In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the journal replay, we ignore the change, and rewrite the current journal_inum to the superblock.

vendor_unpatched cve-2023-53091: Unpatched CVEs for Debian Linux, Ubuntu Linux (cve-2023-53091)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02334-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2021-47212: net/mlx5: Update error handler for UCTX and UMEM (bsc#1222709).
    - CVE-2021-47455: ptp: Fix possible memory leak in ptp_clock_register() (bsc#1225254).
    - CVE-2021-47527: serial: core: fix transmit-buffer reset and memleak (bsc#1227768).
    - CVE-2022-21546: scsi: target: Fix WRITE_SAME No Data Buffer crash (bsc#1242243).
    - CVE-2022-49154: KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1238167).
    - CVE-2022-49622: netfilter: nf_tables: fix crash when nf_trace is enabled (bsc#1239042).
    - CVE-2022-49731: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (bsc#1239071).
    - CVE-2022-49764: kABI: workaround 'bpf: Prevent bpf program recursion for raw tracepoint probes' changes     (bsc#1242301).
    - CVE-2022-49780: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()     (bsc#1242262).
    - CVE-2022-49814: kcm: close race conditions on sk_receive_queue (bsc#1242498).
    - CVE-2022-49879: ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1242733).
    - CVE-2022-49881: wifi: cfg80211: fix memory leak in query_regdb_file() (bsc#1242481).
    - CVE-2022-49917: ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1242406).
    - CVE-2022-49921: net: sched: Fix use after free in red_enqueue() (bsc#1242359).
    - CVE-2022-50055: iavf: Fix adminq error handling (bsc#1245039).
    - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
    - CVE-2022-50134: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (bsc#1244802).
    - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
    - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command     (bsc#1220883).
    - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
    - CVE-2023-53020: l2tp: fix lockdep splat (bsc#1240224).
    - CVE-2023-53090: drm/amdkfd: Fix an illegal memory access (bsc#1242753).
    - CVE-2023-53091: ext4: update s_journal_inum if it changes after journal replay (bsc#1242767).
    - CVE-2023-53133: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()     (bsc#1242423).
    - CVE-2024-26586: mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243).
    - CVE-2024-26825: nfc: nci: free rx_data_reassembly skb on NCI device cleanup (bsc#1223065).
    - CVE-2024-26872: RDMA/srpt: Do not register event handler until srpt device is fully setup (bsc#1223115).
    - CVE-2024-26875: media: pvrusb2: fix uaf in pvr2_context_set_notify (bsc#1223118).
    - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device     attribute group (bsc#1224712).
    - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info     (bsc#1224726).
    - CVE-2024-38588: ftrace: Fix possible use-after-free issue in ftrace_location() (bsc#1226837).
    - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913).
    - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610).
    - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686).
    - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
    - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching     (bsc#1241544).
    - CVE-2025-23149: tpm: do not start chip while suspended (bsc#1242758).
    - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515).
    - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521).
    - CVE-2025-37781: i2c: cros-ec-tunnel: defer probe if parent EC is not present (bsc#1242575).
    - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849).
    - CVE-2025-37810: usb: dwc3: gadget: check that event count does not exceed event buffer length     (bsc#1242906).
    - CVE-2025-37836: PCI: Fix reference leak in pci_register_host_bridge() (bsc#1242957).
    - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946).
    - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982).
    - CVE-2025-37892: mtd: inftlcore: Add error check for inftl_read_oob() (bsc#1243536).
    - CVE-2025-37911: bnxt_en: Fix out-of-bound memcpy() during ethtool -w (bsc#1243469).
    - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551).
    - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620).
    - CVE-2025-37928: dm-bufio: do not schedule in atomic context (bsc#1243621).
    - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523).
    - CVE-2025-37980: block: fix resource leak in blk_register_queue() error path (bsc#1243522).
    - CVE-2025-37982: wifi: wl1251: fix memory leak in wl1251_tx_work (bsc#1243524).
    - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698).
    - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827).
    - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836).
    - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
    - CVE-2025-38004: can: bcm: add locking for bcm_op runtime updates (bsc#1244274).
    - CVE-2025-38023: nfs: handle failure of nfs_get_lock_context in unlock path (bsc#1245004).
    - CVE-2025-38024: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (bsc#1245025).
    - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write()     (bsc#1245440).
    - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743).
    - CVE-2025-38078: ALSA: pcm: Fix race of buffer access at PCM OSS layer (bsc#1244737).
    - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02262-1 advisory.

    The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
    - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
    - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
    - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
    - CVE-2022-49858: octeontx2-pf: Fix SQE threshold checking (bsc#1242589).
    - CVE-2023-53058: net/mlx5: E-Switch, Fix an Oops in error handling code (bsc#1242237).
    - CVE-2023-53060: igb: revert rtnl_lock() that causes deadlock (bsc#1242241).
    - CVE-2023-53064: iavf: Fix hang on reboot with ice (bsc#1242222).
    - CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
    - CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
    - CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
    - CVE-2023-53134: bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1242380)
    - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
    - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
    - CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
    - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
    - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
    - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
    - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
    - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
    - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
    - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02173-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
    - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
    - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
    - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
    - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
    - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
    - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
    - CVE-2024-28956: x86/its: Add support for ITS-safe indirect thunk (bsc#1242006).
    - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.15.104-63.140. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2023-019 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: block range must be validated before use in ext4_mb_clear_bb() (CVE-2022-50021)

    A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve     local privilege escalation.

    The perf_group_detach function did not check the event's siblings' attach_state before calling     add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching     from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.

    We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)

    An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64     lacks consistency checks for CR0 and CR4. (CVE-2023-30456)

    In the Linux kernel, the following vulnerability has been resolved:

    ftrace: Fix invalid address access in lookup_rec() when index is 0 (CVE-2023-53075)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/shmem-helper: Remove another errant put in error path (CVE-2023-53084)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915/active: Fix misuse of non-idle barriers as fence trackers (CVE-2023-53087)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix task hung in ext4_xattr_delete_inode (CVE-2023-53089)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: update s_journal_inum if it changes after journal replay (CVE-2023-53091)

    In the Linux kernel, the following vulnerability has been resolved:

    interconnect: fix mem leak when freeing nodes (CVE-2023-53096)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix WARNING in ext4_update_inline_data (CVE-2023-53100)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: zero i_disksize when initializing the bootloader inode (CVE-2023-53101)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails (CVE-2023-53103)

    In the Linux kernel, the following vulnerability has been resolved:

    net: tunnels: annotate lockless accesses to dev->needed_headroom (CVE-2023-53109)

    In the Linux kernel, the following vulnerability has been resolved:

    loop: Fix use-after-free issues (CVE-2023-53111)

    In the Linux kernel, the following vulnerability has been resolved:

    fs: prevent out-of-bounds array speculation when closing a file descriptor (CVE-2023-53117)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: tcp_make_synack() can be called from process context (CVE-2023-53121)

    In the Linux kernel, the following vulnerability has been resolved:

    PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (CVE-2023-53123)

    In the Linux kernel, the following vulnerability has been resolved:

    SUNRPC: Fix a server shutdown leak (CVE-2023-53131)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (CVE-2023-53133)

    In the Linux kernel, the following vulnerability has been resolved:

    af_unix: fix struct pid leaks in OOB support (CVE-2023-53136)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: Fix possible corruption when moving a directory (CVE-2023-53137)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (CVE-2023-53140)

    In the Linux kernel, the following vulnerability has been resolved:

    ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (CVE-2023-53141)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix another off-by-one fsmap error on 1k block filesystems (CVE-2023-53143)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-148 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace (CVE-2022-49932)

    A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve     local privilege escalation.

    The perf_group_detach function did not check the event's siblings' attach_state before calling     add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching     from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.

    We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading     to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)

    An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64     lacks consistency checks for CR0 and CR4. (CVE-2023-30456)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent (CVE-2023-53070)

    In the Linux kernel, the following vulnerability has been resolved:

    ftrace: Fix invalid address access in lookup_rec() when index is 0 (CVE-2023-53075)

    In the Linux kernel, the following vulnerability has been resolved:

    ocfs2: fix data corruption after failed write (CVE-2023-53081)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/shmem-helper: Remove another errant put in error path (CVE-2023-53084)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915/active: Fix misuse of non-idle barriers as fence trackers (CVE-2023-53087)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix task hung in ext4_xattr_delete_inode (CVE-2023-53089)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: update s_journal_inum if it changes after journal replay (CVE-2023-53091)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/ttm: Fix a NULL pointer dereference (CVE-2023-53095)

    In the Linux kernel, the following vulnerability has been resolved:

    interconnect: fix mem leak when freeing nodes (CVE-2023-53096)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix WARNING in ext4_update_inline_data (CVE-2023-53100)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: zero i_disksize when initializing the bootloader inode (CVE-2023-53101)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails (CVE-2023-53103)

    In the Linux kernel, the following vulnerability has been resolved:

    veth: Fix use after free in XDP_REDIRECT (CVE-2023-53107)

    In the Linux kernel, the following vulnerability has been resolved:

    net: tunnels: annotate lockless accesses to dev->needed_headroom (CVE-2023-53109)

    In the Linux kernel, the following vulnerability has been resolved:

    loop: Fix use-after-free issues (CVE-2023-53111)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (CVE-2023-53112)

    In the Linux kernel, the following vulnerability has been resolved:

    fs: prevent out-of-bounds array speculation when closing a file descriptor (CVE-2023-53117)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: tcp_make_synack() can be called from process context (CVE-2023-53121)

    In the Linux kernel, the following vulnerability has been resolved:

    PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (CVE-2023-53123)

    In the Linux kernel, the following vulnerability has been resolved:

    SUNRPC: Fix a server shutdown leak (CVE-2023-53131)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (CVE-2023-53133)

    In the Linux kernel, the following vulnerability has been resolved:

    af_unix: fix struct pid leaks in OOB support (CVE-2023-53136)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: Fix possible corruption when moving a directory (CVE-2023-53137)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (CVE-2023-53140)

    In the Linux kernel, the following vulnerability has been resolved:

    ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (CVE-2023-53141)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix another off-by-one fsmap error on 1k block filesystems (CVE-2023-53143)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
242218	SUSE SLES12 Security Update : kernel (SUSE-SU-2025:02334-1)	Nessus	SuSE Local Security Checks	critical
241966	SUSE SLES15 : Recommended update for initial livepatch (SUSE-SU-2025:02262-1)	Nessus	SuSE Local Security Checks	high
241036	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02173-1)	Nessus	SuSE Local Security Checks	medium
176754	Amazon Linux 2 : kernel (ALASKERNEL-5.15-2023-019)	Nessus	Amazon Linux Local Security Checks	high
173854	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-148)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2023-53091

medium

Tenable Plugins

Coming Soon

critical

high

medium

high

high