In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) -> __sock_queue_rcv_skb. 2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram. An SKB can be queued by the first flow and immediately dequeued and freed by the second flow, therefore the callers of l2cap_reassemble_sdu can't use the SKB after that function returns. However, some places continue accessing struct l2cap_ctrl that resides in the SKB's CB for a short time after l2cap_reassemble_sdu returns, leading to a use-after-free condition (the stack trace is below, line numbers for kernel 5.19.8). Fix it by keeping a local copy of struct l2cap_ctrl. BUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth Read of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169 Workqueue: hci0 hci_rx_work [bluetooth] Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429) ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493) ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth ret_from_fork (arch/x86/entry/entry_64.S:306) </TASK> Allocated by task 43169: kasan_save_stack (mm/kasan/common.c:39) __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293) __alloc_skb (net/core/skbuff.c:414) l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth process_one_work (kernel/workqueue.c:2289) worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437) kthread (kernel/kthread.c:376) ret_from_fork (arch/x86/entry/entry_64.S:306) Freed by task 27920: kasan_save_stack (mm/kasan/common.c:39) kasan_set_track (mm/kasan/common.c:45) kasan_set_free_info (mm/kasan/generic.c:372) ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328) slab_free_freelist_hook (mm/slub.c:1780) kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553) skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323) bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth sock_read_iter (net/socket.c:1087) new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401) vfs_read (fs/read_write.c:482) ksys_read (fs/read_write.c:620) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992822 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

    Fix the race condition between the following two flows that run in     parallel:

    1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) ->
       __sock_queue_rcv_skb.

    2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram.

    An SKB can be queued by the first flow and immediately dequeued and     freed by the second flow, therefore the callers of l2cap_reassemble_sdu     can't use the SKB after that function returns. However, some places     continue accessing struct l2cap_ctrl that resides in the SKB's CB for a     short time after l2cap_reassemble_sdu returns, leading to a     use-after-free condition (the stack trace is below, line numbers for     kernel 5.19.8).

    Fix it by keeping a local copy of struct l2cap_ctrl.

    BUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth     Read of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169

    Workqueue: hci0 hci_rx_work [bluetooth]     Call Trace:
     <TASK>      dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))      print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429)      ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth      kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)      ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth      l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth      l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth      ret_from_fork (arch/x86/entry/entry_64.S:306)      </TASK>

    Allocated by task 43169:
     kasan_save_stack (mm/kasan/common.c:39)
     __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)      kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293)
     __alloc_skb (net/core/skbuff.c:414)      l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth      l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth      hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth      process_one_work (kernel/workqueue.c:2289)      worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437)      kthread (kernel/kthread.c:376)      ret_from_fork (arch/x86/entry/entry_64.S:306)

    Freed by task 27920:
     kasan_save_stack (mm/kasan/common.c:39)      kasan_set_track (mm/kasan/common.c:45)      kasan_set_free_info (mm/kasan/generic.c:372)
     ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328)      slab_free_freelist_hook (mm/slub.c:1780)      kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553)      skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323)      bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth      l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth      sock_read_iter (net/socket.c:1087)      new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401)      vfs_read (fs/read_write.c:482)      ksys_read (fs/read_write.c:620)      do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)      entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992272 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

    Fix the race condition between the following two flows that run in     parallel:

    1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) ->
       __sock_queue_rcv_skb.

    2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram.

    An SKB can be queued by the first flow and immediately dequeued and     freed by the second flow, therefore the callers of l2cap_reassemble_sdu     can't use the SKB after that function returns. However, some places     continue accessing struct l2cap_ctrl that resides in the SKB's CB for a     short time after l2cap_reassemble_sdu returns, leading to a     use-after-free condition (the stack trace is below, line numbers for     kernel 5.19.8).

    Fix it by keeping a local copy of struct l2cap_ctrl.

    BUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth     Read of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169

    Workqueue: hci0 hci_rx_work [bluetooth]     Call Trace:
     <TASK>      dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))      print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429)      ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth      kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)      ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth      l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth      l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth      ret_from_fork (arch/x86/entry/entry_64.S:306)      </TASK>

    Allocated by task 43169:
     kasan_save_stack (mm/kasan/common.c:39)
     __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)      kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293)
     __alloc_skb (net/core/skbuff.c:414)      l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth      l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth      hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth      process_one_work (kernel/workqueue.c:2289)      worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437)      kthread (kernel/kthread.c:376)      ret_from_fork (arch/x86/entry/entry_64.S:306)

    Freed by task 27920:
     kasan_save_stack (mm/kasan/common.c:39)      kasan_set_track (mm/kasan/common.c:45)      kasan_set_free_info (mm/kasan/generic.c:372)
     ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328)      slab_free_freelist_hook (mm/slub.c:1780)      kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553)      skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323)      bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth      l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth      sock_read_iter (net/socket.c:1087)      new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401)      vfs_read (fs/read_write.c:482)      ksys_read (fs/read_write.c:620)      do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)      entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the     following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb)
    -> __sock_queue_rcv_skb. 2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram. An SKB can be queued     by the first flow and immediately dequeued and freed by the second flow, therefore the callers of     l2cap_reassemble_sdu can't use the SKB after that function returns. However, some places continue     accessing struct l2cap_ctrl that resides in the SKB's CB for a short time after l2cap_reassemble_sdu     returns, leading to a use-after-free condition (the stack trace is below, line numbers for kernel 5.19.8).
    Fix it by keeping a local copy of struct l2cap_ctrl. BUG: KASAN: use-after-free in l2cap_rx_state_recv     (net/bluetooth/l2cap_core.c:6906) bluetooth Read of size 1 at addr ffff88812025f2f0 by task     kworker/u17:3/43169 Workqueue: hci0 hci_rx_work [bluetooth] Call Trace: <TASK> dump_stack_lvl     (lib/dump_stack.c:107 (discriminator 4)) print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429) ?     l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth kasan_report (mm/kasan/report.c:162     mm/kasan/report.c:493) ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth     l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth l2cap_rx (net/bluetooth/l2cap_core.c:7236     net/bluetooth/l2cap_core.c:7271) bluetooth ret_from_fork (arch/x86/entry/entry_64.S:306) </TASK> Allocated     by task 43169: kasan_save_stack (mm/kasan/common.c:39) __kasan_slab_alloc (mm/kasan/common.c:45     mm/kasan/common.c:436 mm/kasan/common.c:469) kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243     mm/slub.c:3293) __alloc_skb (net/core/skbuff.c:414) l2cap_recv_frag     (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth l2cap_recv_acldata     (net/bluetooth/l2cap_core.c:8442) bluetooth hci_rx_work (net/bluetooth/hci_core.c:3642     net/bluetooth/hci_core.c:3832) bluetooth process_one_work (kernel/workqueue.c:2289) worker_thread     (./include/linux/list.h:292 kernel/workqueue.c:2437) kthread (kernel/kthread.c:376) ret_from_fork     (arch/x86/entry/entry_64.S:306) Freed by task 27920: kasan_save_stack (mm/kasan/common.c:39)     kasan_set_track (mm/kasan/common.c:45) kasan_set_free_info (mm/kasan/generic.c:372) ____kasan_slab_free     (mm/kasan/common.c:368 mm/kasan/common.c:328) slab_free_freelist_hook (mm/slub.c:1780) kmem_cache_free     (mm/slub.c:3536 mm/slub.c:3553) skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639     net/core/datagram.c:323) bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth l2cap_sock_recvmsg     (net/bluetooth/l2cap_sock.c:1212) bluetooth sock_read_iter (net/socket.c:1087) new_sync_read     (./include/linux/fs.h:2052 fs/read_write.c:401) vfs_read (fs/read_write.c:482) ksys_read     (fs/read_write.c:620) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)     entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) (CVE-2022-49910)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02262-1 advisory.

    The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
    - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
    - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
    - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
    - CVE-2022-49858: octeontx2-pf: Fix SQE threshold checking (bsc#1242589).
    - CVE-2023-53058: net/mlx5: E-Switch, Fix an Oops in error handling code (bsc#1242237).
    - CVE-2023-53060: igb: revert rtnl_lock() that causes deadlock (bsc#1242241).
    - CVE-2023-53064: iavf: Fix hang on reboot with ice (bsc#1242222).
    - CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
    - CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
    - CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
    - CVE-2023-53134: bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1242380)
    - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
    - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
    - CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
    - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
    - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
    - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
    - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
    - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
    - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
    - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02173-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
    - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
    - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
    - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
    - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
    - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
    - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
    - CVE-2024-28956: x86/its: Add support for ITS-safe indirect thunk (bsc#1242006).
    - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01982-1 advisory.

    The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611).
    - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
    - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
    - CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394).
    - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
    - CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).
    - CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
    - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
    - CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
    - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
    - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
    - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
    - CVE-2024-56705: media: atomisp: add check for rgby_data memory allocation failure (bsc#1235568).
    - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
    - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
    - CVE-2025-22028: media: vimc: skip .s_stream() for stopped entities (bsc#1241362).
    - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).
    - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
    - CVE-2025-37846: arm64: mops: Do not dereference src reg for a set operation (bsc#1242963).
    - CVE-2025-40364: io_uring: fix io_req_prep_async with provided buffers (bsc#1241637).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01983-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47670: can: peak_usb: fix use after free bugs (bsc#1241407).
    - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
    - CVE-2022-49145: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (bsc#1238162).
    - CVE-2022-49168: btrfs: do not clean up repair bio if submit fails (bsc#1238109).
    - CVE-2022-49190: kernel/resource: fix kfree() of bootmem memory again (bsc#1238130).
    - CVE-2022-49212: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (bsc#1238331).
    - CVE-2022-49216: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (bsc#1238338).
    - CVE-2022-49235: ath9k_htc: fix uninit value bugs (bsc#1238333).
    - CVE-2022-49248: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (bsc#1238284).
    - CVE-2022-49253: media: usb: go7007: s2250-board: fix leak in probe() (bsc#1238420).
    - CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394).
    - CVE-2022-49326: rtl818x: Prevent using not initialized queues (bsc#1238646).
    - CVE-2022-49371: driver core: fix deadlock in __device_attach (bsc#1238546).
    - CVE-2022-49382: soc: rockchip: Fix refcount leak in rockchip_grf_init (bsc#1238306).
    - CVE-2022-49396: phy: qcom-qmp: fix reset-controller leak on probe errors (bsc#1238289).
    - CVE-2022-49420: net: annotate races around sk->sk_bound_dev_if (bsc#1238887).
    - CVE-2022-49441: tty: fix deadlock caused by calling printk() under tty_port->lock (bsc#1238263).
    - CVE-2022-49445: pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()     (bsc#1238019).
    - CVE-2022-49460: PM / devfreq: rk3399_dmc: Disable edev on remove() (bsc#1238892).
    - CVE-2022-49467: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (bsc#1238815).
    - CVE-2022-49474: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (bsc#1238071).
    - CVE-2022-49491: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (bsc#1238539).
    - CVE-2022-49503: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix     (bsc#1238868).
    - CVE-2022-49592: net: stmmac: fix dma queue left shift overflow issue (bsc#1238311).
    - CVE-2022-49625: sfc: fix kernel panic when creating VF (bsc#1238411).
    - CVE-2022-49635: drm/i915/selftests: fix subtraction overflow bug (bsc#1238806).
    - CVE-2022-49652: dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1238871).
    - CVE-2022-49715: irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (bsc#1238818).
    - CVE-2022-49728: kABI workaround for changeing the variable length type to size_t (bsc#1239111).
    - CVE-2022-49729: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (bsc#1239060).
    - CVE-2022-49751: w1: fix WARNING after calling w1_process() (bsc#1240254).
    - CVE-2022-49761: btrfs: always report error in run_one_delayed_ref() (bsc#1240261).
    - CVE-2022-49772: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (bsc#1242147).
    - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
    - CVE-2022-49776: macvlan: enforce a consistent minimal mtu (bsc#1242248).
    - CVE-2022-49787: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (bsc#1242352).
    - CVE-2022-49788: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (bsc#1242353).
    - CVE-2022-49813: net: ena: Fix error handling in ena_init() (bsc#1242497).
    - CVE-2022-49821: mISDN: fix possible memory leak in mISDN_dsp_element_register() (bsc#1242542).
    - CVE-2022-49826: ata: libata-transport: fix double ata_host_put() in ata_tport_add() (bsc#1242549).
    - CVE-2022-49829: drm/scheduler: fix fence ref counting (bsc#1242691).
    - CVE-2022-49832: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (bsc#1242154).
    - CVE-2022-49835: ALSA: hda: fix potential memleak in 'add_widget_node' (bsc#1242385).
    - CVE-2022-49840: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (bsc#1242447).
    - CVE-2022-49842: ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (bsc#1242484).
    - CVE-2022-49853: net: macvlan: fix memory leaks of macvlan_common_newlink (bsc#1242688).
    - CVE-2022-49861: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (bsc#1242580).
    - CVE-2022-49862: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header     (bsc#1242755).
    - CVE-2022-49865: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (bsc#1242570).
    - CVE-2022-49871: net: tun: call napi_schedule_prep() to ensure we own a napi (bsc#1242558).
    - CVE-2022-49872: net: gso: fix panic on frag_list with mixed head alloc types (bsc#1242594).
    - CVE-2022-49874: HID: hyperv: fix possible memory leak in mousevsc_probe() (bsc#1242478).
    - CVE-2022-49898: btrfs: fix tree mod log mishandling of reallocated nodes (bsc#1242472).
    - CVE-2022-49907: net: mdio: fix undefined behavior in bit shift for __mdiobus_register (bsc#1242450).
    - CVE-2022-49913: btrfs: fix inode list leak during backref walking at find_parent_nodes() (bsc#1242470).
    - CVE-2022-49914: btrfs: fix inode list leak during backref walking at resolve_indirect_refs()     (bsc#1242427).
    - CVE-2022-49922: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (bsc#1242378).
    - CVE-2022-49923: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (bsc#1242394).
    - CVE-2022-49924: nfc: fdp: Fix potential memory leak in fdp_nci_send() (bsc#1242426).
    - CVE-2022-49925: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (bsc#1242371).
    - CVE-2022-49931: IB/hfi1: Correctly move list in sc_disable() (bsc#1242382).
    - CVE-2023-52868: thermal: core: prevent potential string overflow (bsc#1225044).
    - CVE-2023-52975: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (bsc#1240322).
    - CVE-2023-52988: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()     (bsc#1240293).
    - CVE-2023-52989: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region     (bsc#1240266).
    - CVE-2023-52993: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (bsc#1240297).
    - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
    - CVE-2023-53045: usb: gadget: u_audio: do not let userspace block driver unbind (bsc#1242756).
    - CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
    - CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
    - CVE-2023-53080: xsk: Add missing overflow check in xdp_umem_reg (bsc#1242287).
    - CVE-2023-53094: tty: serial: fsl_lpuart: fix race on RX DMA shutdown (bsc#1242288).
    - CVE-2023-53103: bonding: Fix memory leak when changing bond type to Ethernet (bsc#1242408).
    - CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
    - CVE-2023-53139: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties     (bsc#1242361).
    - CVE-2024-26740: Fixed use the backlog for mirred ingress  (bsc#1222563).
    - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-50106: nfsd: fix race between laundromat and free_stateid() (bsc#1232882).
    - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).
    - CVE-2024-56779: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (bsc#1235632).
    - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
    - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
    - CVE-2025-21704: usb: cdc-acm: Check control transfer buffer size before access (bsc#1237571).
    - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).
    - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
    - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
    - CVE-2025-22027: media: streamzap: fix race between device disconnection and urb callback (bsc#1241369).
    - CVE-2025-22050: usbnet:fix NPE during rx_complete (bsc#1241441).
    - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
    - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
    - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
    - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
    - CVE-2025-23136: thermal: int340x: Add NULL check for adev (bsc#1241357).
    - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
    - CVE-2025-23161: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (bsc#1242792).
    - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).
    - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
    - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
    - CVE-2025-37782: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (bsc#1242770).
    - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
    - CVE-2025-37794: wifi: mac80211: Purge vif txq in ieee80211_do_stop() (bsc#1242566).
    - CVE-2025-37796: wifi: at76c50x: fix use after free access in at76_disconnect (bsc#1242727).
    - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
    - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
    - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
    - CVE-2025-37852: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()     (bsc#1243074).
    - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
    - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
    - CVE-2025-37989: net: phy: leds: fix memory leak (bsc#1243511).
    - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 4.14.299-223.520. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1888 advisory.

    In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input     validation. This could lead to local escalation of privilege with System execution privileges needed. User     interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-223375145References: Upstream kernel (CVE-2022-20369)

    In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could     lead to local escalation of privilege with System execution privileges needed. User interaction is not     needed for exploitation. (CVE-2022-20567)

    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow     an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

    A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the     function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated     identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

    There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req     function which can be used to leak kernel pointers remotely. We recommend upgrading past commit     https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e     https://www.google.com/url (CVE-2022-42895)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix warning in 'ext4_da_release_space' (CVE-2022-49880)

    In the Linux kernel, the following vulnerability has been resolved:

    capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (CVE-2022-49890)

    In the Linux kernel, the following vulnerability has been resolved:

    net, neigh: Fix null-ptr-deref in neigh_table_clear() (CVE-2022-49904)

    In the Linux kernel, the following vulnerability has been resolved:

    net: mdio: fix undefined behavior in bit shift for __mdiobus_register (CVE-2022-49907)

    In the Linux kernel, the following vulnerability has been resolved:

    Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (CVE-2022-49909)

    In the Linux kernel, the following vulnerability has been resolved:

    Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (CVE-2022-49910)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix ulist leaks in error paths of qgroup self tests (CVE-2022-49912)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (CVE-2022-49914)

    In the Linux kernel, the following vulnerability has been resolved:

    mISDN: fix possible memory leak in mISDN_register_device() (CVE-2022-49915)

    In the Linux kernel, the following vulnerability has been resolved:

    net: sched: Fix use after free in red_enqueue() (CVE-2022-49921)

    In the Linux kernel, the following vulnerability has been resolved:

    nfs4: Fix kmemleak when allocate slot failed (CVE-2022-49927)

    In the Linux kernel, the following vulnerability has been resolved:

    xen/gntdev: Prevent leaking grants (CVE-2022-50257)

    In the Linux kernel, the following vulnerability has been resolved:

    kcm: annotate data-races around kcm->rx_wait (CVE-2022-50265)

    In the Linux kernel, the following vulnerability has been resolved:

    mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (CVE-2022-50285)

    In the Linux kernel, the following vulnerability has been resolved:

    kcm: annotate data-races around kcm->rx_psock (CVE-2022-50291)

    In the Linux kernel, the following vulnerability has been resolved:

    ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (CVE-2022-50315)

    In the Linux kernel, the following vulnerability has been resolved:

    net: hns: fix possible memory leak in hnae_ae_register() (CVE-2022-50352)

    In the Linux kernel, the following vulnerability has been resolved:

    ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (CVE-2022-50427)

    In the Linux kernel, the following vulnerability has been resolved:

    kernfs: fix use-after-free in __kernfs_remove (CVE-2022-50432)

    In the Linux kernel, the following vulnerability has been resolved:

    xhci: Remove device endpoints from bandwidth list when freeing the device (CVE-2022-50470)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu/vt-d: Clean up si_domain in the init_dmars() error path (CVE-2022-50482)

    A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in     the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.
    (CVE-2023-0468)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
281179	Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992822)	Nessus	Unity Linux Local Security Checks	high
280509	Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992272)	Nessus	Unity Linux Local Security Checks	high
250202	Linux Distros Unpatched Vulnerability : CVE-2022-49910	Nessus	Misc.	high
241966	SUSE SLES15 : Recommended update for initial livepatch (SUSE-SU-2025:02262-1)	Nessus	SuSE Local Security Checks	high
241036	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02173-1)	Nessus	SuSE Local Security Checks	medium
240812	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:01982-1)	Nessus	SuSE Local Security Checks	high
240793	SUSE SLES12 Security Update : kernel (SUSE-SU-2025:01983-1)	Nessus	SuSE Local Security Checks	high
168430	Amazon Linux 2 : kernel, --advisory ALAS2-2022-1888 (ALAS-2022-1888)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2022-49910

high

Tenable Plugins

high

high

high

high

medium

high

high

high