In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly is being mitigated.

euleros EulerOS-SA-2025-2168: An update for kernel is now available for EulerOS Virtualization release 2.13.1

euleros EulerOS-SA-2025-2169: An update for kernel is now available for EulerOS Virtualization release 2.13.0

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    usbnet: gl620a: fix endpoint checking in genelink_bind().(CVE-2025-21877)

    ASoC: soc-compress: prevent the potentially use of null pointer(CVE-2021-47650)

    net: gso: fix ownership in __udp_gso_segment(CVE-2025-21926)

    exec: Force single empty string when argv is empty(CVE-2022-49264)

    IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition(CVE-2022-49089)

    netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits(CVE-2023-53033)

    erspan: do not assume transport header is always set(CVE-2022-49691)

    tipc: check attribute length for bearer name(CVE-2022-49374)

    qede: confirm skb is allocated before using(CVE-2022-49084)

    nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu().(CVE-2025-21927)

    ice: fix memory leak in aRFS after reset(CVE-2025-21981)

    arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall(CVE-2022-49520)

    NFSD: prevent underflow in nfssvc_decode_writeargs().(CVE-2022-49280)

    tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd(CVE-2022-49330)

    net: sched: Disallow replacing of child qdisc from one parent to another(CVE-2025-21702)

    net: ipv4: fix route with nexthop object delete warning(CVE-2022-49092)

    x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL(CVE-2023-52993)

    firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region(CVE-2023-52989)

    netfilter: nf_tables: don't skip expired elements during walk(CVE-2023-52924)

    net: openvswitch: fix leak of nested actions(CVE-2022-49086)

    drm/nouveau: prime: fix refcount underflow(CVE-2024-43867)

    net_sched: Prevent creation of classes with TC_H_ROOT(CVE-2025-21971)

    netfilter: nf_tables: memleak flow rule from commit path(CVE-2022-49358)

    rcu-tasks: Fix race in schedule and flush work(CVE-2022-49540)

    netfilter: use get_random_u32 instead of prandom(CVE-2022-49698)

    fbdev: hyperv_fb: Allow graceful removal of framebuffer(CVE-2025-21976)

    nvme-pci: add missing condition check for existence of mapped data(CVE-2024-42276)

    cifs: Fix oops due to uncleared server-smbd_conn in reconnect(CVE-2023-53006)

    ipv6: mcast: add RCU protection to mld_newpack().(CVE-2025-21758)

    ftrace: Clean up hash direct_functions on register failures(CVE-2022-49402)

    clocksource: hyper-v: unexport __init-annotated hv_init_clocksource().(CVE-2022-49726)

    usb: cdc-acm: Check control transfer buffer size before access(CVE-2025-21704)

    PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1(CVE-2025-21831)

    ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero(CVE-2022-49584)

    gpio: Restrict usage of GPIO chip irq members before initialization(CVE-2022-49072)

    i40e: Fix call trace in setup_tx_descriptors(CVE-2022-49725)

    RDMA/hfi1: Fix potential integer multiplication overflow errors(CVE-2022-49404)

    ice: Fix memory corruption in VF driver(CVE-2022-49722)

    ipv4: prevent potential spectre v1 gadget in fib_metrics_match().(CVE-2023-52996)

    ACPI: CPPC: Avoid out of bounds access when parsing _CPC data(CVE-2022-49145)

    KVM: SVM: fix panic on out-of-bounds guest IRQ(CVE-2022-49154)

    ipv4: prevent potential spectre v1 gadget in ip_metrics_convert().(CVE-2023-52997)

    net: fix NULL pointer in skb_segment_list(CVE-2023-52991)

    dlm: fix plock invalid read(CVE-2022-49407)

    netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree().(CVE-2025-21959)

    tee: optee: Fix supplicant wait loop(CVE-2025-21871)

    dm raid: fix accesses beyond end of raid member array(CVE-2022-49674)

    ipv4: use RCU protection in __ip_rt_update_pmtu().(CVE-2025-21766)

    dm array: fix releasing a faulty array block twice in dm_array_cursor_end(CVE-2024-57929)

    netlink: prevent potential spectre v1 gadgets(CVE-2023-53000)

    net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices(CVE-2023-52984)

    net: xfrm: unexport __init-annotated xfrm4_protocol_init().(CVE-2022-49345)

    tunnels: do not assume mac header is set in skb_tunnel_check_pmtu().(CVE-2022-49663)

    cpufreq: governor: Use kobject release() method to free dbs_data(CVE-2022-49513)

    brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path(CVE-2022-49263)

    HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections(CVE-2024-57986)

    ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up(CVE-2025-21887)

    xsk: Fix race at socket teardown(CVE-2022-49215)

    acct: perform last write from workqueue(CVE-2025-21846)

    nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags(CVE-2022-49492)

    drop_monitor: fix incorrect initialization order(CVE-2025-21862)

    udp: Fix a data-race around sysctl_udp_l3mdev_accept.(CVE-2022-49577)

    ip: Fix data-races around sysctl_ip_prot_sock.(CVE-2022-49578)

    ipv4: Fix data-races around sysctl_fib_multipath_hash_policy.(CVE-2022-49579)

    ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.(CVE-2022-49580)

    tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.(CVE-2022-49585)

    drm/drm_vma_manager: Add drm_vma_node_allow_once().(CVE-2023-53001)

    x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes(CVE-2025-21991)

    ipv6: Fix signed integer overflow in __ip6_append_data(CVE-2022-49728)

    ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().(CVE-2025-22005)

    exec: don't WARN for racy path_noexec check(CVE-2024-50010)

    iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic().(CVE-2025-21993)

    RDMA/hns: Fix soft lockup during bt pages loop(CVE-2025-22010)

    tracing: Fix use-after-free in print_graph_function_flags during tracer switching(CVE-2025-22035)

    regulator: check that dummy regulator has been probed before using it(CVE-2025-22008)

    smb: client: Add check for next_buffer in receive_encrypted_standard().(CVE-2025-21844)

    vlan: enforce underlying device type(CVE-2025-21920)

    tcp: Fix data-races around sysctl_tcp_mtu_probing.(CVE-2022-49598)

    mm/swapfile: add cond_resched() in get_swap_pages().(CVE-2023-52932)

    proc: fix UAF in proc_get_inode().(CVE-2025-21999)

    driver core: Fix wait_for_device_probe()  deferred_probe_timeout interaction(CVE-2022-49379)

    NFSD: prevent integer overflow on 32 bit systems(CVE-2022-49279)

    x86/kexec: fix memory leak of elf header buffer(CVE-2022-49546)

    PM: core: keep irq flags in device_pm_check_callbacks().(CVE-2022-49175)

    KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak(CVE-2022-49556)

    tracing: Fix bad hist from corrupting named_triggers list(CVE-2025-21899)

    drivers/base/node.c: fix compaction sysfs file leak(CVE-2022-49442)

    hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio(CVE-2025-21931)

    s390/cpum_sf: Handle CPU hotplug remove during sampling(CVE-2024-57849)

    bpf, sockmap: Fix double uncharge the mem of sk_msg(CVE-2022-49205)

    perf/x86/amd: fix potential integer overflow on shift of a int(CVE-2022-49748)

    firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle(CVE-2022-49370)

    driver core: fix deadlock in __device_attach(CVE-2022-49371)

    RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers(CVE-2025-21885)

    RDMA/core: Fix ib block iterator counter overflow(CVE-2023-53026)

    net: let net.core.dev_weight always be non-zero(CVE-2025-21806)

    irqchip/gic-v3: Fix GICR_CTLR.RWP polling(CVE-2022-49074)

    x86/speculation: Fill RSB on vmexit for IBRS(CVE-2022-49611)

    netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.(CVE-2023-53032)

    arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY(CVE-2024-39488)

    udp: Deal with race between UDP socket address change and rehash(CVE-2024-57974)

    net: mdio: validate parameter addr in mdiobus_get_phy().(CVE-2023-53019)

    ppp: Fix KMSAN uninit-value warning with bpf(CVE-2025-21922)

    KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits(CVE-2022-49562)

    NFS: Avoid writeback threads getting stuck in mempool_alloc().(CVE-2022-49097)

    virtio_net: fix xdp_rxq_info bug after suspend/resume(CVE-2022-49687)

    LSM: general protection fault in legacy_parse_param(CVE-2022-49180)

    net/mlx5: handle errors in mlx5_chains_create_table().(CVE-2025-21975)

    net: mdio: unexport __init-annotated mdio_bus_init().(CVE-2022-49350)

    be2net: Fix buffer overflow in be_get_module_eeprom(CVE-2022-49581)

    l2tp: close all race conditions in l2tp_tunnel_register().(CVE-2023-53020)

    ipvlan: ensure network headers are in skb linear part(CVE-2025-21891)

    serial: 8250: Fix PM usage_count for console handover(CVE-2022-49613)

    scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress(CVE-2023-52975)

    NFSD: Fix the behavior of READ near OFFSET_MAX(CVE-2022-48827)

    af_netlink: Fix shift out of bounds in group mask calculation(CVE-2022-49197)

    dm thin: make get_first_thin use rcu-safe list first function(CVE-2025-21664)

    netfilter: conntrack: re-fetch conntrack after insertion(CVE-2022-49561)

    mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath().(CVE-2023-52939)

    tick/nohz: unexport __init-annotated tick_nohz_full_setup().(CVE-2022-49675)

    ipv6: use RCU protection in ip6_default_advmss().(CVE-2025-21765)

    virtio_console: eliminate anonymous module_init  module_exit(CVE-2022-49100)

    net: tun: unlink NAPI from device on destruction(CVE-2022-49672)

    Drivers: hv: vmbus: Fix potential crash on module unload(CVE-2022-49098)

    net/tls: fix slab-out-of-bounds bug in decrypt_internal(CVE-2022-49094)

    keys: Fix UAF in key_put().(CVE-2025-21893)

    bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener(CVE-2023-52986)

    RDMA/hfi1: Prevent panic when SDMA is disabled(CVE-2022-49429)

    xhci: Handle TD clearing for multiple streams case(CVE-2024-40927)

    ipmr: do not call mr_mfc_uses_dev() for unres entries(CVE-2025-21719)

    scsi: hisi_sas: Add cond_resched() for no forced preemption model(CVE-2024-56589)

    veth: Ensure eth header is in skb's linear part(CVE-2022-49066)

    tracing: Fix potential double free in create_var_ref().(CVE-2022-49410)

    dmaengine: Fix double increment of client_count in dma_chan_get().(CVE-2022-49753)

    scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress(CVE-2023-52974)

    net_sched: sch_sfq: don't allow 1 packet limit(CVE-2024-57996)

    vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF(CVE-2023-52973)

    dm mirror log: round up region bitmap size to BITS_PER_LONG(CVE-2022-49710)

    x86/xen: don't do PV iret hypercall through hypercall page(CVE-2024-53241)

    bpf, sockmap: Fix more uncharged while msg has more_data(CVE-2022-49204)

    mm/khugepaged: fix -anon_vma race(CVE-2023-52935)

    dm integrity: fix memory corruption when tag_size is less than digest size(CVE-2022-49044)

    scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp().(CVE-2022-49521)

    bpf: Fix request_sock leak in sk lookup helpers(CVE-2022-49697)

    mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize().(CVE-2025-21861)

    efi: Don't map the entire mokvar table to determine its size(CVE-2025-21872)

    net: asix: add proper error handling of usb read errors(CVE-2022-49226)

    HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove().(CVE-2025-21928)

    bpf: Skip task with pid=1 in send_signal_common().(CVE-2023-52992)

    bpf: Skip invalid kfunc call in backtrack_insn(CVE-2023-52928)

    bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation(CVE-2023-53024)

    igb: Fix potential invalid memory access in igb_init_module().(CVE-2024-52332)

    ftrace: Avoid potential division by zero in function_stat_show().(CVE-2025-21898)

    efi: fix potential NULL deref in efi_mem_reserve_persistent(CVE-2023-52976)

    uprobes: Reject the shared zeropage in uprobe_write_opcode().(CVE-2025-21881)

    bnxt: Do not read past the end of test names(CVE-2023-53010)

    trace_events_hist: add check for return value of 'create_hist_field'(CVE-2023-53005)

    tracing: Make sure trace_printk() can output as soon as it can be used(CVE-2023-53007)

    Squashfs: fix handling and sanity checking of xattr_ids count(CVE-2023-52933)

    tcp: Fix a data-race around sysctl_tcp_probe_threshold.(CVE-2022-49595)

    tcp: Fix data-races around sysctl_tcp_min_snd_mss.(CVE-2022-49596)

    tcp: Fix data-races around sysctl_tcp_base_mss.(CVE-2022-49597)

    tcp: Fix data-races around sysctl_tcp_l3mdev_accept.(CVE-2022-49599)

    hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING(CVE-2025-21816)

    RDMA/hfi1: Prevent use of lock before it is initialized(CVE-2022-49433)

    cifs: fix potential memory leaks in session setup(CVE-2023-53008)

    ovl: Use 'buf' flexible array for memcpy() destination(CVE-2022-49743)

    openvswitch: fix lockup on tx to unregistering netdev with carrier(CVE-2025-21681)

    net: hns3: add vlan list lock to protect vlan list(CVE-2022-49182)

    driver: base: fix UAF when driver_attach failed(CVE-2022-49385)

    ubi: ubi_create_volume: Fix use-after-free when volume creation failed(CVE-2022-49388)

    rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read(CVE-2024-58069)

    lz4: fix LZ4_decompress_safe_partial read out of bound(CVE-2022-49078)

    um: Fix out-of-bounds read in LDT setup(CVE-2022-49395)

    KVM: Explicitly verify target vCPU is online in kvm_get_vcpu().(CVE-2024-58083)

    ipv6: mcast: extend RCU protection in igmp6_send().(CVE-2025-21759)

    vsock: Keep the binding until socket destruction(CVE-2025-21756)

    pps: Fix a use-after-free(CVE-2024-57979)

    padata: fix UAF in padata_reorder(CVE-2025-21727)

    netfilter: nf_tables: avoid skb access on nf_stolen(CVE-2022-49622)

    srcu: Tighten cleanup_srcu_struct() GP checks(CVE-2022-49651)

    openvswitch: use RCU protection in ovs_vport_cmd_fill_info().(CVE-2025-21761)

    cgroup: Use separate src/dst nodes when preloading css_sets for migration(CVE-2022-49647)

    ice: arfs: fix use-after-free when freeing @rx_cpu_rmap(CVE-2022-49063)

    macsec: fix UAF bug for real_dev(CVE-2022-49390)

    ndisc: extend RCU protection in ndisc_send_skb().(CVE-2025-21760)

    nfsd: release svc_expkey(CVE-2024-53216)

    nfsd: make sure exp active before svc_export_show(CVE-2024-56558)

    net: sched: Disallow replacing of child qdisc from one parent to another(CVE-2025-21700)

    neighbour: use RCU protection in __neigh_notify().(CVE-2025-21763)

    nfsd: clear acl_access/acl_default after releasing them(CVE-2025-21796)

    ndisc: use RCU protection in ndisc_alloc_skb().(CVE-2025-21764)

    arp: use RCU protection in arp_xmit().(CVE-2025-21762)

    iommu/arm-smmu-v3: check return value after calling platform_get_resource().(CVE-2022-49319)

    memcg: fix soft lockup in the OOM process(CVE-2024-57977)

    rdma/cxgb4: Prevent potential integer overflow on 32bit(CVE-2024-57973)

    scsi: hisi_sas: Free irq vectors in order for v3 HW(CVE-2022-49118)

    drm/plane: Move range check for format_count earlier(CVE-2021-47659)

    USB: hub: Ignore non-compliant devices with too many configs or interfaces(CVE-2025-21776)

    bpf: avoid holding freeze_mutex during mmap operation(CVE-2025-21853)

    linux/dim: Fix divide by 0 in RDMA DIM(CVE-2022-49670)

    HID: multitouch: Add NULL check in mt_input_configured(CVE-2024-58020)

    nfp: bpf: Add check for nfp_app_ctrl_msg_alloc().(CVE-2025-21848)

    KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel(CVE-2025-21779)

    usb: xhci: Fix NULL pointer dereference on certain command aborts(CVE-2024-57981)

    ceph: fix memory leak in ceph_readdir when note_last_dentry returns error(CVE-2022-49107)

    NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify().(CVE-2022-49103)

    io_uring: fix memory leak of uid in files registration(CVE-2022-49144)

    hwrng: cavium - fix NULL but dereferenced coccicheck error(CVE-2022-49177)

    mlxsw: spectrum: Guard against invalid local ports(CVE-2022-49134)

    iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe().(CVE-2022-49323)

    drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes(CVE-2022-49532)

    scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair().(CVE-2022-49155)

    NFSv4: Don't hold the layoutget locks across multiple RPC calls(CVE-2022-49316)

    kernel/resource: fix kfree() of bootmem memory again(CVE-2022-49190)

    vrf: use RCU protection in l3mdev_l3_out().(CVE-2025-21791)

    tcp: Fix a data-race around sysctl_tcp_ecn_fallback.(CVE-2022-49630)

    i2c: dev: check return value when calling dev_set_name().(CVE-2022-49046)

    list: fix a data-race around ep-rdllist(CVE-2022-49443)

    perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()(CVE-2022-49607)

    drm/amd/display: Fix memory leak(CVE-2022-49135)

    media: uvcvideo: Fix double free in error path(CVE-2024-57980)

    io_uring: prevent opcode speculation(CVE-2025-21863)

    geneve: Fix use-after-free in geneve_find_dev().(CVE-2025-21858)

    arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array(CVE-2025-21785)

    scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock(CVE-2022-49536)

    KVM: VMX: Prevent RSB underflow before vmenter(CVE-2022-49610)

    tpm: Change to kvalloc() in eventlog/acpi.c(CVE-2024-58005)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1293-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
    - CVE-2021-47645: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com     (bsc#1237767).
    - CVE-2021-47648: gpu: host1x: Fix a memory leak in 'host1x_remove()' (bsc#1237725).
    - CVE-2022-49046: i2c: dev: check return value when calling dev_set_name() (bsc#1237842).
    - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903).
    - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
    - CVE-2022-49059: nfc: nci: add flush_workqueue to prevent uaf (bsc#1238007).
    - CVE-2022-49074: irqchip/gic-v3: Fix GICR_CTLR.RWP polling (bsc#1237728).
    - CVE-2022-49075: btrfs: fix qgroup reserve overflow the qgroup limit (bsc#1237733).
    - CVE-2022-49084: qede: confirm skb is allocated before using (bsc#1237751).
    - CVE-2022-49107: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1237973).
    - CVE-2022-49109: ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1237836).
    - CVE-2022-49119: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (bsc#1237925).
    - CVE-2022-49120: scsi: pm8001: Fix task leak in pm8001_send_abort_all() (bsc#1237969).
    - CVE-2022-49209: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full (bsc#1238252).
    - CVE-2022-49220: dax: make sure inodes are flushed before destroy cache (bsc#1237936).
    - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719).
    - CVE-2022-49286: tpm: use try_get_ops() in tpm-space.c (bsc#1238647).
    - CVE-2022-49292: ALSA: oss: Fix PCM OSS buffer allocation overflow (bsc#1238625).
    - CVE-2022-49308: extcon: Modify extcon device to be created after driver data is set (bsc#1238654).
    - CVE-2022-49331: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (bsc#1237813).
    - CVE-2022-49344: af_unix: Fix a data-race in unix_dgram_peer_wake_me() (bsc#1237988).
    - CVE-2022-49367: net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (bsc#1238447).
    - CVE-2022-49370: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (bsc#1238467).
    - CVE-2022-49372: tcp: tcp_rtx_synack() can be called from process context (bsc#1238251).
    - CVE-2022-49388: ubi: ubi_create_volume: Fix use-after-free when volume creation failed (bsc#1237934).
    - CVE-2022-49395: um: Fix out-of-bounds read in LDT setup (bsc#1237953).
    - CVE-2022-49397: phy: qcom-qmp: fix struct clk leak on probe errors (bsc#1237823).
    - CVE-2022-49404: RDMA/hfi1: Fix potential integer multiplication overflow errors (bsc#1238430).
    - CVE-2022-49416: wifi: mac80211: fix use-after-free in chanctx code (bsc#1238293).
    - CVE-2022-49433: RDMA/hfi1: Prevent use of lock before it is initialized (bsc#1238268).
    - CVE-2022-49472: net: phy: micrel: Allow probing without .driver_data (bsc#1238951).
    - CVE-2022-49488: drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock (bsc#1238600).
    - CVE-2022-49495: drm/msm/hdmi: check return value after calling platform_get_resource_byname()     (bsc#1237932).
    - CVE-2022-49497: net: remove two BUG() from skb_checksum_help() (bsc#1238946).
    - CVE-2022-49505: NFC: NULL out the dev->rfkill to prevent UAF (bsc#1238615).
    - CVE-2022-49516: ice: always check VF VSI pointer values (bsc#1238953).
    - CVE-2022-49519: ath10k: skip ath10k_halt during suspend for driver state RESTARTING (bsc#1238943).
    - CVE-2022-49524: media: pci: cx23885: Fix the error handling in cx23885_initdev() (bsc#1238949).
    - CVE-2022-49530: drm/amd/pm: fix double free in si_parse_power_table() (bsc#1238944).
    - CVE-2022-49538: ALSA: jack: Fix mutex call in snd_jack_report() (bsc#1238843).
    - CVE-2022-49544: ipw2x00: Fix potential NULL dereference in libipw_xmit() (bsc#1238721).
    - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
    - CVE-2022-49546: x86/kexec: Fix double-free of elf header buffer (bsc#1238750).
    - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787).
    - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789).
    - CVE-2022-49578: ip: Fix data-races around sysctl_ip_prot_sock. (bsc#1238794).
    - CVE-2022-49581: be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1238540).
    - CVE-2022-49589: kABI: protect mr_ifc_count change (bsc#1238598).
    - CVE-2022-49605: igc: Reinstate IGC_REMOVED logic and implement it properly (bsc#1238433).
    - CVE-2022-49607: perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()     (bsc#1238817).
    - CVE-2022-49610: KVM: VMX: Prevent RSB underflow before vmenter (bsc#1238952).
    - CVE-2022-49619: net: sfp: fix memory leak in sfp_probe() (bsc#1239003).
    - CVE-2022-49620: net: tipc: fix possible refcount leak in tipc_sk_create() (bsc#1239002).
    - CVE-2022-49640: sysctl: Fix data races in proc_douintvec_minmax() (bsc#1237782).
    - CVE-2022-49641: sysctl: Fix data races in proc_douintvec() (bsc#1237831).
    - CVE-2022-49667: net: bonding: fix use-after-free after 802.3ad slave unbind (bsc#1238282).
    - CVE-2022-49672: net: tun: unlink NAPI from device on destruction (bsc#1238816).
    - CVE-2022-49711: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (bsc#1238416).
    - CVE-2022-49727: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (bsc#1239059).
    - CVE-2022-49740: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads     (bsc#1240233).
    - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
    - CVE-2023-52997: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (bsc#1240303).
    - CVE-2023-53010: bnxt: Do not read past the end of test names (bsc#1240290).
    - CVE-2023-53019: net: mdio: validate parameter addr in mdiobus_get_phy() (bsc#1240286).
    - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).
    - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
    - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
    - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
    - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg     (bsc#1235733).
    - CVE-2024-49935: ACPI: PAD: fix crash in exit_round_robin() (bsc#1232370).
    - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
    - CVE-2024-50269: usb: musb: sunxi: Fix accessing an released usb phy (bsc#1233458).
    - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
    - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
    - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
    - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
    - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
    - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
    - CVE-2024-57973: rdma/cxgb4: Prevent potential integer overflow on 32bit (bsc#1238531).
    - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
    - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
    - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
    - CVE-2024-58052: drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table     (bsc#1238986).
    - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970)
    - CVE-2024-58072: wifi: rtlwifi: remove unused check_buddy_priv (bsc#1238964).
    - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
    - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
    - CVE-2025-21708: net: usb: rtl8150: enable basic endpoint checking (bsc#1239087).
    - CVE-2025-21744: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (bsc#1238903).
    - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
    - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
    - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
    - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
    - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
    - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
    - CVE-2025-21776: USB: hub: Ignore non-compliant devices with too many configs or interfaces     (bsc#1238909).
    - CVE-2025-21782: orangefs: fix a oob in orangefs_debug_write (bsc#1239117).
    - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
    - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
    - CVE-2025-21796: nfsd: clear acl_access/acl_default after releasing them (bsc#1238716).
    - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
    - CVE-2025-21821: fbdev: omap: use threaded IRQ for LCD DMA (bsc#1239174).
    - CVE-2025-21831: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (bsc#1239039).
    - CVE-2025-21846: acct: perform last write from workqueue (bsc#1239508).
    - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
    - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
    - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
    - CVE-2025-21877: usbnet: gl620a: fix endpoint checking in genelink_bind() (bsc#1240172).
    - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
    - CVE-2025-21916: usb: atm: cxacru: fix a flaw in existing endpoint checks (bsc#1240582).
    - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
    - CVE-2025-21934: rapidio: fix an API misues when rio_add_net() fails (bsc#1240708).
    - CVE-2025-21935: rapidio: add check for rio_add_net() in rio_scan_alloc_net() (bsc#1240700).
    - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).
    - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
    - CVE-2025-21996: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (bsc#1240801).
    - CVE-2025-22007: Bluetooth: Fix error code in chan_alloc_skb_cb() (bsc#1240582).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1263-1 advisory.

    The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867).
    - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903).
    - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
    - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719).
    - CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710).
    - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
    - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
    - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787).
    - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789).
    - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
    - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
    - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
    - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
    - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
    - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
    - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
    - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1241-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
    - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
    - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
    - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
    - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
    - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
    - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
    - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
    - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
    - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync     (bsc#1239095).
    - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
    - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
    - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
    - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
    - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1027-1 advisory.

    The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
    - CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
    - CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
    - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
    - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
    - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
    - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.10.135-122.509. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-086 advisory.

    An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a     user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage     of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read     unauthorized random data from memory. (CVE-2022-1462)

    A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel     lockdown was enabled (CVE-2022-21505)

    A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong     branch type, potentially leading to information disclosure. (CVE-2022-23825)

    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow     an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

    A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some     Intel(R) Processors may allow an authorized user to enable information disclosure via local access.
    (CVE-2022-28693)

    A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary     speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)

    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their     retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can     hijack return instructions to achieve arbitrary speculative code execution under certain     microarchitecture-dependent conditions. (CVE-2022-29901)

    A memory access flaw was found in the Linux kernel's XEN hypervisor for the virtual machine. This flaw     allows a local user to crash the system or potentially escalate their privileges on the system.
    (CVE-2022-36123)

    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in     net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)

    A memory corruption flaw was found in the Linux kernel's Netfilter subsystem in the way a local user uses     the libnetfilter_queue when analyzing a corrupted network packet. This flaw allows a local user to crash     the system or a remote user to crash the system when the libnetfilter_queue is used by a local user.
    (CVE-2022-36946)

    In the Linux kernel, the following vulnerability has been resolved:

    vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix race condition between ext4_write and ext4_convert_inline_data (CVE-2022-49414)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/mempolicy: fix uninit-value in mpol_rebind_policy() (CVE-2022-49567)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Don't null dereference ops->destroy (CVE-2022-49568)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_max_reordering. (CVE-2022-49571)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. (CVE-2022-49572)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix a data-race around sysctl_tcp_early_retrans. (CVE-2022-49573)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_recovery. (CVE-2022-49574)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. (CVE-2022-49575)

    In the Linux kernel, the following vulnerability has been resolved:

    udp: Fix a data-race around sysctl_udp_l3mdev_accept. (CVE-2022-49577)

    In the Linux kernel, the following vulnerability has been resolved:

    ip: Fix data-races around sysctl_ip_prot_sock. (CVE-2022-49578)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. (CVE-2022-49580)

    In the Linux kernel, the following vulnerability has been resolved:

    iavf: Fix handling of dummy receive descriptors (CVE-2022-49583)

    In the Linux kernel, the following vulnerability has been resolved:

    ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (CVE-2022-49584)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. (CVE-2022-49585)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_fastopen. (CVE-2022-49586)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (CVE-2022-49587)

    In the Linux kernel, the following vulnerability has been resolved:

    igmp: Fix data-races around sysctl_igmp_qrv. (CVE-2022-49589)

    In the Linux kernel, the following vulnerability has been resolved:

    igmp: Fix data-races around sysctl_igmp_llm_reports. (CVE-2022-49590)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix a data-race around sysctl_tcp_probe_interval. (CVE-2022-49593)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. (CVE-2022-49594)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix a data-race around sysctl_tcp_probe_threshold. (CVE-2022-49595)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_min_snd_mss. (CVE-2022-49596)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_base_mss. (CVE-2022-49597)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix data-races around sysctl_tcp_mtu_probing. (CVE-2022-49598)

    In the Linux kernel, the following vulnerability has been resolved:

    ip: Fix a data-race around sysctl_ip_autobind_reuse. (CVE-2022-49600)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (CVE-2022-49601)

    In the Linux kernel, the following vulnerability has been resolved:

    ip: Fix a data-race around sysctl_fwmark_reflect. (CVE-2022-49602)

    In the Linux kernel, the following vulnerability has been resolved:

    ip: Fix data-races around sysctl_ip_fwd_update_priority. (CVE-2022-49603)

    In the Linux kernel, the following vulnerability has been resolved:

    ip: Fix data-races around sysctl_ip_fwd_use_pmtu. (CVE-2022-49604)

    In the Linux kernel, the following vulnerability has been resolved:

    perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (CVE-2022-49607)

    In the Linux kernel, the following vulnerability has been resolved:

    pinctrl: ralink: Check for null return of devm_kcalloc (CVE-2022-49608)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/speculation: Fill RSB on vmexit for IBRS (CVE-2022-49611)

    In the Linux kernel, the following vulnerability has been resolved:

    serial: 8250: Fix PM usage_count for console handover (CVE-2022-49613)

    In the Linux kernel, the following vulnerability has been resolved:

    net: tipc: fix possible refcount leak in tipc_sk_create() (CVE-2022-49620)

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Fix potential memory leak in ima_init_crypto() (CVE-2022-49627)

    In the Linux kernel, the following vulnerability has been resolved:

    nexthop: Fix data-races around nexthop_compat_mode. (CVE-2022-49629)

    In the Linux kernel, the following vulnerability has been resolved:

    raw: Fix a data-race around sysctl_raw_l3mdev_accept. (CVE-2022-49631)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: Fix a data-race around sysctl_fib_sync_mem. (CVE-2022-49637)

    In the Linux kernel, the following vulnerability has been resolved:

    icmp: Fix data-races around sysctl. (CVE-2022-49638)

    In the Linux kernel, the following vulnerability has been resolved:

    cipso: Fix data-races around sysctl. (CVE-2022-49639)

    In the Linux kernel, the following vulnerability has been resolved:

    sysctl: Fix data races in proc_douintvec_minmax(). (CVE-2022-49640)

    In the Linux kernel, the following vulnerability has been resolved:

    sysctl: Fix data races in proc_douintvec(). (CVE-2022-49641)

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Fix a potential integer overflow in ima_appraise_measurement (CVE-2022-49643)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (CVE-2022-49644)

    In the Linux kernel, the following vulnerability has been resolved:

    cgroup: Use separate src/dst nodes when preloading css_sets for migration (CVE-2022-49647)

    In the Linux kernel, the following vulnerability has been resolved:

    xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (CVE-2022-49649)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: avoid resizing to a partial cluster size (CVE-2022-50020)

    A NULL pointer dereference issue was found in the SCTP network protocol in net/sctp/stream_sched.c in the     Linux kernel. If stream_in allocation fails, stream_out is freed, which would be accessed further. This     flaw allows a local user to crash the system or potentially cause a denial of service. (CVE-2023-2177)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-068 advisory.

    A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong     branch type, potentially leading to information disclosure. (CVE-2022-23825)

    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow     an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

    A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some     Intel(R) Processors may allow an authorized user to enable information disclosure via local access.
    (CVE-2022-28693)

    A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary     speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)

    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their     retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can     hijack return instructions to achieve arbitrary speculative code execution under certain     microarchitecture-dependent conditions. (CVE-2022-29901)

    A memory access flaw was found in the Linux kernel's XEN hypervisor for the virtual machine. This flaw     allows a local user to crash the system or potentially escalate their privileges on the system.
    (CVE-2022-36123)

    In the Linux kernel, the following vulnerability has been resolved:

    vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/speculation: Fill RSB on vmexit for IBRS (CVE-2022-49611)

    In the Linux kernel, the following vulnerability has been resolved:

    serial: 8250: Fix PM usage_count for console handover (CVE-2022-49613)

    In the Linux kernel, the following vulnerability has been resolved:

    net: tipc: fix possible refcount leak in tipc_sk_create() (CVE-2022-49620)

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Fix potential memory leak in ima_init_crypto() (CVE-2022-49627)

    In the Linux kernel, the following vulnerability has been resolved:

    nexthop: Fix data-races around nexthop_compat_mode. (CVE-2022-49629)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix a data-race around sysctl_tcp_ecn_fallback. (CVE-2022-49630)

    In the Linux kernel, the following vulnerability has been resolved:

    raw: Fix a data-race around sysctl_raw_l3mdev_accept. (CVE-2022-49631)

    In the Linux kernel, the following vulnerability has been resolved:

    icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. (CVE-2022-49632)

    In the Linux kernel, the following vulnerability has been resolved:

    icmp: Fix data-races around sysctl_icmp_echo_enable_probe. (CVE-2022-49633)

    In the Linux kernel, the following vulnerability has been resolved:

    sysctl: Fix data-races in proc_dou8vec_minmax(). (CVE-2022-49634)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: Fix a data-race around sysctl_fib_sync_mem. (CVE-2022-49637)

    In the Linux kernel, the following vulnerability has been resolved:

    icmp: Fix data-races around sysctl. (CVE-2022-49638)

    In the Linux kernel, the following vulnerability has been resolved:

    cipso: Fix data-races around sysctl. (CVE-2022-49639)

    In the Linux kernel, the following vulnerability has been resolved:

    sysctl: Fix data races in proc_douintvec_minmax(). (CVE-2022-49640)

    In the Linux kernel, the following vulnerability has been resolved:

    sysctl: Fix data races in proc_douintvec(). (CVE-2022-49641)

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Fix a potential integer overflow in ima_appraise_measurement (CVE-2022-49643)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (CVE-2022-49644)

    In the Linux kernel, the following vulnerability has been resolved:

    cgroup: Use separate src/dst nodes when preloading css_sets for migration (CVE-2022-49647)

    In the Linux kernel, the following vulnerability has been resolved:

    xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (CVE-2022-49649)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: avoid resizing to a partial cluster size (CVE-2022-50020)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at     it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks     and what exactly is being mitigated. (CVE-2022-49611)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8973 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)

    * kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()     (CVE-2022-2639)

    * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)

    * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)

    * hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)

    * hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)

    * hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)

    * hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816,     CVE-2022-29900)

    * hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)

    * hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)

    * hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360)

    * RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is triggered while running forkoff.
    (BZ#2109144)

    * ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95: lpar crashed at
    __list_del_entry_valid+0x90/0x100 and LPM failed (BZ#2112823)

    * [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4 seq_read_iter+0x124/0x4b0 (BZ#2122625)

    * System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315)

    * [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded LVM RAID and IO process hangs     (BZ#2126215)

    * [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X vectors (BZ#2126491)

    * RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127874)

    * Enable check-kabi (BZ#2132372)

    * Add symbols to stablelist (BZ#2132373)

    * Update RHEL9.1 kabi tooling (BZ#2132380)

    * kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464)

    * [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot (BZ#2133553)

    * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134589)

    * crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as .fips_allowed = 1 (BZ#2136523)

    * FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552)

    * [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354)

    * [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355)

    * kernel memory leak while freeing nested actions (BZ#2137356)

    * ovs: backports from upstream (BZ#2137358)

    * kernel should conform to FIPS-140-3 requirements (both parts) (BZ#2139095)

    * [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139214)

    * Fix panic in nbd/004 test (BZ#2139535)

    * Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140141)

    * [RHEL9] Practically limit Dummy wait workaround to old Intel systems (BZ#2142169)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7110 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)

    * Information leak in scsi_ioctl() (CVE-2022-0494)

    * A kernel-info-leak issue in pfkey_register (CVE-2022-1353)

    * RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)

    * Branch Type Confusion (non-retbleed) (CVE-2022-23825)

    * RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Add s390_iommu_aperture kernel parameter (BZ#2081324)

    * Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)

    * Update NVME subsystem with bug fixes and minor changes (BZ#2106017)

    * Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)

    * vmcore failed, _exitcode:139 error observed while capturing vmcore during fadump after memory remove.
    incomplete vmcore is captured. (BZ#2107488)

    * 'disable_policy' is ignored for addresses configured on a down interface (BZ#2109971)

    * Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)

    * Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to     server (BZ#2111140)

    * IOMMU/DMA update for 8.7 (BZ#2111692)

    * Update Broadcom Emulex lpfc driver for RHEL8.7 with bug fixes (14.0.0.13) (BZ#2112103)

    * Incorrect Socket(s) & Core(s) per socket reported by lscpu command. (BZ#2112820)

    * Panic in ch_release() due to NULL ch->device pointer, backport upstream fix (BZ#2115965)

    * pyverbs-tests fail over qede IW HCAs on test_query_rc_qp (tests.test_qp.QPTest) (BZ#2119122)

    * qedi shutdown handler hangs upon reboot (BZ#2119847)

    * cache link_info for ethtool (BZ#2120197)

    * Important iavf bug fixes (BZ#2120225)

    * Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)

    * While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)

    * general protection fault handling rpc_xprt.timer (BZ#2126184)

    * Not enough device MSI-X vectors (BZ#2126482)

    * Atlantic driver panic on wakeup after hybernate (BZ#2127845)

    * Memory leak in vxlan_xmit_one (BZ#2131255)

    * Missing hybernate/resume fixes (BZ#2131936)

    Enhancement(s):

    * Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)

    * qed/qede/qedr - driver updates to latest upstream (BZ#2120611)

    * Update qedi driver to latest upstream (BZ#2120612)

    * Update qedf driver to latest upstream (BZ#2120613)

    * Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)

    * Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 4.14.291-218.527. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1838 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    i2c: Fix a potential use after free

    Free the adap structure only after we are done using it.This patch just moves the put_device() down a bit     to avoid theuse after free.

    [wsa: added comment to the code, added Fixes tag] (CVE-2019-25162)

    A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user     forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local     user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)

    In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could     lead to local escalation of privilege with no additional execution privileges needed. User interaction is     not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References:
    Upstream kernel (CVE-2022-20566)

    A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it     possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This     flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel     oops condition that results in a denial of service. (CVE-2022-2153)

    A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the     Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege     escalation problem. (CVE-2022-2588)

    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow     an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

    A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some     Intel(R) Processors may allow an authorized user to enable information disclosure via local access.
    (CVE-2022-28693)

    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their     retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can     hijack return instructions to achieve arbitrary speculative code execution under certain     microarchitecture-dependent conditions. (CVE-2022-29901)

    A memory corruption flaw was found in the Linux kernel's Netfilter subsystem in the way a local user uses     the libnetfilter_queue when analyzing a corrupted network packet. This flaw allows a local user to crash     the system or a remote user to crash the system when the libnetfilter_queue is used by a local user.
    (CVE-2022-36946)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/speculation: Fill RSB on vmexit for IBRS (CVE-2022-49611)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: avoid resizing to a partial cluster size (CVE-2022-50020)

    In the Linux kernel, the following vulnerability has been resolved:

    drivers:md:fix a potential use-after-free bug (CVE-2022-50022)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (CVE-2022-50083)

    In the Linux kernel, the following vulnerability has been resolved:

    dm raid: fix address sanitizer warning in raid_status (CVE-2022-50084)

    In the Linux kernel, the following vulnerability has been resolved:

    dm raid: fix address sanitizer warning in raid_resume (CVE-2022-50085)

    In the Linux kernel, the following vulnerability has been resolved:

    video: fbdev: s3fb: Check the size of screen before memset_io() (CVE-2022-50097)

    In the Linux kernel, the following vulnerability has been resolved:

    video: fbdev: amba-clcd: Fix refcount leak bugs (CVE-2022-50109)

    In the Linux kernel, the following vulnerability has been resolved:

    jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (CVE-2022-50126)

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/rxe: Fix error unwind in rxe_create_qp() (CVE-2022-50127)

    In the Linux kernel, the following vulnerability has been resolved:

    usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (CVE-2022-50153)

    In the Linux kernel, the following vulnerability has been resolved:

    mtd: maps: Fix refcount leak in ap_flash_init (CVE-2022-50160)

    In the Linux kernel, the following vulnerability has been resolved:

    mtd: maps: Fix refcount leak in of_flash_probe_versatile (CVE-2022-50161)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (CVE-2022-50185)

    In the Linux kernel, the following vulnerability has been resolved:

    selinux: Add boundary check in put_entry() (CVE-2022-50200)

    In the Linux kernel, the following vulnerability has been resolved:

    PM: hibernate: defer device probing when resuming from hibernation (CVE-2022-50202)

    In the Linux kernel, the following vulnerability has been resolved:

    ext2: Add more validity checks for inode counts (CVE-2022-50205)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: fix oops in concurrently setting insn_emulation sysctls (CVE-2022-50206)

    In the Linux kernel, the following vulnerability has been resolved:

    md-raid10: fix KASAN warning (CVE-2022-50211)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: sg: Allow waiting for commands to complete on removed device (CVE-2022-50215)

    In the Linux kernel, the following vulnerability has been resolved:

    usbnet: Fix linkwatch use-after-free on disconnect (CVE-2022-50220)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CVE-2022-50228)

    In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the     transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list
    -- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
241018	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1704)	Nessus	Huawei Local Security Checks	high
241015	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1689)	Nessus	Huawei Local Security Checks	high
234545	SUSE SLES12 Security Update : kernel (SUSE-SU-2025:1293-1)	Nessus	SuSE Local Security Checks	high
234484	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:1263-1)	Nessus	SuSE Local Security Checks	high
234407	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:1241-1)	Nessus	SuSE Local Security Checks	high
233410	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:1027-1)	Nessus	SuSE Local Security Checks	high
233373	Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-086)	Nessus	Amazon Linux Local Security Checks	high
232916	Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-068)	Nessus	Amazon Linux Local Security Checks	high
226373	Linux Distros Unpatched Vulnerability : CVE-2022-49611	Nessus	Misc.	medium
168713	RHEL 9 : kernel (RHSA-2022:8973)	Nessus	Red Hat Local Security Checks	high
166478	RHEL 8 : kernel (RHSA-2022:7110)	Nessus	Red Hat Local Security Checks	high
165102	Amazon Linux 2 : kernel, --advisory ALAS2-2022-1838 (ALAS-2022-1838)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2022-49611

medium

Tenable Plugins

Coming Soon

high

high

high

high

high

high

high

high

medium

high

high

high