In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves team or bonding drivers ability to dynamically change their dev->needed_headroom and/or dev->hard_header_len In this particular crash mld_newpack() allocated an skb with a too small reserve/headroom, and by the time mld_sendpack() was called, syzbot managed to attach an ipgre device. [1] skbuff: skb_under_panic: text:ffffffff89ea3cb7 len:2030915468 put:2030915372 head:ffff888058b43000 data:ffff887fdfa6e194 tail:0x120 end:0x6c0 dev:team0 kernel BUG at net/core/skbuff.c:213 ! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 1322 Comm: kworker/1:9 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: mld mld_ifc_work RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:213 Call Trace: <TASK> skb_under_panic net/core/skbuff.c:223 [inline] skb_push+0xc3/0xe0 net/core/skbuff.c:2641 ipgre_header+0x67/0x290 net/ipv4/ip_gre.c:897 dev_hard_header include/linux/netdevice.h:3436 [inline] neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318 mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855 mld_send_cr net/ipv6/mcast.c:2154 [inline] mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693 process_one_work kernel/workqueue.c:3257 [inline] process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

The version of kernel installed on the remote host is prior to 5.10.251-248.983. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-114 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    HID: uclogic: Correct devm device reference for hidinput input_dev name (CVE-2023-54207)

    In the Linux kernel, the following vulnerability has been resolved:

    driver core: fix potential null-ptr-deref in device_add() (CVE-2023-54321)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591)

    In the Linux kernel, the following vulnerability has been resolved:

    ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (CVE-2025-68211)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (CVE-2025-71194)

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path     to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx     [0000:27:00.0]-0042:0: Disabled MSI-X. [61110.467494]     ============================================================================= [61110.467498] BUG     qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()     [61110.467501] -----------------------------------------------------------------------------     [61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85     flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff) [61110.467509] CPU: 53 PID: 455206     Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1 [61110.467513]     Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023     [61110.467515] Call Trace: [61110.467516] <TASK> [61110.467519] dump_stack_lvl+0x34/0x48 [61110.467526]     slab_err.cold+0x53/0x67 [61110.467534] __kmem_cache_shutdown+0x16e/0x320 [61110.467540]     kmem_cache_destroy+0x51/0x160 [61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx] [61110.467607] ?
    __do_sys_delete_module.constprop.0+0x178/0x280 [61110.467613] ?     syscall_trace_enter.constprop.0+0x145/0x1d0 [61110.467616] ? do_syscall_64+0x5c/0x90 [61110.467619] ?     exc_page_fault+0x62/0x150 [61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [61110.467626] </TASK>     [61110.467627] Disabling lock debugging due to kernel taint [61110.467635] Object 0x0000000026f7e6e6     @offset=16000 [61110.467639] ------------[ cut here ]------------ [61110.467639] kmem_cache_destroy     qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]     [61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160     [61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- ---     5.14.0-284.11.1.el9_2.x86_64 #1 [61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant     DL385 Gen10 Plus v2, BIOS A42 08/17/2023 [61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160     [61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc     66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 <0f> 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48     89 [61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282 [61110.467727] RAX: 0000000000000000 RBX:
    ffffffffc0d9a860 RCX: 0000000000000027 [61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI:
    ffff8fd5ff9598a0 [61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7     [61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000 [61110.467731] R13:
    0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [61110.467733] FS: 00007f64c89fb740(0000)     GS:ffff8fd5ff940000(0000) knlGS:0000000000000000 [61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0:
    0000000080050033 [61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0     [61110.467736] PKRU: 55555554 [61110.467737] Call Trace: [61110.467738] <TASK> [61110.467739]     qla2x00_module_exit+0x93/0x99 [qla2xxx] [61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280     Free sp in the error path to fix the crash. (CVE-2025-71232)

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload     while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP:
    ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11:
    ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15:
    00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000)     knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926]     CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554     [105954.384929] Call Trace: [105954.384931] <IRQ> [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]     [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ?     qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ?     qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0     [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ?     handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ?
    __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ?     asm_common_interrupt+0x22/0x40 The root cause of this was that there was a free (dma_free_attrs) in the     interrupt context. There was a device discovery/fabric scan in progress. A module unload was issued which     set the UNLOADING flag. As part of the discovery, after receiving an interrupt a work queue was scheduled     (which involved a work to be queued). Since the UNLOADING flag is set, the work item was not allocated and     the mapped memory had to be freed. The free occurred in interrupt context leading to system crash. Delay     the driver unload until the fabric scan is complete to avoid the crash. (CVE-2025-71235)

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before     freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-     FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO     exchange threshold to 3. [154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange     threshold to 5. [154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed - 0078 0080 0000.
    [154565.545744] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed - 0078 00a0 0000. [154565.545857]     qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate). [154565.552760] qla2xxx [0000:b0:00.1]-11a2:2:
    FEC=enabled (data rate). [154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8     [154565.553080] #PF: supervisor read access in kernel mode [154565.553082] #PF: error_code(0x0000) - not-     present page [154565.553084] PGD 80000010488ab067 P4D 80000010488ab067 PUD 104978a067 PMD 0     [154565.553089] Oops: 0000 1 PREEMPT SMP PTI [154565.553092] CPU: 10 PID: 858 Comm: qla2xxx_2_dpc Kdump:
    loaded Tainted: G OE ------- --- 5.14.0-503.11.1.el9_5.x86_64 #1 [154565.553096] Hardware name: HPE     Synergy 660 Gen10/Synergy 660 Gen10 Compute Module, BIOS I43 09/30/2024 [154565.553097] RIP:
    0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx] [154565.553141] Code: 00 00 e8 58 a3 ec d4 49 89 e9     ba 12 20 00 00 4c 89 e6 49 c7 c0 00 ee a8 c0 48 c7 c1 66 c0 a9 c0 bf 00 80 00 10 e8 15 69 00 00 <4c> 8b 8d     f8 00 00 00 4d 85 c9 74 35 49 8b 84 24 00 19 00 00 48 8b [154565.553143] RSP: 0018:ffffb4dbc8aebdd0     EFLAGS: 00010286 [154565.553145] RAX: 0000000000000000 RBX: ffff8ec2cf0908d0 RCX: 0000000000000002     [154565.553147] RDX: 0000000000000000 RSI: ffffffffc0a9c896 RDI: ffffb4dbc8aebd47 [154565.553148] RBP:
    0000000000000000 R08: ffffb4dbc8aebd45 R09: 0000000000ffff0a [154565.553150] R10: 0000000000000000 R11:
    000000000000000f R12: ffff8ec2cf0908d0 [154565.553151] R13: ffff8ec2cf090900 R14: 0000000000000102 R15:
    ffff8ec2cf084000 [154565.553152] FS: 0000000000000000(0000) GS:ffff8ed27f800000(0000)     knlGS:0000000000000000 [154565.553154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [154565.553155]     CR2: 00000000000000f8 CR3: 000000113ae0a005 CR4: 00000000007706f0 [154565.553157] DR0: 0000000000000000     DR1: 0000000000000000 DR2: 0000000000000000 [154565.553158] DR3: 0000000000000000 DR6: 00000000fffe0ff0     DR7: 0000000000000400 [154565.553159] PKRU: 55555554 [154565.553160] Call Trace: [154565.553162] <TASK>     [154565.553165] ? show_trace_log_lvl+0x1c4/0x2df [154565.553172] ? show_trace_log_lvl+0x1c4/0x2df     [154565.553177] ? qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx] [154565.553215] ?
    __die_body.cold+0x8/0xd [154565.553218] ? page_fault_oops+0x134/0x170 [154565.553223] ? snprintf+0x49/0x70     [154565.553229] ? exc_page_fault+0x62/0x150 [154565.553238] ? asm_exc_page_fault+0x22/0x30 Check for sp     being non NULL before freeing any associated memory (CVE-2025-71236)

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow     that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating     nblocks if end_block is too small. Since nblocks is of type sector_t, which is u64, a negative nblocks     value will become a very large positive integer. This ultimately leads to the block layer function
    __blkdev_issue_discard() taking an excessively long time to process the bio chain, and the ns_segctor_sem     lock remains held for a long period. This prevents other tasks from acquiring the ns_segctor_sem lock,     resulting in the hang reported by syzbot in [1]. If the ending block is too small, typically if it is     smaller than 4KiB range, depending on the usage of the segment 0, it may be possible to attempt a discard     request beyond the device size causing the hang. Exiting successfully and assign the discarded size (0 in     this case) to range->len. Although the start and len values in the user input range are too small, a     conservative strategy is adopted here to safely ignore them, which is equivalent to a no-op; it will not     perform any trimming and will not throw an error. [1] task:segctord state:D stack:28968 pid:6093 tgid:6093     ppid:2 task_flags:0x200040 flags:0x00080000 Call Trace: rwbase_write_lock+0x3dd/0x750     kernel/locking/rwbase_rt.c:272 nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357     nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline] nilfs_segctor_thread+0x6ec/0xe00     fs/nilfs2/segment.c:2684 [ryusuke: corrected part of the commit message about the consequences]     (CVE-2025-71237)

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing     double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for     address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195]     #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops:
    0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded     Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant     DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10     [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX:
    0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI:
    ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000     [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13:
    ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000)     GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0:
    0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0     [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ?     show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ?     sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ?     page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ?     exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ?     memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259]     qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0     [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases. However a few invoke it for     failure case as well leading to a double free. Validate before calling bsg_done(). (CVE-2025-71238)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)

    In the Linux kernel, the following vulnerability has been resolved:

    ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011)

    In the Linux kernel, the following vulnerability has been resolved:

    pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (CVE-2026-23038)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (CVE-2026-23060)

    In the Linux kernel, the following vulnerability has been resolved:

    regmap: Fix race condition in hwspinlock irqsave routine (CVE-2026-23071)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074)

    In the Linux kernel, the following vulnerability has been resolved:

    fou: Don't allow 0 for FOU_ATTR_IPPROTO. (CVE-2026-23083)

    In the Linux kernel, the following vulnerability has been resolved:

    irqchip/gic-v3-its: Avoid truncating memory addresses (CVE-2026-23085)

    In the Linux kernel, the following vulnerability has been resolved:

    gue: Fix skb memleak with inner IP protocol 0. (CVE-2026-23095)

    In the Linux kernel, the following vulnerability has been resolved:

    migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097)

    In the Linux kernel, the following vulnerability has been resolved:

    leds: led-class: Only Add LED to leds_list when it is fully ready (CVE-2026-23101)

    In the Linux kernel, the following vulnerability has been resolved:

    ipvlan: Make the addrs_lock be per port (CVE-2026-23103)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (CVE-2026-23145)

    In the Linux kernel, the following vulnerability has been resolved:

    rocker: fix memory leak in rocker_world_port_post_fini() (CVE-2026-23164)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216)

    In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock     protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin     backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc
    -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this:
    virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when     it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(),     openssl benchmark with multiple processes works well. (CVE-2026-23229)

    In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return     value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if the requested     block size is incompatible with the block device's configuration. This can be triggered by setting a loop     device's block size larger than PAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs     filesystem on that device. When sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the device     has logical_block_size=32768, bdev_validate_blocksize() fails because the requested size is smaller than     the device's logical block size. sb_set_blocksize() returns 0 (failure), but romfs ignores this and     continues mounting. The superblock's block size remains at the device's logical block size (32768). Later,     when sb_bread() attempts I/O with this oversized block size, it triggers a kernel BUG in folio_set_bh():
    kernel BUG at fs/buffer.c:1582! BUG_ON(size > PAGE_SIZE); Fix by checking the return value of     sb_set_blocksize() and failing the mount with -EINVAL if it returns 0. (CVE-2026-23238)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.15.202-141.223. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-099 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (CVE-2022-50390)

    In the Linux kernel, the following vulnerability has been resolved:

    blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (CVE-2023-53421)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (CVE-2023-53662)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591)

    In the Linux kernel, the following vulnerability has been resolved:

    team: Move team device type change at the end of team_port_add (CVE-2025-68340)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358)

    In the Linux kernel, the following vulnerability has been resolved:

    fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (CVE-2025-71194)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)

    In the Linux kernel, the following vulnerability has been resolved:

    ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011)

    In the Linux kernel, the following vulnerability has been resolved:

    pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (CVE-2026-23038)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (CVE-2026-23060)

    In the Linux kernel, the following vulnerability has been resolved:

    regmap: Fix race condition in hwspinlock irqsave routine (CVE-2026-23071)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074)

    In the Linux kernel, the following vulnerability has been resolved:

    fou: Don't allow 0 for FOU_ATTR_IPPROTO. (CVE-2026-23083)

    In the Linux kernel, the following vulnerability has been resolved:

    irqchip/gic-v3-its: Avoid truncating memory addresses (CVE-2026-23085)

    In the Linux kernel, the following vulnerability has been resolved:

    gue: Fix skb memleak with inner IP protocol 0. (CVE-2026-23095)

    In the Linux kernel, the following vulnerability has been resolved:

    migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099)

    In the Linux kernel, the following vulnerability has been resolved:

    ipvlan: Make the addrs_lock be per port (CVE-2026-23103)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: annotate data-race in ndisc_router_discovery() (CVE-2026-23124)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (CVE-2026-23145)

    In the Linux kernel, the following vulnerability has been resolved:

    mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)

    In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in     driver_override_show() The driver_override_show() function reads the driver_override string without     holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and     frees the string while holding the device_lock. This can result in a concurrent use-after-free if the     string is freed by the store function while being read by the show function. Fix this by holding the     device_lock around the read operation. (CVE-2026-23221)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50144 advisory.

    - mm/page_alloc: prevent pcp corruption with SMP=n (Vlastimil Babka) [Orabug: 38914772] {CVE-2026-23025}
    - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (Xu Wang) [Orabug: 38914781]     {CVE-2026-23030}
    - bpf: Reject narrower access to pointer ctx fields (Paul Chaignon) [Orabug: 38335080] {CVE-2025-38591}
    - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (Seongjae Park)     [Orabug: 38970289] {CVE-2026-23142}
    - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (Robbie Ko) [Orabug:
    38930778] {CVE-2025-71194}
    - dmaengine: bcm-sba-raid: fix device leak on probe (Johan Hovold) [Orabug: 38914727] {CVE-2025-71190}
    - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (Marek Vasut) [Orabug:
    38930828] {CVE-2026-23049}
    - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (Seongjae Park) [Orabug: 38970294]     {CVE-2026-23144}
    - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (Yangerkun) [Orabug: 38970600] {CVE-2026-23145}
    - lib/buildid: use __kernel_read() for sleepable context (Shakeel Butt) [Orabug: 38887735]     {CVE-2026-23002}
    - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts     (Tetsuo Handa) [Orabug: 38887709] {CVE-2026-22997}
    - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38914785]     {CVE-2026-23031}
    - null_blk: fix kmemleak by releasing references to fault configfs items (Nilay Shroff) [Orabug: 38914794]     {CVE-2026-23032}
    - bridge: mcast: Fix use-after-free during router port configuration (Ido Schimmel) [Orabug: 38175058]     {CVE-2025-38248}
    - net/sched: sch_qfq: do not free existing class in qfq_change_class() (Eric Dumazet) [Orabug: 38887717]     {CVE-2026-22999}
    - ipv6: Fix use-after-free in inet6_addr_del(). (Kuniyuki Iwashima) [Orabug: 38887755] {CVE-2026-23010}
    - net: hv_netvsc: reject RSS hash key programming without RX indirection table (Aditya Garg) [Orabug:
    38930846] {CVE-2026-23054}
    - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (Saeed Mahameed) [Orabug: 38914806]     {CVE-2026-23035}
    - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (Saeed Mahameed) [Orabug: 38887705]     {CVE-2026-22996}
    - net/mlx5e: Fix crash on profile change rollback failure (Saeed Mahameed) [Orabug: 38887724]     {CVE-2026-23000}
    - ipv4: ip_gre: make ipgre_header() robust (Eric Dumazet) [Orabug: 38887757] {CVE-2026-23011}
    - macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887729] {CVE-2026-23001}
    - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (Eric Dumazet) [Orabug: 38887737]     {CVE-2026-23003}
    - btrfs: send: check for inline extents in range_is_hole_in_parent() (Qu Wenruo) [Orabug: 38970283]     {CVE-2026-23141}
    - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (Shivam Kumar) [Orabug: 38887713]     {CVE-2026-22998}
    - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (Zilin Guan) [Orabug: 38914815]     {CVE-2026-23038}
    - NFS: Fix a deadlock involving nfs_release_folio() (Trond Myklebust) [Orabug: 38930844] {CVE-2026-23053}
    - pNFS: Fix a deadlock when returning a delegation during open() (Trond Myklebust) [Orabug: 38930834]     {CVE-2026-23050}
    - x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (Sean Christopherson) [Orabug:
    38887746] {CVE-2026-23005}
    - tpm2-sessions: Fix out of range indexing in name_size (Jarkko Sakkinen) [Orabug: 38847816]     {CVE-2025-68792}
    - can: j1939: make j1939_session_activate() fail if device is no longer registered (Tetsuo Handa) [Orabug:
    38914674] {CVE-2025-71182}
    - netfilter: nf_tables: avoid chain re-validation if possible (Florian Westphal) [Orabug: 38887632]     {CVE-2025-71160}
    - bpf: Fix reference count leak in bpf_prog_test_run_xdp() (Tetsuo Handa) [Orabug: 38887701]     {CVE-2026-22994}
    - bpf, test_run: Subtract size of xdp_frame from allowed metadata size (Toke Hoiland-Jorgensen) [Orabug:
    38970281] {CVE-2026-23140}
    - arp: do not assume dev_hard_header() does not change skb->head (Eric Dumazet) [Orabug: 38887789]     {CVE-2026-22988}
    - net: usb: pegasus: fix memory leak in update_eth_regs_async() (Petko Manolov) [Orabug: 38914760]     {CVE-2026-23021}
    - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (Xiang Mei)     [Orabug: 38872324] {CVE-2026-22976}
    - idpf: fix memory leak in idpf_vport_rel() (Emil Tantilov) [Orabug: 38914769] {CVE-2026-23023}
    - net: fix memory leak in skb_segment_list for GRO packets (Mohammad Heib) [Orabug: 38887655]     {CVE-2026-22979}
    - net: sock: fix hardened usercopy panic in sock_recv_errqueue (Weiming Shi) [Orabug: 38877945]     {CVE-2026-22977}
    - netfilter: nf_conncount: update last_gc only when GC has been performed (Fernando Fernandez Mancera)     [Orabug: 38970277] {CVE-2026-23139}
    - btrfs: fix NULL dereference on root when tracing inode eviction (Miquel Sabate Sola) [Orabug: 38914692]     {CVE-2025-71184}
    - libceph: make calc_target() set t->paused, not just clear it (Ilya Dryomov) [Orabug: 38930820]     {CVE-2026-23047}
    - libceph: reset sparse-read state in osd_fault() (Sam Edwards) [Orabug: 38970263] {CVE-2026-23136}
    - libceph: return the handler error from mon_handle_auth_done() (Ilya Dryomov) [Orabug: 38887696]     {CVE-2026-22992}
    - libceph: make free_choose_arg_map() resilient to partial allocation (Tuo Li) [Orabug: 38887690]     {CVE-2026-22991}
    - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (Ilya Dryomov) [Orabug: 38887684]     {CVE-2026-22990}
    - libceph: prevent potential out-of-bounds reads in handle_auth_done() (Ziming Zhang) [Orabug: 38887672]     {CVE-2026-22984}
    - wifi: avoid kernel-infoleak from struct iw_point (Eric Dumazet) [Orabug: 38887649] {CVE-2026-22978}
    - btrfs: always detect conflicting inodes when logging inode refs (Filipe Manana) [Orabug: 38914680]     {CVE-2025-71183}
    - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() (Thomas Fourier) [Orabug: 38914754]     {CVE-2026-23020}
    - nfsd: check that server is running in unlock_filesystem (Olga Kornievskaia) [Orabug: 38887681]     {CVE-2026-22989}
    - nfsd: provide locking for v4_end_grace (Neil Brown) [Orabug: 38887658] {CVE-2026-22980}
    - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. (Thadeu Lima de Souza Cascardo) [Orabug:
    37844499] {CVE-2025-22111}
    - wifi: mac80211: Discard Beacon frames to non-broadcast address (Jouni Malinen) [Orabug: 38852360]     {CVE-2025-71127}
    - mptcp: ensure context reset on disconnect() (Paolo Abeni) [Orabug: 38852416] {CVE-2025-71144}
    - mm/page_alloc: change all pageblocks migrate type on coalescing (Alexander Gordeev) [Orabug: 38852382]     {CVE-2025-71134}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1468 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (CVE-2023-53421)

    In the Linux kernel, the following vulnerability has been resolved:

    iomap: Fix possible overflow condition in iomap_write_delalloc_scan (CVE-2023-54285)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)

    In the Linux kernel, the following vulnerability has been resolved:

    smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328)

    In the Linux kernel, the following vulnerability has been resolved:

    team: Move team device type change at the end of team_port_add (CVE-2025-68340)

    In the Linux kernel, the following vulnerability has been resolved:

    fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (CVE-2025-71194)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix reservation leak in some error paths when inserting inline extent (CVE-2025-71268)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)

    In the Linux kernel, the following vulnerability has been resolved:

    ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: Fix use-after-free in inet6_addr_del(). (CVE-2026-23010)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/page_alloc: prevent pcp corruption with SMP=n (CVE-2026-23025)

    In the Linux kernel, the following vulnerability has been resolved:

    pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (CVE-2026-23038)

    In the Linux kernel, the following vulnerability has been resolved:

    net: hv_netvsc: reject RSS hash key programming without RX indirection table (CVE-2026-23054)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (CVE-2026-23060)

    In the Linux kernel, the following vulnerability has been resolved:

    vsock/virtio: fix potential underflow in virtio_transport_get_credit() (CVE-2026-23069)

    In the Linux kernel, the following vulnerability has been resolved:

    regmap: Fix race condition in hwspinlock irqsave routine (CVE-2026-23071)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074)

    In the Linux kernel, the following vulnerability has been resolved:

    fou: Don't allow 0 for FOU_ATTR_IPPROTO. (CVE-2026-23083)

    In the Linux kernel, the following vulnerability has been resolved:

    irqchip/gic-v3-its: Avoid truncating memory addresses (CVE-2026-23085)

    In the Linux kernel, the following vulnerability has been resolved:

    vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086)

    In the Linux kernel, the following vulnerability has been resolved:

    gue: Fix skb memleak with inner IP protocol 0. (CVE-2026-23095)

    In the Linux kernel, the following vulnerability has been resolved:

    migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64/fpsimd: signal: Fix restoration of SVE context (CVE-2026-23102)

    In the Linux kernel, the following vulnerability has been resolved:

    ipvlan: Make the addrs_lock be per port (CVE-2026-23103)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (CVE-2026-23107)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: annotate data-race in ndisc_router_discovery() (CVE-2026-23124)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125)

    In the Linux kernel, the following vulnerability has been resolved:

    netdevsim: fix a race issue related to the operation on bpf_bound_progs list (CVE-2026-23126)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: Set __nocfi on swsusp_arch_resume() (CVE-2026-23128)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (CVE-2026-23145)

    In the Linux kernel, the following vulnerability has been resolved:

    efivarfs: fix error propagation in efivar_entry_get() (CVE-2026-23156)

    In the Linux kernel, the following vulnerability has been resolved:

    flex_proportions: make fprop_new_period() hardirq safe (CVE-2026-23168)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198)

    In the Linux kernel, the following vulnerability has been resolved:

    smb/client: fix memory leak in smb2_open_file() (CVE-2026-23205)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: annotate data-races around slave->last_rx (CVE-2026-23212)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1455 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591)

    In the Linux kernel, the following vulnerability has been resolved:

    sched_ext: Fix possible deadlock in the deferred_irq_workfn() (CVE-2025-68333)

    In the Linux kernel, the following vulnerability has been resolved:

    exfat: fix refcount leak in exfat_find (CVE-2025-68351)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358)

    In the Linux kernel, the following vulnerability has been resolved:

    fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (CVE-2025-71194)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)

    In the Linux kernel, the following vulnerability has been resolved:

    lib/buildid: use __kernel_read() for sleepable context (CVE-2026-23002)

    In the Linux kernel, the following vulnerability has been resolved:

    ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: Fix use-after-free in inet6_addr_del(). (CVE-2026-23010)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/page_alloc: prevent pcp corruption with SMP=n (CVE-2026-23025)

    In the Linux kernel, the following vulnerability has been resolved:

    null_blk: fix kmemleak by releasing references to fault configfs items (CVE-2026-23032)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035)

    In the Linux kernel, the following vulnerability has been resolved:

    pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (CVE-2026-23038)

    In the Linux kernel, the following vulnerability has been resolved:

    pNFS: Fix a deadlock when returning a delegation during open() (CVE-2026-23050)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053)

    In the Linux kernel, the following vulnerability has been resolved:

    net: hv_netvsc: reject RSS hash key programming without RX indirection table (CVE-2026-23054)

    In the Linux kernel, the following vulnerability has been resolved:

    vsock/virtio: Coalesce only linear skb (CVE-2026-23057)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (CVE-2026-23060)

    In the Linux kernel, the following vulnerability has been resolved:

    vsock/virtio: fix potential underflow in virtio_transport_get_credit() (CVE-2026-23069)

    In the Linux kernel, the following vulnerability has been resolved:

    regmap: Fix race condition in hwspinlock irqsave routine (CVE-2026-23071)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074)

    In the Linux kernel, the following vulnerability has been resolved:

    fou: Don't allow 0 for FOU_ATTR_IPPROTO. (CVE-2026-23083)

    In the Linux kernel, the following vulnerability has been resolved:

    irqchip/gic-v3-its: Avoid truncating memory addresses (CVE-2026-23085)

    In the Linux kernel, the following vulnerability has been resolved:

    vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086)

    In the Linux kernel, the following vulnerability has been resolved:

    gue: Fix skb memleak with inner IP protocol 0. (CVE-2026-23095)

    In the Linux kernel, the following vulnerability has been resolved:

    migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099)

    In the Linux kernel, the following vulnerability has been resolved:

    ipvlan: Make the addrs_lock be per port (CVE-2026-23103)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (CVE-2026-23107)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110)

    In the Linux kernel, the following vulnerability has been resolved:

    io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (CVE-2026-23113)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: annotate data-race in ndisc_router_discovery() (CVE-2026-23124)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125)

    In the Linux kernel, the following vulnerability has been resolved:

    netdevsim: fix a race issue related to the operation on bpf_bound_progs list (CVE-2026-23126)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: Set __nocfi on swsusp_arch_resume() (CVE-2026-23128)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: send: check for inline extents in range_is_hole_in_parent() (CVE-2026-23141)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (CVE-2026-23145)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.15.201-140.219. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-098 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (CVE-2022-50390)

    In the Linux kernel, the following vulnerability has been resolved:

    blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (CVE-2023-53421)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (CVE-2023-53662)

    In the Linux kernel, the following vulnerability has been resolved:

    page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)

    In the Linux kernel, the following vulnerability has been resolved:

    HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591)

    In the Linux kernel, the following vulnerability has been resolved:

    xfrm: delete x->tunnel as we delete x (CVE-2025-40215)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (CVE-2025-68261)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: refresh inline data size before write operations (CVE-2025-68264)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325)

    In the Linux kernel, the following vulnerability has been resolved:

    jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (CVE-2025-68337)

    In the Linux kernel, the following vulnerability has been resolved:

    team: Move team device type change at the end of team_port_add (CVE-2025-68340)

    In the Linux kernel, the following vulnerability has been resolved:

    NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358)

    In the Linux kernel, the following vulnerability has been resolved:

    fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365)

    In the Linux kernel, the following vulnerability has been resolved:

    nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)

    In the Linux kernel, the following vulnerability has been resolved:

    nbd: defer config put in recv_work (CVE-2025-68372)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725)

    In the Linux kernel, the following vulnerability has been resolved:

    ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727)

    In the Linux kernel, the following vulnerability has been resolved:

    ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728)

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740)

    In the Linux kernel, the following vulnerability has been resolved:

    NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764)

    In the Linux kernel, the following vulnerability has been resolved:

    sched/deadline: only set free_cpus for online runqueues (CVE-2025-68780)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: target: Reset t_task_cdb pointer in error case (CVE-2025-68782)

    In the Linux kernel, the following vulnerability has been resolved:

    net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785)

    In the Linux kernel, the following vulnerability has been resolved:

    fsnotify: do not generate ACCESS/MODIFY events on child for special files (CVE-2025-68788)

    In the Linux kernel, the following vulnerability has been resolved:

    ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795)

    In the Linux kernel, the following vulnerability has been resolved:

    NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803)

    In the Linux kernel, the following vulnerability has been resolved:

    ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813)

    In the Linux kernel, the following vulnerability has been resolved:

    io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: xattr: fix null pointer deref in ext4_raw_inode() (CVE-2025-68820)

    In the Linux kernel, the following vulnerability has been resolved:

    fuse: fix readahead reclaim deadlock (CVE-2025-68821)

    In the Linux kernel, the following vulnerability has been resolved:

    tpm: Cap the number of PCR banks (CVE-2025-71077)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/ttm: Avoid NULL pointer deref for evicted BOs (CVE-2025-71083)

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)

    In the Linux kernel, the following vulnerability has been resolved:

    team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)

    In the Linux kernel, the following vulnerability has been resolved:

    e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093)

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097)

    In the Linux kernel, the following vulnerability has been resolved:

    ip6_gre: make ip6gre_header() robust (CVE-2025-71098)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (CVE-2025-71104)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: af_alg - zero initialize memory allocated via sock_kmalloc (CVE-2025-71113)

    In the Linux kernel, the following vulnerability has been resolved:

    libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPICA: Avoid walking the Namespace if start_node is NULL (CVE-2025-71118)

    In the Linux kernel, the following vulnerability has been resolved:

    SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Do not register unsupported perf events (CVE-2025-71125)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (CVE-2025-71131)

    In the Linux kernel, the following vulnerability has been resolved:

    KEYS: trusted: Fix a memory leak in tpm2_load_cmd (CVE-2025-71147)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (CVE-2025-71194)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976)

    In the Linux kernel, the following vulnerability has been resolved:

    net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977)

    In the Linux kernel, the following vulnerability has been resolved:

    nfsd: provide locking for v4_end_grace (CVE-2026-22980)

    In the Linux kernel, the following vulnerability has been resolved:

    libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)

    In the Linux kernel, the following vulnerability has been resolved:

    libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)

    In the Linux kernel, the following vulnerability has been resolved:

    libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991)

    In the Linux kernel, the following vulnerability has been resolved:

    libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)

    In the Linux kernel, the following vulnerability has been resolved:

    ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011)

    In the Linux kernel, the following vulnerability has been resolved:

    pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (CVE-2026-23038)

    In the Linux kernel, the following vulnerability has been resolved:

    libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (CVE-2026-23060)

    In the Linux kernel, the following vulnerability has been resolved:

    regmap: Fix race condition in hwspinlock irqsave routine (CVE-2026-23071)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074)

    In the Linux kernel, the following vulnerability has been resolved:

    fou: Don't allow 0 for FOU_ATTR_IPPROTO. (CVE-2026-23083)

    In the Linux kernel, the following vulnerability has been resolved:

    irqchip/gic-v3-its: Avoid truncating memory addresses (CVE-2026-23085)

    In the Linux kernel, the following vulnerability has been resolved:

    gue: Fix skb memleak with inner IP protocol 0. (CVE-2026-23095)

    In the Linux kernel, the following vulnerability has been resolved:

    migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099)

    In the Linux kernel, the following vulnerability has been resolved:

    ipvlan: Make the addrs_lock be per port (CVE-2026-23103)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111)

    In the Linux kernel, the following vulnerability has been resolved:

    bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: annotate data-race in ndisc_router_discovery() (CVE-2026-23124)

    In the Linux kernel, the following vulnerability has been resolved:

    sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125)

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (CVE-2026-23145)

    In the Linux kernel, the following vulnerability has been resolved:

    mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198)

    In the Linux kernel, the following vulnerability has been resolved:

    macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)

    In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in     driver_override_show() The driver_override_show() function reads the driver_override string without     holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and     frees the string while holding the device_lock. This can result in a concurrent use-after-free if the     string is freed by the store function while being read by the show function. Fix this by holding the     device_lock around the read operation. (CVE-2026-23221)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20287-1 advisory.

    The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues

    The following security issues were fixed:

    - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation (bsc#1253344).
    - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
    - CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
    - CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839).
    - CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
    - CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327).
    - CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266).
    - CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
    - CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241).
    - CVE-2025-68211: ksm: use range-walk function to jump over holes in scan_get_next_rmap_item     (bsc#1255319).
    - CVE-2025-68218: nvme-multipath: fix lockdep WARN due to partition scan work (bsc#1255245).
    - CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
    - CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157).
    - CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
    - CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164).
    - CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
    - CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403).
    - CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
    - CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417).
    - CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted     (bsc#1255482).
    - CVE-2025-68341: veth: reduce XDP no_direct return section to fix race (bsc#1255506).
    - CVE-2025-68348: block: fix memory leak in __blkdev_issue_zero_pages (bsc#1255694).
    - CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid     (bsc#1255544).
    - CVE-2025-68356: gfs2: Prevent recursive memory reclaim (bsc#1255593).
    - CVE-2025-68359: btrfs: fix double free of qgroup record after failure to add delayed ref head     (bsc#1255542).
    - CVE-2025-68360: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (bsc#1255536).
    - CVE-2025-68361: erofs: limit the level of fs stacking for file-backed mounts (bsc#1255526).
    - CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
    - CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547).
    - CVE-2025-68368: md: init bioset in mddev_init (bsc#1255527).
    - CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
    - CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
    - CVE-2025-68376: coresight: ETR: Fix ETR buffer use-after-free issue (bsc#1255529).
    - CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
    - CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation (bsc#1255811).
    - CVE-2025-68741: scsi: qla2xxx: Fix improper freeing of purex item (bsc#1255703).
    - CVE-2025-68743: mshv: Fix create memory region overlap check (bsc#1255708).
    - CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930).
    - CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579).
    - CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584).
    - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
    - CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
    - CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659).
    - CVE-2025-68784: xfs: fix a UAF problem in xattr repair (bsc#1256793).
    - CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
    - CVE-2025-68792: tpm2-sessions: Fix out of range indexing in name_size (bsc#1256656).
    - CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
    - CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689).
    - CVE-2025-68799: caif: fix integer underflow in cffrml_receive() (bsc#1256643).
    - CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats     (bsc#1256646).
    - CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653).
    - CVE-2025-68803: NFSD: NFSv4 file creation neglects setting ACL (bsc#1256770).
    - CVE-2025-68811: svcrdma: use rc_pageoff for memcpy byte offset (bsc#1256677).
    - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
    - CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651).
    - CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict     (bsc#1256680).
    - CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
    - CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754).
    - CVE-2025-68821: fuse: fix readahead reclaim deadlock (bsc#1256667).
    - CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
    - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change     (bsc#1256645).
    - CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
    - CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (bsc#1256608).
    - CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622).
    - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
    - CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628).
    - CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
    - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
    - CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed()     (bsc#1256773).
    - CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
    - CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597).
    - CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605).
    - CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects     (bsc#1256607).
    - CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
    - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
    - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
    - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf     (bsc#1256779).
    - CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757).
    - CVE-2025-71126: mptcp: avoid deadlock on fallback while reinjecting (bsc#1256755).
    - CVE-2025-71132: smc91x: fix broken irq-context in PREEMPT_RT (bsc#1256737).
    - CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733).
    - CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt()     (bsc#1256761).
    - CVE-2025-71137: octeontx2-pf: fix UBSAN: shift-out-of-bounds error (bsc#1256760).
    - CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
    - CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164).
    - CVE-2025-71156: gve: defer interrupt enabling until NAPI registration (bsc#1257167).
    - CVE-2025-71157: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (bsc#1257168).
    - CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset     (bsc#1257035).
    - CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053).
    - CVE-2026-22981: idpf: detach and close netdevs while handling a reset (bsc#1257225).
    - CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
    - CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217).
    - CVE-2026-22986: gpiolib: fix race condition for gdev->srcu (bsc#1257276).
    - CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221).
    - CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220).
    - CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218).
    - CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180).
    - CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv.
    - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
    - CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234).
    - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
    - CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245).
    - CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).

    The following non security issues were fixed:

    - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes).
    - Add bugnumber to an existing hv_netvsc change (bsc#1257473).
    - Fix locking issue introduced by a CVE backport (bsc#1256975 bsc#1254977).
    - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
    - arm64: Update config files. Disable DEVPORT (bsc#1256792)
    - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
    - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569).
    - btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes).
    - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
    - bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes).
    - drm/imagination: Wait for FW trace update command completion (git-fixes).
    - drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
    - ice: use netif_get_num_default_rss_queues() (bsc#1247712).
    - libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309).
    - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087).
    - net: mana: Fix incorrect speed reported by debugfs (bsc#1255232).
    - net: mana: Support HW link state events (bsc#1253049).
    - nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015).
    - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes).
    - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
    - sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459).
    - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864).
    - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864).
    - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867     jsc#PED-14156).
    - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867     jsc#PED-14156).
    - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867     jsc#PED-14156).
    - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156).
    - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
    - selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346).
    - slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes).
    - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154).
    - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes).
    - smb: improve directory cache reuse for readdir operations (bsc#1252712).
    - tsm-mr: Add TVM Measurement Register support (bsc#1257504).
    - tsm-mr: Add tsm-mr sample code (bsc#1257504).
    - virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504).
    - virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504).
    - virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504).
    - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes).
    - x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504).
    - x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the linux package has been released.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0473-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues

    The following security issues were fixed:

    - CVE-2022-50347: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (bsc#1249928).
    - CVE-2022-50580: blk-throttle: prevent overflow while calculating wait time (bsc#1252542).
    - CVE-2022-50676: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()     (bsc#1254689).
    - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
    - CVE-2022-50709: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (bsc#1255565).
    - CVE-2022-50716: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (bsc#1255839).
    - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844).
    - CVE-2022-50719: ALSA: line6: fix stack overflow in line6_midi_transmit (bsc#1255939).
    - CVE-2022-50740: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()     (bsc#1256155).
    - CVE-2022-50744: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1256165).
    - CVE-2022-50749: acct: fix potential integer overflow in encode_comp_t() (bsc#1256191).
    - CVE-2022-50751: configfs: fix possible memory leak in configfs_create_dir() (bsc#1256184).
    - CVE-2022-50760: drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (bsc#1255983).
    - CVE-2022-50770: ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1256221).
    - CVE-2022-50777: net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (bsc#1256320).
    - CVE-2022-50780: net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (bsc#1256305).
    - CVE-2022-50782: ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1256282).
    - CVE-2022-50786: media: s5p-mfc: Clear workbit to handle error condition (bsc#1256258).
    - CVE-2022-50816: ipv6: ensure sane device mtu in tunnels (bsc#1256038).
    - CVE-2022-50834: nfc: Fix potential resource leaks (bsc#1256219).
    - CVE-2022-50865: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (bsc#1256168).
    - CVE-2022-50868: hwrng: amd - Fix PCI device refcount leak (bsc#1256386).
    - CVE-2022-50880: wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (bsc#1256132).
    - CVE-2022-50881: ath9k: Fix typo in function name (bsc#1256130).
    - CVE-2022-50884: drm: Prevent drm_copy_field() to attempt copying a NULL pointer (bsc#1256127).
    - CVE-2022-50885: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed     (bsc#1256122).
    - CVE-2022-50887: regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()     (bsc#1256125).
    - CVE-2023-50756: nvme-pci: fix mempool alloc size (bsc#1256216).
    - CVE-2023-53685: tun: Fix memory leak for detached NAPI queue (bsc#1251770).
    - CVE-2023-53747: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF     (bsc#1254572).
    - CVE-2023-53751: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1254986).
    - CVE-2023-53825: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg() (bsc#1254707).
    - CVE-2023-53853: netlink: annotate accesses to nlk->cb_running (bsc#1254673).
    - CVE-2023-53863: netlink: do not hard code device address lenth in fdb dumps (bsc#1254657).
    - CVE-2023-53992: wifi: cfg80211: ocb: don't leave if not joined (bsc#1256058).
    - CVE-2023-54012: net: fix stack overflow when LRO is disabled for virtual interfaces (bsc#1255571).
    - CVE-2023-54047: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (bsc#1256398).
    - CVE-2023-54048: RDMA/bnxt_re: Prevent handling any completions after qp destroy (bsc#1256395).
    - CVE-2023-54067: btrfs: fix race when deleting free space root from the dirty cow roots list     (bsc#1256369).
    - CVE-2023-54111: pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (bsc#1256149).
    - CVE-2023-54112: kcm: Fix memory leak in error path of kcm_sendmsg() (bsc#1256354).
    - CVE-2023-54118: serial: sc16is7xx: setup GPIO controller later in probe (bsc#1256131).
    - CVE-2023-54121: btrfs: fix incorrect splitting in btrfs_drop_extent_map_range (bsc#1256267).
    - CVE-2023-54134: autofs: fix memory leak of waitqueues in autofs_catatonic_mode (bsc#1256106).
    - CVE-2023-54198: tty: fix out-of-bounds access in tty_driver_lookup_tty() (bsc#1255970).
    - CVE-2023-54202: drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (bsc#1255880).
    - CVE-2023-54207: HID: uclogic: Correct devm device reference for hidinput input_dev name (bsc#1255961).
    - CVE-2023-54218: sock: Make sock->sk_stamp thread-safe (bsc#1256229).
    - CVE-2023-54230: amba: bus: fix refcount leak (bsc#1255925).
    - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
    - CVE-2023-54265: ipv6: Fix an uninit variable access bug in __ip6_make_skb() (bsc#1255874).
    - CVE-2023-54274: RDMA/srpt: Add a check for valid 'mad_agent' pointer (bsc#1255905).
    - CVE-2023-54282: media: tuners: qt1010: replace BUG_ON with a regular error (bsc#1255810).
    - CVE-2023-54287: tty: serial: imx: disable Ageing Timer interrupt request irq (bsc#1255804).
    - CVE-2023-54311: ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1255773).
    - CVE-2023-54321: driver core: fix potential null-ptr-deref in device_add() (bsc#1255762).
    - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2025-40115: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (bsc#1253318).
    - CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
    - CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839).
    - CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
    - CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297).
    - CVE-2025-40323: fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094).
    - CVE-2025-40339: drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428).
    - CVE-2025-40345: usb: storage: sddr55: Reject out-of-bound new_pba (bsc#1255279).
    - CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
    - CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
    - CVE-2025-68190: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()     (bsc#1255131).
    - CVE-2025-68192: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (bsc#1255246).
    - CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157).
    - CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
    - CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164).
    - CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
    - CVE-2025-68286: drm/amd/display: Check NULL before accessing (bsc#1255351).
    - CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
    - CVE-2025-68303: platform/x86: intel: punit_ipc: fix memory corruption (bsc#1255122).
    - CVE-2025-68305: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (bsc#1255169).
    - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
    - CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted     (bsc#1255482).
    - CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid     (bsc#1255544).
    - CVE-2025-68354: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex     (bsc#1255553).
    - CVE-2025-68362: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (bsc#1255611).
    - CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
    - CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547).
    - CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
    - CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
    - CVE-2025-68740: ima: Handle error code returned by ima_filter_rule_match() (bsc#1255812).
    - CVE-2025-68757: drm/vgem-fence: Fix potential deadlock on release (bsc#1255943).
    - CVE-2025-68767: hfsplus: Verify inode mode when loading from disk (bsc#1256580).
    - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
    - CVE-2025-68774: hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create (bsc#1256585).
    - CVE-2025-68783: ALSA: usb-mixer: us16x08: validate meter packet indices (bsc#1256650).
    - CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
    - CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
    - CVE-2025-68797: char: applicom: fix NULL pointer dereference in ac_ioctl (bsc#1256660).
    - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
    - CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
    - CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
    - CVE-2025-71082: Bluetooth: btusb: revert use of devm_kzalloc in btusb (bsc#1256611).
    - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
    - CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628).
    - CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed()     (bsc#1256773).
    - CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
    - CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606).
    - CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
    - CVE-2025-71108: usb: typec: ucsi: Handle incorrect num_connectors capability (bsc#1256774).
    - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
    - CVE-2025-71119: powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1205462).
    - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf     (bsc#1256779).
    - CVE-2026-22976: net_sched: qfq: Fix double list add in class with netem as child qdisc (bsc#1257035).
    - CVE-2026-22978: wifi: avoid kernel-infoleak from struct iw_point (bsc#1257227).
    - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
    - CVE-2026-23001: macvlan: Use 'hash' iterators to simplify code (bsc#1257232).
    - CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).

    The following non security issues were fixed:

    - RDMA/rxe: Fix the error caused by qp->sk (bsc#1256122).
    - RDMA/srpt: Fix disabling device management (bsc#1255905).
    - RDMA/srpt: Fix handling of SR-IOV and iWARP ports (bsc#1255905).
    - configfs: factor dirent removal into helpers (bsc#1256184).
    - drm/amdgpu: Remove explicit wait after VM validate (bsc#1255428).
    - drm/amdgpu: update mappings not managed by KFD (bsc#1255428).
    - hwrng: amd - Convert PCIBIOS_* return codes to errnos (bsc#1256386).
    - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1255844).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4475 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4475-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     February 10, 2026                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux     Version        : 5.10.249-1     CVE ID         : CVE-2022-48744 CVE-2022-49168 CVE-2022-49465 CVE-2022-49711                      CVE-2022-49743 CVE-2023-52975 CVE-2023-54207 CVE-2023-54321                      CVE-2024-36903 CVE-2024-36927 CVE-2025-22022 CVE-2025-22121                      CVE-2025-37830 CVE-2025-38022 CVE-2025-38119 CVE-2025-38556                      CVE-2025-38591 CVE-2025-39702 CVE-2025-40110 CVE-2025-40215                      CVE-2025-68211 CVE-2025-68255 CVE-2025-68257 CVE-2025-68258                      CVE-2025-68261 CVE-2025-68264 CVE-2025-68266 CVE-2025-68282                      CVE-2025-68325 CVE-2025-68332 CVE-2025-68336 CVE-2025-68337                      CVE-2025-68344 CVE-2025-68346 CVE-2025-68349 CVE-2025-68354                      CVE-2025-68362 CVE-2025-68364 CVE-2025-68366 CVE-2025-68367                      CVE-2025-68372 CVE-2025-68724 CVE-2025-68725 CVE-2025-68733                      CVE-2025-68740 CVE-2025-68757 CVE-2025-68758 CVE-2025-68759                      CVE-2025-68764 CVE-2025-68767 CVE-2025-68769 CVE-2025-68771                      CVE-2025-68773 CVE-2025-68774 CVE-2025-68776 CVE-2025-68777                      CVE-2025-68782 CVE-2025-68783 CVE-2025-68785 CVE-2025-68787                      CVE-2025-68788 CVE-2025-68795 CVE-2025-68796 CVE-2025-68797                      CVE-2025-68799 CVE-2025-68800 CVE-2025-68801 CVE-2025-68803                      CVE-2025-68804 CVE-2025-68808 CVE-2025-68813 CVE-2025-68815                      CVE-2025-68816 CVE-2025-68818 CVE-2025-68819 CVE-2025-68820                      CVE-2025-71064 CVE-2025-71066 CVE-2025-71069 CVE-2025-71075                      CVE-2025-71077 CVE-2025-71079 CVE-2025-71084 CVE-2025-71085                      CVE-2025-71086 CVE-2025-71087 CVE-2025-71091 CVE-2025-71093                      CVE-2025-71096 CVE-2025-71097 CVE-2025-71098 CVE-2025-71102                      CVE-2025-71104 CVE-2025-71105 CVE-2025-71108 CVE-2025-71111                      CVE-2025-71112 CVE-2025-71113 CVE-2025-71114 CVE-2025-71116                      CVE-2025-71118 CVE-2025-71120 CVE-2025-71123 CVE-2025-71125                      CVE-2025-71127 CVE-2025-71131 CVE-2025-71136 CVE-2025-71137                      CVE-2025-71154 CVE-2025-71162 CVE-2025-71182 CVE-2025-71185                      CVE-2025-71186 CVE-2025-71190 CVE-2025-71191 CVE-2025-71194                      CVE-2025-71196 CVE-2025-71197 CVE-2025-71199 CVE-2026-22976                      CVE-2026-22977 CVE-2026-22978 CVE-2026-22980 CVE-2026-22990                      CVE-2026-22991 CVE-2026-22997 CVE-2026-22998 CVE-2026-22999                      CVE-2026-23001 CVE-2026-23003 CVE-2026-23011 CVE-2026-23020                      CVE-2026-23021 CVE-2026-23033 CVE-2026-23038 CVE-2026-23047                      CVE-2026-23049 CVE-2026-23056 CVE-2026-23058 CVE-2026-23060                      CVE-2026-23061 CVE-2026-23063 CVE-2026-23064 CVE-2026-23071                      CVE-2026-23073 CVE-2026-23074 CVE-2026-23075 CVE-2026-23076                      CVE-2026-23080 CVE-2026-23083 CVE-2026-23084 CVE-2026-23085                      CVE-2026-23087 CVE-2026-23089 CVE-2026-23090 CVE-2026-23091                      CVE-2026-23095 CVE-2026-23096 CVE-2026-23097 CVE-2026-23098                      CVE-2026-23101 CVE-2026-23103 CVE-2026-23105 CVE-2026-23108                      CVE-2026-23110     Debian Bug     : 1122193 1123750

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For Debian 11 bullseye, these problems have been fixed in version     5.10.249-1.  This update also fixes several bugs reported to Debian.
    It additionally includes many more bug fixes from stable updates     5.10.248 and 5.10.249.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4476 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4476-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     February 10, 2026                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-6.1     Version        : 6.1.162-1~deb11u1     CVE ID         : CVE-2023-52658 CVE-2023-53421 CVE-2023-54285 CVE-2024-42079                      CVE-2024-46786 CVE-2024-49968 CVE-2025-21946 CVE-2025-22022                      CVE-2025-22083 CVE-2025-22090 CVE-2025-22107 CVE-2025-22111                      CVE-2025-22121 CVE-2025-37926 CVE-2025-38022 CVE-2025-38104                      CVE-2025-38125 CVE-2025-38129 CVE-2025-38232 CVE-2025-38361                      CVE-2025-38408 CVE-2025-38591 CVE-2025-38718 CVE-2025-39721                      CVE-2025-39871 CVE-2025-40039 CVE-2025-40110 CVE-2025-40149                      CVE-2025-40164 CVE-2025-40215 CVE-2025-68211 CVE-2025-68223                      CVE-2025-68254 CVE-2025-68255 CVE-2025-68256 CVE-2025-68257                      CVE-2025-68258 CVE-2025-68259 CVE-2025-68261 CVE-2025-68263                      CVE-2025-68264 CVE-2025-68266 CVE-2025-68291 CVE-2025-68325                      CVE-2025-68332 CVE-2025-68335 CVE-2025-68336 CVE-2025-68337                      CVE-2025-68340 CVE-2025-68344 CVE-2025-68345 CVE-2025-68346                      CVE-2025-68347 CVE-2025-68349 CVE-2025-68354 CVE-2025-68362                      CVE-2025-68363 CVE-2025-68364 CVE-2025-68365 CVE-2025-68366                      CVE-2025-68367 CVE-2025-68369 CVE-2025-68371 CVE-2025-68372                      CVE-2025-68380 CVE-2025-68724 CVE-2025-68725 CVE-2025-68727                      CVE-2025-68728 CVE-2025-68732 CVE-2025-68733 CVE-2025-68740                      CVE-2025-68742 CVE-2025-68746 CVE-2025-68753 CVE-2025-68757                      CVE-2025-68758 CVE-2025-68759 CVE-2025-68764 CVE-2025-68765                      CVE-2025-68766 CVE-2025-68767 CVE-2025-68769 CVE-2025-68771                      CVE-2025-68772 CVE-2025-68773 CVE-2025-68774 CVE-2025-68776                      CVE-2025-68777 CVE-2025-68778 CVE-2025-68780 CVE-2025-68781                      CVE-2025-68782 CVE-2025-68783 CVE-2025-68785 CVE-2025-68786                      CVE-2025-68787 CVE-2025-68788 CVE-2025-68795 CVE-2025-68796                      CVE-2025-68797 CVE-2025-68798 CVE-2025-68799 CVE-2025-68800                      CVE-2025-68801 CVE-2025-68803 CVE-2025-68804 CVE-2025-68806                      CVE-2025-68808 CVE-2025-68813 CVE-2025-68814 CVE-2025-68815                      CVE-2025-68816 CVE-2025-68817 CVE-2025-68818 CVE-2025-68819                      CVE-2025-68820 CVE-2025-68821 CVE-2025-71064 CVE-2025-71066                      CVE-2025-71069 CVE-2025-71071 CVE-2025-71075 CVE-2025-71077                      CVE-2025-71078 CVE-2025-71079 CVE-2025-71081 CVE-2025-71082                      CVE-2025-71083 CVE-2025-71084 CVE-2025-71085 CVE-2025-71086                      CVE-2025-71087 CVE-2025-71088 CVE-2025-71091 CVE-2025-71093                      CVE-2025-71094 CVE-2025-71095 CVE-2025-71096 CVE-2025-71097                      CVE-2025-71098 CVE-2025-71102 CVE-2025-71104 CVE-2025-71105                      CVE-2025-71108 CVE-2025-71111 CVE-2025-71112 CVE-2025-71113                      CVE-2025-71114 CVE-2025-71116 CVE-2025-71118 CVE-2025-71119                      CVE-2025-71120 CVE-2025-71121 CVE-2025-71123 CVE-2025-71125                      CVE-2025-71126 CVE-2025-71127 CVE-2025-71130 CVE-2025-71131                      CVE-2025-71132 CVE-2025-71133 CVE-2025-71136 CVE-2025-71137                      CVE-2025-71147 CVE-2025-71149 CVE-2025-71150 CVE-2025-71154                      CVE-2025-71162 CVE-2025-71163 CVE-2025-71180 CVE-2025-71182                      CVE-2025-71183 CVE-2025-71185 CVE-2025-71186 CVE-2025-71189                      CVE-2025-71190 CVE-2025-71191 CVE-2025-71192 CVE-2025-71194                      CVE-2025-71196 CVE-2025-71197 CVE-2025-71199 CVE-2026-22976                      CVE-2026-22977 CVE-2026-22978 CVE-2026-22979 CVE-2026-22980                      CVE-2026-22982 CVE-2026-22984 CVE-2026-22990 CVE-2026-22991                      CVE-2026-22992 CVE-2026-22994 CVE-2026-22997 CVE-2026-22998                      CVE-2026-22999 CVE-2026-23001 CVE-2026-23003 CVE-2026-23005                      CVE-2026-23006 CVE-2026-23010 CVE-2026-23011 CVE-2026-23019                      CVE-2026-23020 CVE-2026-23021 CVE-2026-23025 CVE-2026-23026                      CVE-2026-23030 CVE-2026-23031 CVE-2026-23033 CVE-2026-23037                      CVE-2026-23038 CVE-2026-23047 CVE-2026-23049 CVE-2026-23054                      CVE-2026-23056 CVE-2026-23058 CVE-2026-23060 CVE-2026-23061                      CVE-2026-23063 CVE-2026-23064 CVE-2026-23068 CVE-2026-23069                      CVE-2026-23071 CVE-2026-23073 CVE-2026-23074 CVE-2026-23075                      CVE-2026-23076 CVE-2026-23078 CVE-2026-23080 CVE-2026-23083                      CVE-2026-23084 CVE-2026-23085 CVE-2026-23086 CVE-2026-23087                      CVE-2026-23089 CVE-2026-23090 CVE-2026-23091 CVE-2026-23093                      CVE-2026-23095 CVE-2026-23096 CVE-2026-23097 CVE-2026-23098                      CVE-2026-23099 CVE-2026-23101 CVE-2026-23102 CVE-2026-23103                      CVE-2026-23105 CVE-2026-23107 CVE-2026-23108 CVE-2026-23110     Debian Bug     : 1121535 1122193

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For Debian 11 bullseye, these problems have been fixed in version     6.1.162-1~deb11u1.  This update also fixes several bugs reported to     Debian.  It additionally includes many more bug fixes from stable     updates 6.1.160-6.1.162 inclusive.

    We recommend that you upgrade your linux-6.1 packages.

    For the detailed security status of linux-6.1 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-6.1

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6127 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6127-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     February 09, 2026                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : linux     CVE ID         : CVE-2023-52658 CVE-2023-53421 CVE-2023-54285 CVE-2024-42079                      CVE-2024-46786 CVE-2024-49968 CVE-2025-21946 CVE-2025-22022                      CVE-2025-22083 CVE-2025-22090 CVE-2025-22107 CVE-2025-22111                      CVE-2025-22121 CVE-2025-37926 CVE-2025-38022 CVE-2025-38104                      CVE-2025-38125 CVE-2025-38129 CVE-2025-38232 CVE-2025-38361                      CVE-2025-38408 CVE-2025-38591 CVE-2025-38718 CVE-2025-39721                      CVE-2025-39871 CVE-2025-40039 CVE-2025-40110 CVE-2025-40149                      CVE-2025-40164 CVE-2025-40215 CVE-2025-68211 CVE-2025-68223                      CVE-2025-68254 CVE-2025-68255 CVE-2025-68256 CVE-2025-68257                      CVE-2025-68258 CVE-2025-68259 CVE-2025-68261 CVE-2025-68263                      CVE-2025-68264 CVE-2025-68266 CVE-2025-68291 CVE-2025-68325                      CVE-2025-68332 CVE-2025-68335 CVE-2025-68336 CVE-2025-68337                      CVE-2025-68340 CVE-2025-68344 CVE-2025-68345 CVE-2025-68346                      CVE-2025-68347 CVE-2025-68349 CVE-2025-68354 CVE-2025-68362                      CVE-2025-68363 CVE-2025-68364 CVE-2025-68365 CVE-2025-68366                      CVE-2025-68367 CVE-2025-68369 CVE-2025-68371 CVE-2025-68372                      CVE-2025-68380 CVE-2025-68724 CVE-2025-68725 CVE-2025-68727                      CVE-2025-68728 CVE-2025-68732 CVE-2025-68733 CVE-2025-68740                      CVE-2025-68742 CVE-2025-68746 CVE-2025-68753 CVE-2025-68757                      CVE-2025-68758 CVE-2025-68759 CVE-2025-68764 CVE-2025-68765                      CVE-2025-68766 CVE-2025-68767 CVE-2025-68769 CVE-2025-68771                      CVE-2025-68772 CVE-2025-68773 CVE-2025-68774 CVE-2025-68776                      CVE-2025-68777 CVE-2025-68778 CVE-2025-68780 CVE-2025-68781                      CVE-2025-68782 CVE-2025-68783 CVE-2025-68785 CVE-2025-68786                      CVE-2025-68787 CVE-2025-68788 CVE-2025-68789 CVE-2025-68795                      CVE-2025-68796 CVE-2025-68797 CVE-2025-68798 CVE-2025-68799                      CVE-2025-68800 CVE-2025-68801 CVE-2025-68803 CVE-2025-68804                      CVE-2025-68806 CVE-2025-68808 CVE-2025-68813 CVE-2025-68814                      CVE-2025-68815 CVE-2025-68816 CVE-2025-68817 CVE-2025-68818                      CVE-2025-68819 CVE-2025-68820 CVE-2025-68821 CVE-2025-71064                      CVE-2025-71066 CVE-2025-71069 CVE-2025-71071 CVE-2025-71075                      CVE-2025-71077 CVE-2025-71078 CVE-2025-71079 CVE-2025-71081                      CVE-2025-71082 CVE-2025-71083 CVE-2025-71084 CVE-2025-71085                      CVE-2025-71086 CVE-2025-71087 CVE-2025-71088 CVE-2025-71091                      CVE-2025-71093 CVE-2025-71094 CVE-2025-71095 CVE-2025-71096                      CVE-2025-71097 CVE-2025-71098 CVE-2025-71102 CVE-2025-71104                      CVE-2025-71105 CVE-2025-71108 CVE-2025-71111 CVE-2025-71112                      CVE-2025-71113 CVE-2025-71114 CVE-2025-71116 CVE-2025-71118                      CVE-2025-71119 CVE-2025-71120 CVE-2025-71121 CVE-2025-71123                      CVE-2025-71125 CVE-2025-71126 CVE-2025-71127 CVE-2025-71130                      CVE-2025-71131 CVE-2025-71132 CVE-2025-71133 CVE-2025-71136                      CVE-2025-71137 CVE-2025-71147 CVE-2025-71149 CVE-2025-71150                      CVE-2025-71154 CVE-2025-71162 CVE-2025-71163 CVE-2025-71180                      CVE-2025-71182 CVE-2025-71183 CVE-2025-71185 CVE-2025-71186                      CVE-2025-71189 CVE-2025-71190 CVE-2025-71191 CVE-2025-71192                      CVE-2025-71194 CVE-2025-71196 CVE-2025-71197 CVE-2025-71199                      CVE-2026-22976 CVE-2026-22977 CVE-2026-22978 CVE-2026-22979                      CVE-2026-22980 CVE-2026-22982 CVE-2026-22984 CVE-2026-22990                      CVE-2026-22991 CVE-2026-22992 CVE-2026-22994 CVE-2026-22997                      CVE-2026-22998 CVE-2026-22999 CVE-2026-23001 CVE-2026-23003                      CVE-2026-23005 CVE-2026-23006 CVE-2026-23010 CVE-2026-23011                      CVE-2026-23019 CVE-2026-23020 CVE-2026-23021 CVE-2026-23025                      CVE-2026-23026 CVE-2026-23030 CVE-2026-23031 CVE-2026-23033                      CVE-2026-23037 CVE-2026-23038 CVE-2026-23047 CVE-2026-23049                      CVE-2026-23054 CVE-2026-23056 CVE-2026-23058 CVE-2026-23060                      CVE-2026-23061 CVE-2026-23063 CVE-2026-23064 CVE-2026-23068                      CVE-2026-23069 CVE-2026-23071 CVE-2026-23073 CVE-2026-23074                      CVE-2026-23075 CVE-2026-23076 CVE-2026-23078 CVE-2026-23080                      CVE-2026-23083 CVE-2026-23084 CVE-2026-23085 CVE-2026-23086                      CVE-2026-23087 CVE-2026-23089 CVE-2026-23090 CVE-2026-23091                      CVE-2026-23093 CVE-2026-23095 CVE-2026-23096 CVE-2026-23097                      CVE-2026-23098 CVE-2026-23099 CVE-2026-23101 CVE-2026-23102                      CVE-2026-23103 CVE-2026-23105 CVE-2026-23107 CVE-2026-23108                      CVE-2026-23110

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 6.1.162-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6126 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6126-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     February 09, 2026                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : linux     CVE ID         : CVE-2024-58096 CVE-2024-58097 CVE-2025-22111 CVE-2025-38234                      CVE-2025-38248 CVE-2025-38591 CVE-2025-39872 CVE-2025-40149                      CVE-2025-40164 CVE-2025-40170 CVE-2025-40276 CVE-2025-40325                      CVE-2025-68206 CVE-2025-68333 CVE-2025-68345 CVE-2025-68351                      CVE-2025-68357 CVE-2025-68358 CVE-2025-68365 CVE-2025-68725                      CVE-2025-68749 CVE-2025-68767 CVE-2025-68769 CVE-2025-68770                      CVE-2025-68771 CVE-2025-68772 CVE-2025-68773 CVE-2025-68774                      CVE-2025-68775 CVE-2025-68776 CVE-2025-68777 CVE-2025-68778                      CVE-2025-68780 CVE-2025-68781 CVE-2025-68782 CVE-2025-68783                      CVE-2025-68784 CVE-2025-68785 CVE-2025-68786 CVE-2025-68787                      CVE-2025-68788 CVE-2025-68789 CVE-2025-68792 CVE-2025-68794                      CVE-2025-68795 CVE-2025-68796 CVE-2025-68797 CVE-2025-68798                      CVE-2025-68799 CVE-2025-68800 CVE-2025-68801 CVE-2025-68802                      CVE-2025-68803 CVE-2025-68804 CVE-2025-68806 CVE-2025-68808                      CVE-2025-68809 CVE-2025-68810 CVE-2025-68811 CVE-2025-68813                      CVE-2025-68814 CVE-2025-68815 CVE-2025-68816 CVE-2025-68817                      CVE-2025-68818 CVE-2025-68819 CVE-2025-68820 CVE-2025-68821                      CVE-2025-68822 CVE-2025-71064 CVE-2025-71065 CVE-2025-71066                      CVE-2025-71067 CVE-2025-71068 CVE-2025-71069 CVE-2025-71071                      CVE-2025-71072 CVE-2025-71073 CVE-2025-71075 CVE-2025-71076                      CVE-2025-71077 CVE-2025-71078 CVE-2025-71079 CVE-2025-71080                      CVE-2025-71081 CVE-2025-71082 CVE-2025-71083 CVE-2025-71084                      CVE-2025-71085 CVE-2025-71086 CVE-2025-71087 CVE-2025-71088                      CVE-2025-71089 CVE-2025-71091 CVE-2025-71093 CVE-2025-71094                      CVE-2025-71095 CVE-2025-71096 CVE-2025-71097 CVE-2025-71098                      CVE-2025-71099 CVE-2025-71100 CVE-2025-71101 CVE-2025-71102                      CVE-2025-71104 CVE-2025-71105 CVE-2025-71107 CVE-2025-71108                      CVE-2025-71109 CVE-2025-71111 CVE-2025-71112 CVE-2025-71113                      CVE-2025-71114 CVE-2025-71116 CVE-2025-71118 CVE-2025-71119                      CVE-2025-71120 CVE-2025-71121 CVE-2025-71122 CVE-2025-71123                      CVE-2025-71125 CVE-2025-71126 CVE-2025-71127 CVE-2025-71129                      CVE-2025-71130 CVE-2025-71131 CVE-2025-71132 CVE-2025-71133                      CVE-2025-71134 CVE-2025-71135 CVE-2025-71136 CVE-2025-71137                      CVE-2025-71138 CVE-2025-71140 CVE-2025-71143 CVE-2025-71144                      CVE-2025-71146 CVE-2025-71147 CVE-2025-71148 CVE-2025-71149                      CVE-2025-71150 CVE-2025-71151 CVE-2025-71153 CVE-2025-71154                      CVE-2025-71156 CVE-2025-71157 CVE-2025-71160 CVE-2025-71162                      CVE-2025-71163 CVE-2025-71180 CVE-2025-71182 CVE-2025-71183                      CVE-2025-71184 CVE-2025-71185 CVE-2025-71186 CVE-2025-71189                      CVE-2025-71190 CVE-2025-71191 CVE-2025-71192 CVE-2025-71193                      CVE-2025-71194 CVE-2025-71195 CVE-2025-71196 CVE-2025-71197                      CVE-2025-71198 CVE-2025-71199 CVE-2026-22976 CVE-2026-22977                      CVE-2026-22978 CVE-2026-22979 CVE-2026-22980 CVE-2026-22982                      CVE-2026-22984 CVE-2026-22989 CVE-2026-22990 CVE-2026-22991                      CVE-2026-22992 CVE-2026-22994 CVE-2026-22996 CVE-2026-22997                      CVE-2026-22998 CVE-2026-22999 CVE-2026-23000 CVE-2026-23001                      CVE-2026-23002 CVE-2026-23003 CVE-2026-23005 CVE-2026-23006                      CVE-2026-23010 CVE-2026-23011 CVE-2026-23013 CVE-2026-23019                      CVE-2026-23020 CVE-2026-23021 CVE-2026-23023 CVE-2026-23025                      CVE-2026-23026 CVE-2026-23030 CVE-2026-23031 CVE-2026-23032                      CVE-2026-23033 CVE-2026-23035 CVE-2026-23037 CVE-2026-23038                      CVE-2026-23047 CVE-2026-23049 CVE-2026-23050 CVE-2026-23053                      CVE-2026-23054 CVE-2026-23055 CVE-2026-23056 CVE-2026-23057                      CVE-2026-23058 CVE-2026-23059 CVE-2026-23060 CVE-2026-23061                      CVE-2026-23062 CVE-2026-23063 CVE-2026-23064 CVE-2026-23065                      CVE-2026-23068 CVE-2026-23069 CVE-2026-23071 CVE-2026-23072                      CVE-2026-23073 CVE-2026-23074 CVE-2026-23075 CVE-2026-23076                      CVE-2026-23078 CVE-2026-23080 CVE-2026-23083 CVE-2026-23084                      CVE-2026-23085 CVE-2026-23086 CVE-2026-23087 CVE-2026-23088                      CVE-2026-23089 CVE-2026-23090 CVE-2026-23091 CVE-2026-23093                      CVE-2026-23094 CVE-2026-23095 CVE-2026-23096 CVE-2026-23097                      CVE-2026-23098 CVE-2026-23099 CVE-2026-23101 CVE-2026-23103                      CVE-2026-23105 CVE-2026-23107 CVE-2026-23108 CVE-2026-23110

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For the stable distribution (trixie), these problems have been fixed in     version 6.12.69-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 (ip6_gre: make ip6gre_header()     robust) Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves     team or bonding drivers ability to dynamically change their dev->needed_headroom and/or     dev->hard_header_len In this particular crash mld_newpack() allocated an skb with a too small     reserve/headroom, and by the time mld_sendpack() was called, syzbot managed to attach an ipgre device. [1]     skbuff: skb_under_panic: text:ffffffff89ea3cb7 len:2030915468 put:2030915372 head:ffff888058b43000     data:ffff887fdfa6e194 tail:0x120 end:0x6c0 dev:team0 kernel BUG at net/core/skbuff.c:213 ! Oops: invalid     opcode: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 1322 Comm: kworker/1:9 Not tainted syzkaller #0     PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025     Workqueue: mld mld_ifc_work RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:213 Call Trace: <TASK>     skb_under_panic net/core/skbuff.c:223 [inline] skb_push+0xc3/0xe0 net/core/skbuff.c:2641     ipgre_header+0x67/0x290 net/ipv4/ip_gre.c:897 dev_hard_header include/linux/netdevice.h:3436 [inline]     neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618 NF_HOOK_COND include/linux/netfilter.h:307     [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318     mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855 mld_send_cr net/ipv6/mcast.c:2154 [inline]     mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693 process_one_work kernel/workqueue.c:3257 [inline]     process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340 worker_thread+0x8a0/0xda0     kernel/workqueue.c:3421 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x510/0xa50     arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 (CVE-2026-23011)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
303103	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-114 (ALASKERNEL-5.10-2026-114)	Nessus	Amazon Linux Local Security Checks	high
303082	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-099 (ALASKERNEL-5.15-2026-099)	Nessus	Amazon Linux Local Security Checks	high
301901	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50145)	Nessus	Oracle Linux Local Security Checks	high
301875	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50144)	Nessus	Oracle Linux Local Security Checks	high
301346	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1468)	Nessus	Amazon Linux Local Security Checks	high
301337	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1455)	Nessus	Amazon Linux Local Security Checks	high
301269	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-098 (ALASKERNEL-5.15-2026-098)	Nessus	Amazon Linux Local Security Checks	high
300556	openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20287-1)	Nessus	SuSE Local Security Checks	high
299715	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0587-1)	Nessus	SuSE Local Security Checks	high
299662	Photon OS 4.0: Linux PHSA-2026-4.0-0965	Nessus	PhotonOS Local Security Checks	critical
298945	Photon OS 5.0: Linux PHSA-2026-5.0-0752	Nessus	PhotonOS Local Security Checks	high
298924	SUSE SLES12 : Recommended update for initial livepatch (SUSE-SU-2026:0473-1)	Nessus	SuSE Local Security Checks	high
298917	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0472-1)	Nessus	SuSE Local Security Checks	high
298739	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2026:0447-1)	Nessus	SuSE Local Security Checks	high
298680	Debian dla-4475 : ata-modules-5.10.0-35-armmp-di - security update	Nessus	Debian Local Security Checks	high
298659	Debian dla-4476 : linux-config-6.1 - security update	Nessus	Debian Local Security Checks	high
298404	Debian dsa-6127 : affs-modules-6.1.0-37-4kc-malta-di - security update	Nessus	Debian Local Security Checks	high
298403	Debian dsa-6126 : ata-modules-6.12.31-armmp-di - security update	Nessus	Debian Local Security Checks	high
296542	Linux Distros Unpatched Vulnerability : CVE-2026-23011	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-23011

medium

Tenable Plugins

high

high

high

high

high

high

high

high

high

critical

high

high

high

high

high

high

high

high

medium