable Plugins

high

medium

high

critical

high

high

high

high

high

high

high

high