It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-876 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083)

    In the Linux kernel, the following vulnerability has been resolved:

    netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (CVE-2025-21703)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (CVE-2025-21779)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-876)

high Nessus Plugin ID 232711

Version 1.3