In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If set, csdlock_debug() invokes static_branch_enable() to enable csd_lock_wait feature, which triggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and CONFIG_SPARSEMEM_VMEMMAP=n. With CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in static_key_enable() and returns NULL, resulting in a NULL dereference because mem_section is initialized only later in sparse_init(). This is also a problem for powerpc because early_param() functions are invoked earlier than jump_label_init(), also resulting in static_key_enable() failures. These failures cause the warning "static key 'xxx' used before call to jump_label_init()". Thus, early_param is too early for csd_lock_wait to run static_branch_enable(), so changes it to __setup to fix these.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug     from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param()     function csdlock_debug(). If set, csdlock_debug() invokes static_branch_enable() to enable csd_lock_wait     feature, which triggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and     CONFIG_SPARSEMEM_VMEMMAP=n. With CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in     static_key_enable() and returns NULL, resulting in a NULL dereference because mem_section is initialized     only later in sparse_init(). This is also a problem for powerpc because early_param() functions are     invoked earlier than jump_label_init(), also resulting in static_key_enable() failures. These failures     cause the warning static key 'xxx' used before call to jump_label_init(). Thus, early_param is too early     for csd_lock_wait to run static_branch_enable(), so changes it to __setup to fix these. (CVE-2022-50091)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02334-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2021-47212: net/mlx5: Update error handler for UCTX and UMEM (bsc#1222709).
    - CVE-2021-47455: ptp: Fix possible memory leak in ptp_clock_register() (bsc#1225254).
    - CVE-2021-47527: serial: core: fix transmit-buffer reset and memleak (bsc#1227768).
    - CVE-2022-21546: scsi: target: Fix WRITE_SAME No Data Buffer crash (bsc#1242243).
    - CVE-2022-49154: KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1238167).
    - CVE-2022-49622: netfilter: nf_tables: fix crash when nf_trace is enabled (bsc#1239042).
    - CVE-2022-49731: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (bsc#1239071).
    - CVE-2022-49764: kABI: workaround 'bpf: Prevent bpf program recursion for raw tracepoint probes' changes     (bsc#1242301).
    - CVE-2022-49780: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()     (bsc#1242262).
    - CVE-2022-49814: kcm: close race conditions on sk_receive_queue (bsc#1242498).
    - CVE-2022-49879: ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1242733).
    - CVE-2022-49881: wifi: cfg80211: fix memory leak in query_regdb_file() (bsc#1242481).
    - CVE-2022-49917: ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1242406).
    - CVE-2022-49921: net: sched: Fix use after free in red_enqueue() (bsc#1242359).
    - CVE-2022-50055: iavf: Fix adminq error handling (bsc#1245039).
    - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
    - CVE-2022-50134: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (bsc#1244802).
    - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
    - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command     (bsc#1220883).
    - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
    - CVE-2023-53020: l2tp: fix lockdep splat (bsc#1240224).
    - CVE-2023-53090: drm/amdkfd: Fix an illegal memory access (bsc#1242753).
    - CVE-2023-53091: ext4: update s_journal_inum if it changes after journal replay (bsc#1242767).
    - CVE-2023-53133: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()     (bsc#1242423).
    - CVE-2024-26586: mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243).
    - CVE-2024-26825: nfc: nci: free rx_data_reassembly skb on NCI device cleanup (bsc#1223065).
    - CVE-2024-26872: RDMA/srpt: Do not register event handler until srpt device is fully setup (bsc#1223115).
    - CVE-2024-26875: media: pvrusb2: fix uaf in pvr2_context_set_notify (bsc#1223118).
    - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device     attribute group (bsc#1224712).
    - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info     (bsc#1224726).
    - CVE-2024-38588: ftrace: Fix possible use-after-free issue in ftrace_location() (bsc#1226837).
    - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913).
    - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610).
    - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686).
    - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
    - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching     (bsc#1241544).
    - CVE-2025-23149: tpm: do not start chip while suspended (bsc#1242758).
    - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515).
    - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521).
    - CVE-2025-37781: i2c: cros-ec-tunnel: defer probe if parent EC is not present (bsc#1242575).
    - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849).
    - CVE-2025-37810: usb: dwc3: gadget: check that event count does not exceed event buffer length     (bsc#1242906).
    - CVE-2025-37836: PCI: Fix reference leak in pci_register_host_bridge() (bsc#1242957).
    - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946).
    - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982).
    - CVE-2025-37892: mtd: inftlcore: Add error check for inftl_read_oob() (bsc#1243536).
    - CVE-2025-37911: bnxt_en: Fix out-of-bound memcpy() during ethtool -w (bsc#1243469).
    - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551).
    - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620).
    - CVE-2025-37928: dm-bufio: do not schedule in atomic context (bsc#1243621).
    - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523).
    - CVE-2025-37980: block: fix resource leak in blk_register_queue() error path (bsc#1243522).
    - CVE-2025-37982: wifi: wl1251: fix memory leak in wl1251_tx_work (bsc#1243524).
    - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698).
    - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827).
    - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836).
    - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
    - CVE-2025-38004: can: bcm: add locking for bcm_op runtime updates (bsc#1244274).
    - CVE-2025-38023: nfs: handle failure of nfs_get_lock_context in unlock path (bsc#1245004).
    - CVE-2025-38024: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (bsc#1245025).
    - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write()     (bsc#1245440).
    - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743).
    - CVE-2025-38078: ALSA: pcm: Fix race of buffer access at PCM OSS layer (bsc#1244737).
    - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02308-1 advisory.

    The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147).
    - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
    - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
    - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
    - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
    - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
    - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
    - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
    - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
    - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
    - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
    - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
    - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
    - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
    - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc     (bsc#1243330).
    - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
    - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
    - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
    - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6583 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

    * kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and     cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

    * kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)

    * Kernel: race when faulting a device private page in memory manager (CVE-2022-3523)

    * kernel: use-after-free in l1oip timer handlers (CVE-2022-3565)

    * kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

    * kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)

    * kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)

    * hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

    * kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c (CVE-2022-42895)

    * kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

    * kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)

    * kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

    * kernel: hid: Use After Free in asus_remove() (CVE-2023-1079)

    * kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

    * kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

    * Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (CVE-2023-1652)

    * kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)

    * kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)

    * kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

    * kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params() (CVE-2023-3772)

    * kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr (CVE-2023-3773)

    * kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability (CVE-2023-4155)

    * kernel: exFAT: stack overflow in exfat_get_uniname_from_ext_entry (CVE-2023-4273)

    * kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

    * kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)

    * kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove() (CVE-2023-33203)

    * kernel: vmwgfx: race condition leading to information disclosure vulnerability (CVE-2023-33951)

    * kernel: vmwgfx: double free within the handling of vmw_buffer_object objects (CVE-2023-33952)

    * kernel: r592: race condition leading to use-after-free in r592_remove() (CVE-2023-35825)

    * kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)

    * kernel: tap: tap_open(): correctly initialize socket uid (CVE-2023-1076)

    * kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the     coredump code (CVE-2023-1249)

    * kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

    * kernel: Use after free bug in r592_remove (CVE-2023-3141)

    * kernel: gfs2: NULL pointer dereference in gfs2_evict_inode() (CVE-2023-3212)

    * kernel: NULL pointer dereference due to missing kalloc() return value check in     shtp_cl_get_dma_send_buf() (CVE-2023-3358)

    * kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid     (CVE-2023-4194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
247615	Linux Distros Unpatched Vulnerability : CVE-2022-50091	Nessus	Misc.	medium
242218	SUSE SLES12 Security Update : kernel (SUSE-SU-2025:02334-1)	Nessus	SuSE Local Security Checks	critical
242100	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02308-1)	Nessus	SuSE Local Security Checks	high
194262	RHEL 9 : kernel (RHSA-2023:6583)	Nessus	Red Hat Local Security Checks	high
166118	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2022-008 (ALASKERNEL-5.15-2022-008)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2022-50091

high

Tenable Plugins

medium

critical

high

high

high