Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2023-359-01)

medium Nessus Plugin ID 187293


The remote Slackware Linux host is missing a security update to kernel-generic.


The version of kernel-generic installed on the remote host is prior to 5.15.145 / 5.15.145_smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-359-01 advisory.

- An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)

- An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade the affected kernel-generic package.

See Also

Plugin Details

Severity: Medium

ID: 187293

File Name: Slackware_SSA_2023-359-01.nasl

Version: 1.0

Type: local

Published: 12/25/2023

Updated: 12/25/2023

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2023-6121


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:kernel-generic, p-cpe:/a:slackware:slackware_linux:kernel-generic-smp, p-cpe:/a:slackware:slackware_linux:kernel-headers, p-cpe:/a:slackware:slackware_linux:kernel-huge, p-cpe:/a:slackware:slackware_linux:kernel-huge-smp, p-cpe:/a:slackware:slackware_linux:kernel-modules, p-cpe:/a:slackware:slackware_linux:kernel-modules-smp, p-cpe:/a:slackware:slackware_linux:kernel-source, cpe:/o:slackware:slackware_linux:15.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Ease: No known exploits are available

Patch Publication Date: 12/25/2023

Vulnerability Publication Date: 10/29/2023

Reference Information

CVE: CVE-2023-46862, CVE-2023-6121