In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the slave device beforehand. When a gretap tunnel is a TEQL slave, the transmit path reaches iptunnel_xmit() which saves dev = skb->dev (still pointing to teql0 master) and later calls iptunnel_xmit_stats(dev, pkt_len). This function does: get_cpu_ptr(dev->tstats) Since teql_master_setup() does not set dev->pcpu_stat_type to NETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats for teql0, so dev->tstats is NULL. get_cpu_ptr(NULL) computes NULL + __per_cpu_offset[cpu], resulting in a page fault. BUG: unable to handle page fault for address: ffff8880e6659018 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 68bc067 P4D 68bc067 PUD 0 Oops: Oops: 0002 [#1] SMP KASAN PTI RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89) Call Trace: <TASK> ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847) __gre_xmit (net/ipv4/ip_gre.c:478) gre_tap_xmit (net/ipv4/ip_gre.c:779) teql_master_xmit (net/sched/sch_teql.c:319) dev_hard_start_xmit (net/core/dev.c:3887) sch_direct_xmit (net/sched/sch_generic.c:347) __dev_queue_xmit (net/core/dev.c:4802) neigh_direct_output (net/core/neighbour.c:1660) ip_finish_output2 (net/ipv4/ip_output.c:237) __ip_finish_output.part.0 (net/ipv4/ip_output.c:315) ip_mc_output (net/ipv4/ip_output.c:369) ip_send_skb (net/ipv4/ip_output.c:1508) udp_send_skb (net/ipv4/udp.c:1195) udp_sendmsg (net/ipv4/udp.c:1485) inet_sendmsg (net/ipv4/af_inet.c:859) __sys_sendto (net/socket.c:2206) Fix this by setting skb->dev = slave before calling netdev_start_xmit(), so that tunnel xmit functions see the correct slave device with properly allocated tstats.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4561 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4561-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     May 02, 2026                                  https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-6.1     Version        : 6.1.170-1~deb11u1     CVE ID         : CVE-2023-53228 CVE-2023-53510 CVE-2023-53545 CVE-2024-47736                      CVE-2024-47809 CVE-2024-49998 CVE-2024-50298 CVE-2024-56719                      CVE-2025-21676 CVE-2025-21682 CVE-2025-37945 CVE-2025-37980                      CVE-2025-38105 CVE-2025-38162 CVE-2025-38192 CVE-2025-38250                      CVE-2025-38303 CVE-2025-38436 CVE-2025-38626 CVE-2025-38659                      CVE-2025-38704 CVE-2025-39748 CVE-2025-39764 CVE-2025-39863                      CVE-2025-40005 CVE-2025-40016 CVE-2025-40135 CVE-2025-40219                      CVE-2025-40242 CVE-2025-40261 CVE-2025-40358 CVE-2025-68206                      CVE-2025-68239 CVE-2025-68265 CVE-2025-71067 CVE-2025-71161                      CVE-2025-71221 CVE-2025-71265 CVE-2025-71266 CVE-2025-71267                      CVE-2025-71269 CVE-2026-23100 CVE-2026-23113 CVE-2026-23141                      CVE-2026-23154 CVE-2026-23157 CVE-2026-23204 CVE-2026-23227                      CVE-2026-23231 CVE-2026-23242 CVE-2026-23243 CVE-2026-23245                      CVE-2026-23253 CVE-2026-23270 CVE-2026-23271 CVE-2026-23273                      CVE-2026-23274 CVE-2026-23277 CVE-2026-23279 CVE-2026-23281                      CVE-2026-23284 CVE-2026-23286 CVE-2026-23287 CVE-2026-23289                      CVE-2026-23290 CVE-2026-23291 CVE-2026-23292 CVE-2026-23293                      CVE-2026-23296 CVE-2026-23298 CVE-2026-23300 CVE-2026-23303                      CVE-2026-23304 CVE-2026-23306 CVE-2026-23307 CVE-2026-23312                      CVE-2026-23315 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319                      CVE-2026-23321 CVE-2026-23324 CVE-2026-23335 CVE-2026-23336                      CVE-2026-23339 CVE-2026-23340 CVE-2026-23343 CVE-2026-23351                      CVE-2026-23352 CVE-2026-23356 CVE-2026-23357 CVE-2026-23359                      CVE-2026-23362 CVE-2026-23364 CVE-2026-23365 CVE-2026-23367                      CVE-2026-23368 CVE-2026-23370 CVE-2026-23372 CVE-2026-23378                      CVE-2026-23379 CVE-2026-23381 CVE-2026-23382 CVE-2026-23388                      CVE-2026-23391 CVE-2026-23392 CVE-2026-23395 CVE-2026-23396                      CVE-2026-23397 CVE-2026-23398 CVE-2026-23401 CVE-2026-23414                      CVE-2026-23420 CVE-2026-23422 CVE-2026-23426 CVE-2026-23428                      CVE-2026-23434 CVE-2026-23438 CVE-2026-23439 CVE-2026-23446                      CVE-2026-23449 CVE-2026-23450 CVE-2026-23452 CVE-2026-23454                      CVE-2026-23455 CVE-2026-23456 CVE-2026-23457 CVE-2026-23458                      CVE-2026-23460 CVE-2026-23462 CVE-2026-23463 CVE-2026-23474                      CVE-2026-23475 CVE-2026-31389 CVE-2026-31391 CVE-2026-31392                      CVE-2026-31393 CVE-2026-31396 CVE-2026-31399 CVE-2026-31400                      CVE-2026-31402 CVE-2026-31403 CVE-2026-31405 CVE-2026-31408                      CVE-2026-31409 CVE-2026-31411 CVE-2026-31412 CVE-2026-31414                      CVE-2026-31415 CVE-2026-31416 CVE-2026-31417 CVE-2026-31418                      CVE-2026-31421 CVE-2026-31422 CVE-2026-31423 CVE-2026-31424                      CVE-2026-31425 CVE-2026-31426 CVE-2026-31427 CVE-2026-31428                      CVE-2026-31431 CVE-2026-31433 CVE-2026-31434 CVE-2026-31441                      CVE-2026-31446 CVE-2026-31447 CVE-2026-31448 CVE-2026-31450                      CVE-2026-31452 CVE-2026-31453 CVE-2026-31454 CVE-2026-31455                      CVE-2026-31464 CVE-2026-31466 CVE-2026-31467 CVE-2026-31469                      CVE-2026-31473 CVE-2026-31476 CVE-2026-31477 CVE-2026-31478                      CVE-2026-31480 CVE-2026-31483 CVE-2026-31485 CVE-2026-31492                      CVE-2026-31494 CVE-2026-31495 CVE-2026-31496 CVE-2026-31497                      CVE-2026-31498 CVE-2026-31503 CVE-2026-31504 CVE-2026-31507                      CVE-2026-31508 CVE-2026-31509 CVE-2026-31510 CVE-2026-31512                      CVE-2026-31515 CVE-2026-31518 CVE-2026-31519 CVE-2026-31520                      CVE-2026-31521 CVE-2026-31522 CVE-2026-31523 CVE-2026-31524                      CVE-2026-31533 CVE-2026-31540 CVE-2026-31545 CVE-2026-31546                      CVE-2026-31548 CVE-2026-31549 CVE-2026-31550 CVE-2026-31551                      CVE-2026-31552 CVE-2026-31555 CVE-2026-31563 CVE-2026-31565                      CVE-2026-31566 CVE-2026-31570 CVE-2026-31628 CVE-2026-31634                      CVE-2026-31649 CVE-2026-31651 CVE-2026-31656 CVE-2026-31657                      CVE-2026-31658 CVE-2026-31659 CVE-2026-31660 CVE-2026-31661                      CVE-2026-31662 CVE-2026-31664 CVE-2026-31665 CVE-2026-31667                      CVE-2026-31668 CVE-2026-31669 CVE-2026-31670 CVE-2026-31671                      CVE-2026-31672 CVE-2026-31674 CVE-2026-31678 CVE-2026-31679                      CVE-2026-31680 CVE-2026-31682 CVE-2026-31683 CVE-2026-31689                      CVE-2026-31695 CVE-2026-31720 CVE-2026-31721 CVE-2026-31726                      CVE-2026-31728 CVE-2026-31737 CVE-2026-31738 CVE-2026-31747                      CVE-2026-31748 CVE-2026-31749 CVE-2026-31751 CVE-2026-31752                      CVE-2026-31754 CVE-2026-31755 CVE-2026-31756 CVE-2026-31758                      CVE-2026-31759 CVE-2026-31761 CVE-2026-31762 CVE-2026-31763                      CVE-2026-31768 CVE-2026-31770 CVE-2026-31773 CVE-2026-31776                      CVE-2026-31778 CVE-2026-31779 CVE-2026-31780 CVE-2026-31781                      CVE-2026-31786 CVE-2026-31787 CVE-2026-31788 CVE-2026-43011                      CVE-2026-43013 CVE-2026-43014 CVE-2026-43015 CVE-2026-43017                      CVE-2026-43018 CVE-2026-43020 CVE-2026-43023 CVE-2026-43024                      CVE-2026-43025 CVE-2026-43026 CVE-2026-43027 CVE-2026-43028                      CVE-2026-43030 CVE-2026-43032 CVE-2026-43033 CVE-2026-43035                      CVE-2026-43037 CVE-2026-43038 CVE-2026-43040 CVE-2026-43041                      CVE-2026-43043 CVE-2026-43046 CVE-2026-43047 CVE-2026-43050                      CVE-2026-43051 CVE-2026-43054 CVE-2026-43057

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For Debian 11 bullseye, these problems have been fixed in version     6.1.170-1~deb11u1.

    We recommend that you upgrade your linux-6.1 packages.

    For the detailed security status of linux-6.1 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-6.1

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1668-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues

    The following security issues were fixed:

    - CVE-2024-26584: net/tls: return ENOTSUPP on tls_init() (bsc#1220186).
    - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
    - CVE-2025-39759: btrfs: qgroup: fix race between quota disable and quota rescan ioctl (bsc#1249522).
    - CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent     (bsc#1259865).
    - CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC     (bsc#1259889).
    - CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221).
    - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
    - CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
    - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
    - CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
    - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009).
    - CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit     (bsc#1259997).
    - CVE-2026-23318: ALSA: usb-audio: Use correct version for UAC3 header validation (bsc#1260536).
    - CVE-2026-23362: can: bcm: fix locking for bcm_op runtime updates (bsc#1260489).
    - CVE-2026-23382: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (bsc#1260551).
    - CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
    - CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).

    The following non security issues were fixed:

    - btrfs: fix processing of delayed data refs during backref walking (bsc#1228031).
    - fs: skip superblock shrink on frozen xfs filesystems (bsc#1259770).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6243 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6243-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     May 01, 2026                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : linux     CVE ID         : CVE-2023-53228 CVE-2023-53510 CVE-2023-53545 CVE-2024-47736                      CVE-2024-47809 CVE-2024-49998 CVE-2024-50298 CVE-2024-56719                      CVE-2025-21676 CVE-2025-21682 CVE-2025-37945 CVE-2025-37980                      CVE-2025-38105 CVE-2025-38162 CVE-2025-38192 CVE-2025-38250                      CVE-2025-38303 CVE-2025-38436 CVE-2025-38626 CVE-2025-38659                      CVE-2025-38704 CVE-2025-39748 CVE-2025-39764 CVE-2025-39863                      CVE-2025-40005 CVE-2025-40016 CVE-2025-40135 CVE-2025-40219                      CVE-2025-40242 CVE-2025-40261 CVE-2025-40358 CVE-2025-68206                      CVE-2025-68239 CVE-2025-68265 CVE-2025-71067 CVE-2025-71161                      CVE-2025-71221 CVE-2025-71265 CVE-2025-71266 CVE-2025-71267                      CVE-2025-71269 CVE-2026-23100 CVE-2026-23113 CVE-2026-23141                      CVE-2026-23154 CVE-2026-23157 CVE-2026-23204 CVE-2026-23227                      CVE-2026-23231 CVE-2026-23242 CVE-2026-23243 CVE-2026-23245                      CVE-2026-23253 CVE-2026-23270 CVE-2026-23271 CVE-2026-23273                      CVE-2026-23274 CVE-2026-23277 CVE-2026-23279 CVE-2026-23281                      CVE-2026-23284 CVE-2026-23286 CVE-2026-23287 CVE-2026-23289                      CVE-2026-23290 CVE-2026-23291 CVE-2026-23292 CVE-2026-23293                      CVE-2026-23296 CVE-2026-23298 CVE-2026-23300 CVE-2026-23303                      CVE-2026-23304 CVE-2026-23306 CVE-2026-23307 CVE-2026-23312                      CVE-2026-23315 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319                      CVE-2026-23321 CVE-2026-23324 CVE-2026-23335 CVE-2026-23336                      CVE-2026-23339 CVE-2026-23340 CVE-2026-23343 CVE-2026-23351                      CVE-2026-23352 CVE-2026-23356 CVE-2026-23357 CVE-2026-23359                      CVE-2026-23362 CVE-2026-23364 CVE-2026-23365 CVE-2026-23367                      CVE-2026-23368 CVE-2026-23370 CVE-2026-23372 CVE-2026-23378                      CVE-2026-23379 CVE-2026-23381 CVE-2026-23382 CVE-2026-23388                      CVE-2026-23391 CVE-2026-23392 CVE-2026-23395 CVE-2026-23396                      CVE-2026-23397 CVE-2026-23398 CVE-2026-23401 CVE-2026-23414                      CVE-2026-23420 CVE-2026-23422 CVE-2026-23426 CVE-2026-23428                      CVE-2026-23434 CVE-2026-23438 CVE-2026-23439 CVE-2026-23446                      CVE-2026-23449 CVE-2026-23450 CVE-2026-23452 CVE-2026-23454                      CVE-2026-23455 CVE-2026-23456 CVE-2026-23457 CVE-2026-23458                      CVE-2026-23460 CVE-2026-23462 CVE-2026-23463 CVE-2026-23474                      CVE-2026-23475 CVE-2026-31389 CVE-2026-31391 CVE-2026-31392                      CVE-2026-31393 CVE-2026-31396 CVE-2026-31399 CVE-2026-31400                      CVE-2026-31402 CVE-2026-31403 CVE-2026-31405 CVE-2026-31408                      CVE-2026-31409 CVE-2026-31411 CVE-2026-31412 CVE-2026-31414                      CVE-2026-31415 CVE-2026-31416 CVE-2026-31417 CVE-2026-31418                      CVE-2026-31421 CVE-2026-31422 CVE-2026-31423 CVE-2026-31424                      CVE-2026-31425 CVE-2026-31426 CVE-2026-31427 CVE-2026-31428                      CVE-2026-31431 CVE-2026-31433 CVE-2026-31434 CVE-2026-31441                      CVE-2026-31446 CVE-2026-31447 CVE-2026-31448 CVE-2026-31450                      CVE-2026-31452 CVE-2026-31453 CVE-2026-31454 CVE-2026-31455                      CVE-2026-31464 CVE-2026-31466 CVE-2026-31467 CVE-2026-31469                      CVE-2026-31473 CVE-2026-31476 CVE-2026-31477 CVE-2026-31478                      CVE-2026-31480 CVE-2026-31483 CVE-2026-31485 CVE-2026-31492                      CVE-2026-31494 CVE-2026-31495 CVE-2026-31496 CVE-2026-31497                      CVE-2026-31498 CVE-2026-31503 CVE-2026-31504 CVE-2026-31507                      CVE-2026-31508 CVE-2026-31509 CVE-2026-31510 CVE-2026-31512                      CVE-2026-31515 CVE-2026-31518 CVE-2026-31519 CVE-2026-31520                      CVE-2026-31521 CVE-2026-31522 CVE-2026-31523 CVE-2026-31524                      CVE-2026-31533 CVE-2026-31540 CVE-2026-31545 CVE-2026-31546                      CVE-2026-31548 CVE-2026-31549 CVE-2026-31550 CVE-2026-31551                      CVE-2026-31552 CVE-2026-31555 CVE-2026-31563 CVE-2026-31565                      CVE-2026-31566 CVE-2026-31570 CVE-2026-31628 CVE-2026-31634                      CVE-2026-31649 CVE-2026-31651 CVE-2026-31656 CVE-2026-31657                      CVE-2026-31658 CVE-2026-31659 CVE-2026-31660 CVE-2026-31661                      CVE-2026-31662 CVE-2026-31664 CVE-2026-31665 CVE-2026-31667                      CVE-2026-31668 CVE-2026-31669 CVE-2026-31670 CVE-2026-31671                      CVE-2026-31672 CVE-2026-31674 CVE-2026-31678 CVE-2026-31679                      CVE-2026-31680 CVE-2026-31682 CVE-2026-31683 CVE-2026-31689                      CVE-2026-31695 CVE-2026-31720 CVE-2026-31721 CVE-2026-31726                      CVE-2026-31728 CVE-2026-31737 CVE-2026-31738 CVE-2026-31747                      CVE-2026-31748 CVE-2026-31749 CVE-2026-31751 CVE-2026-31752                      CVE-2026-31754 CVE-2026-31755 CVE-2026-31756 CVE-2026-31758                      CVE-2026-31759 CVE-2026-31761 CVE-2026-31762 CVE-2026-31763                      CVE-2026-31768 CVE-2026-31770 CVE-2026-31773 CVE-2026-31776                      CVE-2026-31778 CVE-2026-31779 CVE-2026-31780 CVE-2026-31781                      CVE-2026-31786 CVE-2026-31787 CVE-2026-31788 CVE-2026-43011                      CVE-2026-43013 CVE-2026-43014 CVE-2026-43015 CVE-2026-43017                      CVE-2026-43018 CVE-2026-43020 CVE-2026-43023 CVE-2026-43024                      CVE-2026-43025 CVE-2026-43026 CVE-2026-43027 CVE-2026-43028                      CVE-2026-43030 CVE-2026-43032 CVE-2026-43033 CVE-2026-43035                      CVE-2026-43037 CVE-2026-43038 CVE-2026-43040 CVE-2026-43041                      CVE-2026-43043 CVE-2026-43046 CVE-2026-43047 CVE-2026-43050                      CVE-2026-43051 CVE-2026-43054 CVE-2026-43057

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 6.1.170-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1596 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    nvme: fix memory allocation in nvme_pr_read_keys() (CVE-2026-23244)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: act_gate: snapshot parameters with RCU on replace (CVE-2026-23245)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: secure_seq: add back ports to TS offset (CVE-2026-23247)

    In the Linux kernel, the following vulnerability has been resolved:

    perf/core: Fix refcount bug and potential UAF in perf_mmap (CVE-2026-23248)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CVE-2026-23270)

    In the Linux kernel, the following vulnerability has been resolved:

    perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (CVE-2026-23271)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: unconditionally bump set->nelems before insertion (CVE-2026-23272)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)

    In the Linux kernel, the following vulnerability has been resolved:

    io_uring: ensure ctx->rings is stable for task work flags manipulation (CVE-2026-23275)

    In the Linux kernel, the following vulnerability has been resolved:

    net: add xmit recursion limit to tunnel xmit functions (CVE-2026-23276)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: always walk all pending catchall elements (CVE-2026-23278)

    In the Linux kernel, the following vulnerability has been resolved:

    smb: client: fix oops due to uninitialised var in smb2_unlink() (CVE-2026-23282)

    In the Linux kernel, the following vulnerability has been resolved:

    drbd: fix null-pointer dereference on local read error (CVE-2026-23285)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: target: Fix recursive locking in __configfs_open_file() (CVE-2026-23292)

    In the Linux kernel, the following vulnerability has been resolved:

    net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23293)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Fix race in devmap on PREEMPT_RT (CVE-2026-23294)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Fix refcount leak for tagset_refcnt (CVE-2026-23296)

    In the Linux kernel, the following vulnerability has been resolved:

    nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). (CVE-2026-23297)

    In the Linux kernel, the following vulnerability has been resolved:

    net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (CVE-2026-23300)

    In the Linux kernel, the following vulnerability has been resolved:

    net: annotate data-races around sk->sk_{data_ready,write_space} (CVE-2026-23302)

    In the Linux kernel, the following vulnerability has been resolved:

    smb: client: Don't log plaintext credentials in cifs_set_cifscreds (CVE-2026-23303)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (CVE-2026-23304)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Add NULL pointer check to trigger_data_free() (CVE-2026-23309)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded (CVE-2026-23310)

    In the Linux kernel, the following vulnerability has been resolved:

    perf/core: Fix invalid wait context in ctx_sched_in() (CVE-2026-23311)

    In the Linux kernel, the following vulnerability has been resolved:

    i40e: Fix preempt count leak in napi poll tracepoint (CVE-2026-23313)

    In the Linux kernel, the following vulnerability has been resolved:

    net: ipv4: fix ARM64 alignment fault in multipath hash seed (CVE-2026-23316)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (CVE-2026-23317)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (CVE-2026-23319)

    In the Linux kernel, the following vulnerability has been resolved:

    mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321)

    In the Linux kernel, the following vulnerability has been resolved:

    ipmi: Fix use-after-free and list corruption on sender error (CVE-2026-23322)

    In the Linux kernel, the following vulnerability has been resolved:

    xsk: Fix fragment node deletion to prevent buffer leak (CVE-2026-23326)

    In the Linux kernel, the following vulnerability has been resolved:

    libie: don't unroll if fwlog isn't supported (CVE-2026-23329)

    In the Linux kernel, the following vulnerability has been resolved:

    udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. (CVE-2026-23331)

    In the Linux kernel, the following vulnerability has been resolved:

    cpufreq: intel_pstate: Fix crash during turbo disable (CVE-2026-23332)

    In the Linux kernel, the following vulnerability has been resolved:

    net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (CVE-2026-23340)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Fix race in cpumap on PREEMPT_RT (CVE-2026-23342)

    In the Linux kernel, the following vulnerability has been resolved:

    xdp: produce a warning when calculated tailroom is negative (CVE-2026-23343)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled (CVE-2026-23345)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: io: Extract user memory type in ioremap_prot() (CVE-2026-23346)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (CVE-2026-23351)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/efi: defer freeing of boot services memory (CVE-2026-23352)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/fred: Correct speculative safety in fred_extint() (CVE-2026-23354)

    In the Linux kernel, the following vulnerability has been resolved:

    ata: libata: cancel pending work after clearing deferred_qc (CVE-2026-23355)

    In the Linux kernel, the following vulnerability has been resolved:

    drbd: fix LOGIC BUG in drbd_al_begin_io_nonblock() (CVE-2026-23356)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Fix stack-out-of-bounds write in devmap (CVE-2026-23359)

    In the Linux kernel, the following vulnerability has been resolved:

    nvme: fix admin queue leak on controller reset (CVE-2026-23360)

    In the Linux kernel, the following vulnerability has been resolved:

    can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/client: Do not destroy NULL modes (CVE-2026-23366)

    In the Linux kernel, the following vulnerability has been resolved:

    net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)

    In the Linux kernel, the following vulnerability has been resolved:

    i2c: i801: Revert i2c: i801: replace acpi_lock with I2C bus lock (CVE-2026-23369)

    In the Linux kernel, the following vulnerability has been resolved:

    mm: thp: deny THP for files on anonymous inodes (CVE-2026-23375)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Fix WARN_ON in tracing_buffers_mmap_close (CVE-2026-23380)

    In the Linux kernel, the following vulnerability has been resolved:

    net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23381)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (CVE-2026-23383)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: clone set on flush only (CVE-2026-23385)

    In the Linux kernel, the following vulnerability has been resolved:

    Squashfs: check metadata block offset is within range (CVE-2026-23388)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)

    In the Linux kernel, the following vulnerability has been resolved:

    nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)

    In the Linux kernel, the following vulnerability has been resolved:

    icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)

    In the Linux kernel, the following vulnerability has been resolved:

    nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: bpf: defer hook memory release until rcu readers are done (CVE-2026-23412)

    In the Linux kernel, the following vulnerability has been resolved:

    clsact: Fix use-after-free in init/destroy rollback asymmetry (CVE-2026-23413)

    In the Linux kernel, the following vulnerability has been resolved:

    net/rds: Fix circular locking dependency in rds_tcp_tune (CVE-2026-23419)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: free pages on error in btrfs_uring_read_extent() (CVE-2026-23423)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: arm64: Fix ID register initialization for non-protected pKVM guests (CVE-2026-23425)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu/sva: Fix crash in iommu_sva_unbind_device() (CVE-2026-23429)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/vmwgfx: Don't overwrite KMS surface dirty tracker (CVE-2026-23430)

    In the Linux kernel, the following vulnerability has been resolved:

    perf/x86: Move event pointer setup earlier in x86_pmu_enable() (CVE-2026-23435)

    In the Linux kernel, the following vulnerability has been resolved:

    net: shaper: protect from late creation of hierarchy (CVE-2026-23436)

    In the Linux kernel, the following vulnerability has been resolved:

    net: shaper: protect late read accesses to the hierarchy (CVE-2026-23437)

    In the Linux kernel, the following vulnerability has been resolved:

    udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Fix race condition during IPSec ESN update (CVE-2026-23440)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Prevent concurrent access to IPSec ASO context (CVE-2026-23441)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (CVE-2026-23443)

    In the Linux kernel, the following vulnerability has been resolved:

    igc: fix page fault in XDP TX timestamps handling (CVE-2026-23445)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)

    In the Linux kernel, the following vulnerability has been resolved:

    PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: log new dentries when logging parent dir of a conflicting inode (CVE-2026-23465)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915/dmc: Fix an unlikely NULL pointer deference at probe (CVE-2026-23467)

    In the Linux kernel, the following vulnerability has been resolved:

    serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (CVE-2026-23472)

    In the Linux kernel, the following vulnerability has been resolved:

    io_uring/poll: fix multishot recv missing EOF on wakeup race (CVE-2026-23473)

    In the Linux kernel, the following vulnerability has been resolved:

    spi: fix statistics allocation (CVE-2026-23475)

    In the Linux kernel, the following vulnerability has been resolved:

    spi: fix use-after-free on controller registration failure (CVE-2026-31389)

    In the Linux kernel, the following vulnerability has been resolved:

    smb: client: fix krb5 mount with username option (CVE-2026-31392)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd() (CVE-2026-31397)

    In the Linux kernel, the following vulnerability has been resolved:

    mm/rmap: fix incorrect pte restoration for lazyfree folios (CVE-2026-31398)

    In the Linux kernel, the following vulnerability has been resolved:

    nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)

    In the Linux kernel, the following vulnerability has been resolved:

    sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)

    In the Linux kernel, the following vulnerability has been resolved:

    nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

    In the Linux kernel, the following vulnerability has been resolved:

    NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)

    In the Linux kernel, the following vulnerability has been resolved:

    NFSD: Defer sub-object cleanup in export put callbacks (CVE-2026-31404)

    In the Linux kernel, the following vulnerability has been resolved:

    xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1594 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: ctnetlink: remove refcounting in expectation dumpers (CVE-2025-39764)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: use RCU in ip6_xmit() (CVE-2025-40135)

    In the Linux kernel, the following vulnerability has been resolved:

    blk-throttle: fix access race during throttle policy activation (CVE-2025-40147)

    In the Linux kernel, the following vulnerability has been resolved:

    binfmt_misc: restore write access before closing files opened by open_exec() (CVE-2025-68239)

    In the Linux kernel, the following vulnerability has been resolved:

    dm-verity: disable recursive forward error correction (CVE-2025-71161)

    In the Linux kernel, the following vulnerability has been resolved:

    dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Add recursion protection in kernel stack trace recording (CVE-2026-23138)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)

    In the Linux kernel, the following vulnerability has been resolved:

    net: add xmit recursion limit to tunnel xmit functions (CVE-2026-23276)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: always walk all pending catchall elements (CVE-2026-23278)

    In the Linux kernel, the following vulnerability has been resolved:

    mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321)

    In the Linux kernel, the following vulnerability has been resolved:

    net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)

    In the Linux kernel, the following vulnerability has been resolved:

    mm: thp: deny THP for files on anonymous inodes (CVE-2026-23375)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)

    In the Linux kernel, the following vulnerability has been resolved:

    nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)

    In the Linux kernel, the following vulnerability has been resolved:

    icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)

    In the Linux kernel, the following vulnerability has been resolved:

    nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: bpf: defer hook memory release until rcu readers are done (CVE-2026-23412)

    In the Linux kernel, the following vulnerability has been resolved:

    clsact: Fix use-after-free in init/destroy rollback asymmetry (CVE-2026-23413)

    In the Linux kernel, the following vulnerability has been resolved:

    udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Fix race condition during IPSec ESN update (CVE-2026-23440)

    In the Linux kernel, the following vulnerability has been resolved:

    net/mlx5e: Prevent concurrent access to IPSec ASO context (CVE-2026-23441)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (CVE-2026-23443)

    In the Linux kernel, the following vulnerability has been resolved:

    igc: fix page fault in XDP TX timestamps handling (CVE-2026-23445)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)

    In the Linux kernel, the following vulnerability has been resolved:

    PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: log new dentries when logging parent dir of a conflicting inode (CVE-2026-23465)

    In the Linux kernel, the following vulnerability has been resolved:

    spi: fix statistics allocation (CVE-2026-23475)

    In the Linux kernel, the following vulnerability has been resolved:

    spi: fix use-after-free on controller registration failure (CVE-2026-31389)

    In the Linux kernel, the following vulnerability has been resolved:

    smb: client: fix krb5 mount with username option (CVE-2026-31392)

    In the Linux kernel, the following vulnerability has been resolved:

    nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)

    In the Linux kernel, the following vulnerability has been resolved:

    sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)

    In the Linux kernel, the following vulnerability has been resolved:

    HID: bpf: prevent buffer overflow in hid_hw_request (CVE-2026-31401)

    In the Linux kernel, the following vulnerability has been resolved:

    nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

    In the Linux kernel, the following vulnerability has been resolved:

    NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)

    In the Linux kernel, the following vulnerability has been resolved:

    xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6238 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6238-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     April 30, 2026                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : linux     CVE ID         : CVE-2024-14027 CVE-2025-21709 CVE-2025-22116 CVE-2025-22117                      CVE-2025-38426 CVE-2025-38627 CVE-2025-39764 CVE-2025-40005                      CVE-2025-40135 CVE-2025-40147 CVE-2025-40150 CVE-2025-40219                      CVE-2025-68175 CVE-2025-68239 CVE-2025-68334 CVE-2025-68736                      CVE-2025-71152 CVE-2025-71161 CVE-2025-71221 CVE-2025-71239                      CVE-2025-71265 CVE-2025-71266 CVE-2025-71267 CVE-2025-71269                      CVE-2026-22981 CVE-2026-22985 CVE-2026-22986 CVE-2026-22993                      CVE-2026-23004 CVE-2026-23066 CVE-2026-23070 CVE-2026-23104                      CVE-2026-23138 CVE-2026-23157 CVE-2026-23207 CVE-2026-23210                      CVE-2026-23226 CVE-2026-23227 CVE-2026-23231 CVE-2026-23239                      CVE-2026-23240 CVE-2026-23242 CVE-2026-23243 CVE-2026-23244                      CVE-2026-23245 CVE-2026-23246 CVE-2026-23249 CVE-2026-23250                      CVE-2026-23251 CVE-2026-23252 CVE-2026-23253 CVE-2026-23255                      CVE-2026-23270 CVE-2026-23271 CVE-2026-23273 CVE-2026-23274                      CVE-2026-23276 CVE-2026-23277 CVE-2026-23278 CVE-2026-23279                      CVE-2026-23281 CVE-2026-23284 CVE-2026-23285 CVE-2026-23286                      CVE-2026-23287 CVE-2026-23289 CVE-2026-23290 CVE-2026-23291                      CVE-2026-23292 CVE-2026-23293 CVE-2026-23296 CVE-2026-23297                      CVE-2026-23298 CVE-2026-23300 CVE-2026-23302 CVE-2026-23303                      CVE-2026-23304 CVE-2026-23306 CVE-2026-23307 CVE-2026-23308                      CVE-2026-23310 CVE-2026-23312 CVE-2026-23313 CVE-2026-23315                      CVE-2026-23316 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319                      CVE-2026-23321 CVE-2026-23324 CVE-2026-23325 CVE-2026-23330                      CVE-2026-23334 CVE-2026-23335 CVE-2026-23336 CVE-2026-23339                      CVE-2026-23340 CVE-2026-23343 CVE-2026-23347 CVE-2026-23351                      CVE-2026-23352 CVE-2026-23354 CVE-2026-23356 CVE-2026-23357                      CVE-2026-23359 CVE-2026-23360 CVE-2026-23361 CVE-2026-23362                      CVE-2026-23363 CVE-2026-23364 CVE-2026-23365 CVE-2026-23367                      CVE-2026-23368 CVE-2026-23369 CVE-2026-23370 CVE-2026-23372                      CVE-2026-23373 CVE-2026-23374 CVE-2026-23375 CVE-2026-23378                      CVE-2026-23379 CVE-2026-23380 CVE-2026-23381 CVE-2026-23382                      CVE-2026-23383 CVE-2026-23386 CVE-2026-23387 CVE-2026-23388                      CVE-2026-23389 CVE-2026-23391 CVE-2026-23392 CVE-2026-23393                      CVE-2026-23395 CVE-2026-23396 CVE-2026-23397 CVE-2026-23398                      CVE-2026-23399 CVE-2026-23401 CVE-2026-23412 CVE-2026-23413                      CVE-2026-23414 CVE-2026-23417 CVE-2026-23419 CVE-2026-23420                      CVE-2026-23422 CVE-2026-23426 CVE-2026-23427 CVE-2026-23428                      CVE-2026-23434 CVE-2026-23438 CVE-2026-23439 CVE-2026-23440                      CVE-2026-23441 CVE-2026-23442 CVE-2026-23444 CVE-2026-23445                      CVE-2026-23446 CVE-2026-23447 CVE-2026-23448 CVE-2026-23449                      CVE-2026-23450 CVE-2026-23452 CVE-2026-23454 CVE-2026-23455                      CVE-2026-23456 CVE-2026-23457 CVE-2026-23458 CVE-2026-23460                      CVE-2026-23461 CVE-2026-23462 CVE-2026-23463 CVE-2026-23464                      CVE-2026-23465 CVE-2026-23466 CVE-2026-23470 CVE-2026-23474                      CVE-2026-23475 CVE-2026-31389 CVE-2026-31391 CVE-2026-31392                      CVE-2026-31393 CVE-2026-31394 CVE-2026-31396 CVE-2026-31399                      CVE-2026-31400 CVE-2026-31401 CVE-2026-31402 CVE-2026-31403                      CVE-2026-31405 CVE-2026-31406 CVE-2026-31407 CVE-2026-31408                      CVE-2026-31409 CVE-2026-31410 CVE-2026-31411 CVE-2026-31412                      CVE-2026-31414 CVE-2026-31415 CVE-2026-31416 CVE-2026-31417                      CVE-2026-31418 CVE-2026-31421 CVE-2026-31422 CVE-2026-31423                      CVE-2026-31424 CVE-2026-31425 CVE-2026-31426 CVE-2026-31427                      CVE-2026-31428 CVE-2026-31429 CVE-2026-31430 CVE-2026-31431                      CVE-2026-31432 CVE-2026-31433 CVE-2026-31434 CVE-2026-31436                      CVE-2026-31438 CVE-2026-31439 CVE-2026-31440 CVE-2026-31441                      CVE-2026-31446 CVE-2026-31447 CVE-2026-31448 CVE-2026-31449                      CVE-2026-31450 CVE-2026-31451 CVE-2026-31452 CVE-2026-31453                      CVE-2026-31454 CVE-2026-31455 CVE-2026-31458 CVE-2026-31462                      CVE-2026-31464 CVE-2026-31466 CVE-2026-31467 CVE-2026-31469                      CVE-2026-31470 CVE-2026-31473 CVE-2026-31474 CVE-2026-31476                      CVE-2026-31477 CVE-2026-31478 CVE-2026-31479 CVE-2026-31480                      CVE-2026-31482 CVE-2026-31483 CVE-2026-31485 CVE-2026-31487                      CVE-2026-31488 CVE-2026-31489 CVE-2026-31492 CVE-2026-31494                      CVE-2026-31495 CVE-2026-31496 CVE-2026-31497 CVE-2026-31498                      CVE-2026-31500 CVE-2026-31502 CVE-2026-31503 CVE-2026-31504                      CVE-2026-31505 CVE-2026-31506 CVE-2026-31507 CVE-2026-31508                      CVE-2026-31509 CVE-2026-31510 CVE-2026-31511 CVE-2026-31512                      CVE-2026-31515 CVE-2026-31516 CVE-2026-31518 CVE-2026-31519                      CVE-2026-31520 CVE-2026-31521 CVE-2026-31522 CVE-2026-31523                      CVE-2026-31524 CVE-2026-31525 CVE-2026-31527 CVE-2026-31528                      CVE-2026-31530 CVE-2026-31531 CVE-2026-31532 CVE-2026-31533                      CVE-2026-31540 CVE-2026-31542 CVE-2026-31545 CVE-2026-31546                      CVE-2026-31548 CVE-2026-31549 CVE-2026-31550 CVE-2026-31551                      CVE-2026-31552 CVE-2026-31554 CVE-2026-31555 CVE-2026-31556                      CVE-2026-31557 CVE-2026-31558 CVE-2026-31559 CVE-2026-31561                      CVE-2026-31563 CVE-2026-31565 CVE-2026-31566 CVE-2026-31570                      CVE-2026-31575 CVE-2026-31576 CVE-2026-31577 CVE-2026-31578                      CVE-2026-31580 CVE-2026-31581 CVE-2026-31582 CVE-2026-31583                      CVE-2026-31584 CVE-2026-31585 CVE-2026-31586 CVE-2026-31587                      CVE-2026-31588 CVE-2026-31590 CVE-2026-31593 CVE-2026-31594                      CVE-2026-31595 CVE-2026-31596 CVE-2026-31597 CVE-2026-31598                      CVE-2026-31599 CVE-2026-31602 CVE-2026-31603 CVE-2026-31604                      CVE-2026-31605 CVE-2026-31606 CVE-2026-31607 CVE-2026-31610                      CVE-2026-31611 CVE-2026-31612 CVE-2026-31614 CVE-2026-31615                      CVE-2026-31616 CVE-2026-31617 CVE-2026-31618 CVE-2026-31619                      CVE-2026-31622 CVE-2026-31623 CVE-2026-31624 CVE-2026-31625                      CVE-2026-31626 CVE-2026-31627 CVE-2026-31628 CVE-2026-31629                      CVE-2026-31634 CVE-2026-31637 CVE-2026-31638 CVE-2026-31639                      CVE-2026-31642 CVE-2026-31644 CVE-2026-31645 CVE-2026-31646                      CVE-2026-31647 CVE-2026-31648 CVE-2026-31649 CVE-2026-31651                      CVE-2026-31655 CVE-2026-31656 CVE-2026-31657 CVE-2026-31658                      CVE-2026-31659 CVE-2026-31660 CVE-2026-31661 CVE-2026-31662                      CVE-2026-31664 CVE-2026-31665 CVE-2026-31666 CVE-2026-31667                      CVE-2026-31668 CVE-2026-31669 CVE-2026-31670 CVE-2026-31671                      CVE-2026-31672 CVE-2026-31673 CVE-2026-31674 CVE-2026-31675                      CVE-2026-31676 CVE-2026-31677 CVE-2026-31678 CVE-2026-31679                      CVE-2026-31680 CVE-2026-31681 CVE-2026-31682 CVE-2026-31683                      CVE-2026-31684 CVE-2026-31685 CVE-2026-31686 CVE-2026-31689                      CVE-2026-31693 CVE-2026-31786 CVE-2026-31787 CVE-2026-31788

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For the stable distribution (trixie), these problems have been fixed in     version 6.12.85-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1573-1 advisory.

    The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow     (bsc#1252073).
    - CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
    - CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent     (bsc#1259865).
    - CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC     (bsc#1259889).
    - CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()     (bsc#1257561).
    - CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
    - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
    - CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
    - CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
    - CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
    - CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
    - CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()     (bsc#1258414).
    - CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
    - CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
    - CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
    - CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
    - CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
    - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
    - CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
    - CVE-2026-23259: io_uring/rw: free potentially allocated iovec on cache put failure (bsc#1259866).
    - CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks     (bsc#1259886).
    - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
    - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
    - CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit     (bsc#1259997).
    - CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
    - CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
    - CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
    - CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
    - CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).
    - CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
    - CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
    - CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
    - CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
    - CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
    - CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
    - CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
    - CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
    - CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20572-1 advisory.

    The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

    The following security issues were fixed:

    - CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow     (bsc#1252073).
    - CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
    - CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
    - CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759).
    - CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708).
    - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
    - CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
    - CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
    - CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301).
    - CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
    - CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
    - CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()     (bsc#1258414).
    - CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
    - CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
    - CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
    - CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
    - CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
    - CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).
    - CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484).
    - CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
    - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
    - CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
    - CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
    - CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks     (bsc#1259886).
    - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
    - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
    - CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit     (bsc#1259997).
    - CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
    - CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
    - CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
    - CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
    - CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490).
    - CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
    - CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
    - CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606).
    - CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
    - CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
    - CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
    - CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
    - CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
    - CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing     (bsc#1260497).
    - CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
    - CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).
    - CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
    - CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
    - CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
    - CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
    - CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506).
    - CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).

    The following non security issues were fixed:

    - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
    - KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).
    - Revert drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
    - Update config files (bsc#1254307).
    - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
    - apparmor: fix differential encoding verification (bsc#1258849).
    - apparmor: fix memory leak in verify_header (bsc#1258849).
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
    - apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
    - apparmor: fix race on rawdata dereference (bsc#1258849).
    - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
    - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
    - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
    - apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
    - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
    - bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).
    - bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).
    - btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459).
    - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
    - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
    - drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
    - drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
    - drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
    - drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).
    - firmware: microchip: fail auto-update probe if no flash found (git-fixes).
    - kABI: Include trace recursion bits in kABI tracking (bsc#1258301).
    - net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
    - nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).
    - nvme: expose active quirks in sysfs (bsc#1243208).
    - nvme: fix memory leak in quirks_param_set() (bsc#1243208).
    - powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).
    - powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes).
    - s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).
    - s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).
    - s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
    - scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).
    - scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).
    - scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).
    - scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).
    - scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).
    - scsi: fnic: Add stats and related functionality (jsc#PED-15441).
    - scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441).
    - scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441).
    - scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441).
    - scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).
    - scsi: fnic: Code cleanup (jsc#PED-15441).
    - scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).
    - scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441).
    - scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441).
    - scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441).
    - scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).
    - scsi: fnic: Increment driver version (jsc#PED-15441).
    - scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).
    - scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).
    - scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441).
    - scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441).
    - scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).
    - scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).
    - scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441).
    - scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441).
    - scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441).
    - scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441).
    - scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441).
    - scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).
    - scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441).
    - scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441).
    - scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441).
    - scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).
    - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).
    - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).
    - scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042).
    - selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).
    - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).
    - tg3: Fix race for querying speed/duplex (bsc#1257183).
    - x86/platform/uv: Handle deconfigured sockets (bsc#1260347).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the linux package has been released.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls     netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the slave     device beforehand. When a gretap tunnel is a TEQL slave, the transmit path reaches iptunnel_xmit() which     saves dev = skb->dev (still pointing to teql0 master) and later calls iptunnel_xmit_stats(dev, pkt_len).
    This function does: get_cpu_ptr(dev->tstats) Since teql_master_setup() does not set dev->pcpu_stat_type to     NETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats for teql0, so dev->tstats is NULL.
    get_cpu_ptr(NULL) computes NULL + __per_cpu_offset[cpu], resulting in a page fault. BUG: unable to handle     page fault for address: ffff8880e6659018 #PF: supervisor write access in kernel mode #PF:
    error_code(0x0002) - not-present page PGD 68bc067 P4D 68bc067 PUD 0 Oops: Oops: 0002 [#1] SMP KASAN PTI     RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89) Call Trace: <TASK>     ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847) __gre_xmit (net/ipv4/ip_gre.c:478) gre_tap_xmit     (net/ipv4/ip_gre.c:779) teql_master_xmit (net/sched/sch_teql.c:319) dev_hard_start_xmit     (net/core/dev.c:3887) sch_direct_xmit (net/sched/sch_generic.c:347) __dev_queue_xmit (net/core/dev.c:4802)     neigh_direct_output (net/core/neighbour.c:1660) ip_finish_output2 (net/ipv4/ip_output.c:237)
    __ip_finish_output.part.0 (net/ipv4/ip_output.c:315) ip_mc_output (net/ipv4/ip_output.c:369) ip_send_skb     (net/ipv4/ip_output.c:1508) udp_send_skb (net/ipv4/udp.c:1195) udp_sendmsg (net/ipv4/udp.c:1485)     inet_sendmsg (net/ipv4/af_inet.c:859) __sys_sendto (net/socket.c:2206) Fix this by setting skb->dev =     slave before calling netdev_start_xmit(), so that tunnel xmit functions see the correct slave device with     properly allocated tstats. (CVE-2026-23277)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
311783	Debian dla-4561 : linux-config-6.1 - security update	Nessus	Debian Local Security Checks	high
311745	SUSE SLED15 / SLES15 : Recommended update for initial livepatch (SUSE-SU-2026:1661-1)	Nessus	SuSE Local Security Checks	high
311740	SUSE SLES12 : Recommended update for initial livepatch (SUSE-SU-2026:1668-1)	Nessus	SuSE Local Security Checks	high
311547	Debian dsa-6243 : affs-modules-6.1.0-44-4kc-malta-di - security update	Nessus	Debian Local Security Checks	high
311340	Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1596)	Nessus	Amazon Linux Local Security Checks	high
311335	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1594)	Nessus	Amazon Linux Local Security Checks	high
311299	Debian dsa-6238 : ata-modules-6.12.74+deb13+1-armmp-di - security update	Nessus	Debian Local Security Checks	high
310061	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:1573-1)	Nessus	SuSE Local Security Checks	high
309153	openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20572-1)	Nessus	SuSE Local Security Checks	high
304154	Photon OS 5.0: Linux PHSA-2026-5.0-0798	Nessus	PhotonOS Local Security Checks	high
304153	Photon OS 4.0: Linux PHSA-2026-4.0-0987	Nessus	PhotonOS Local Security Checks	high
303175	Linux Distros Unpatched Vulnerability : CVE-2026-23277	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-23277

medium

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

medium