The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0153 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

      CVE-2022-47929:
      In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows     an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control     configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in     net/sched/sch_api.c.

      CVE-2023-0386:
      A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with     capabilities was found in the Linux kernels OverlayFS subsystem in how a user copies a capable file     from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their     privileges on the system.

      CVE-2023-1380:
      A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur     when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading     to a denial of service.

      CVE-2023-26545:
      In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation     failure (for registering the sysctl table under a new location) during the renaming of a device.

      CVE-2023-32233:
      In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch     requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local     users can obtain root privileges. This occurs because anonymous sets are mishandled.

      CVE-2021-3759:
      A memory overflow vulnerability was found in the Linux kernels ipc functionality of the memcg     subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw     allows a local user to starve the resources, causing a denial of service. The highest threat from this     vulnerability is to system availability.

      CVE-2022-2663:
      An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused     and incorrectly matches the message. A firewall may be able to be bypassed when users are using     unencrypted IRC with nf_conntrack_irc configured.

      CVE-2022-2905:
      An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the     bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to     gain unauthorized access to data.

      CVE-2022-3028:
      A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)     when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to     potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read     and copying it into a socket.

      CVE-2022-3061:
      Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver     through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by     zero error.

      CVE-2022-3169:
      A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive     request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver,     resulting in a PCIe link disconnect.

      CVE-2022-3303:
      A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could     lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root     or member of the audio group) could use this flaw to crash the system, resulting in a denial of service     condition

      CVE-2022-3521:
      A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects     the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to     race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier     assigned to this vulnerability.

      CVE-2022-3534:
      A vulnerability classified as critical has been found in Linux Kernel. Affected is the function     btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to     use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability     is VDB-211032.

      CVE-2022-40307:
      An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a     race condition with a resultant use-after-free.

      CVE-2022-40768:
      drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive     information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

      CVE-2022-41674:
      An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could     cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

      CVE-2022-42720:
      Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through     5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-     free conditions to potentially execute code.

      CVE-2022-42721:
      A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x     before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and,     in turn, potentially execute code.

      CVE-2022-42895:
      There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's     l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.
      We recommend upgrading past commit     https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e     https://www.google.com/url

      CVE-2022-45934:
      An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in     net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

      CVE-2022-4662:
      A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user     attaches usb device. A local user could use this flaw to crash the system.

      CVE-2022-47520:
      An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in     drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds     read when parsing a Robust Security Network (RSN) information element from a Netlink packet.

      CVE-2023-1074:
      A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may     occur when a user starts a malicious networking service and someone connects to this service. This could     allow a local user to starve resources, causing a denial of service.

      CVE-2023-1076:
      A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a     type confusion in their initialization function. While it will be often correct, as tuntap devices require     CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This     would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing     network filters.

      CVE-2023-1095:
      In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free     the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a     list -- the list head is all zeroes, this results in a NULL pointer dereference.

      CVE-2023-1118:
      A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in     the way user detaching rc device. A local user could use this flaw to crash the system or potentially     escalate their privileges on the system.

      CVE-2023-1281:
      Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege     Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-     after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this     vulnerability to elevate its privileges to root.
      This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.

      CVE-2023-23000:
      In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node     return value. Callers expect NULL in the error case, but an error pointer is used.

      CVE-2023-23004:
      In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table     return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

      CVE-2023-23454:
      cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes     indicate a TC_ACT_SHOT condition rather than valid classification results).

      CVE-2023-23455:
      atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a     denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT     condition rather than valid classification results).

      CVE-2023-23559:
      In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an     integer overflow in an addition.

      CVE-2022-2978:
      A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function     security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use     this flaw to crash the system or potentially escalate their privileges on the system.

      CVE-2022-3621:
      A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the     function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The     manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is     recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.

      CVE-2022-3625:
      A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function     devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier     VDB-211929 was assigned to this vulnerability.

      CVE-2022-3629:
      A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability     affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory     leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this     vulnerability.

      CVE-2022-3646:
      A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects     the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The     manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a     patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.

      CVE-2022-3649:
      A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the     function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use     after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this     issue. The identifier of this vulnerability is VDB-211992.

      CVE-2022-0435:
      A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user     sends a packet with malicious content where the number of domain member nodes is higher than the 64     allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they     have access to the TIPC network.

      CVE-2022-1016:
      A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a     use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel     information leak problem caused by a local, unprivileged attacker.

      CVE-2022-32250:
      net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create     user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to     a use-after-free.

      CVE-2021-45095:
      pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

      CVE-2022-1055:
      A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain     privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past     commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

      CVE-2022-1353:
      A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This     flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a     leak of internal kernel information.

      CVE-2022-20154:
      In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could     lead to local escalation of privilege with System execution privileges needed. User interaction is not     needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References:
    Upstream kernel

      CVE-2022-28356:
      In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

TencentOS Server 3: kernel (TSSA-2023:0153)

high Nessus Plugin ID 239045

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Dec 5, 2025, 9:00 PM Detection (updated detection logic) Plugin Feed: 202512052100
Version 1.3 Nov 23, 2025, 9:24 PM CISA reference Exploit attributes ("Exploit framework core" set to "True") Exploit attributes ("Exploit framework metasploit" set to "True") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202511232124
Version 1.2 Nov 21, 2025, 2:12 PM CVE (set "CVE" coverage to "CVE-2021-3759,CVE-2021-45095,CVE-2022-0435,CVE-2022-1016,CVE-2022-1055,CVE-2022-1353,CVE-2022-20154,CVE-2022-2663,CVE-2022-28356,CVE-2022-2905,CVE-2022-2978,CVE-2022-3028,CVE-2022-3061,CVE-2022-3169,CVE-2022-32250,CVE-2022-3303,CVE-2022-3521,CVE-2022-3534,CVE-2022-3621,CVE-2022-3625,CVE-2022-3629,CVE-2022-3646,CVE-2022-3649,CVE-2022-40307,CVE-2022-40768,CVE-2022-41674,CVE-2022-42720,CVE-2022-42721,CVE-2022-42895,CVE-2022-45934,CVE-2022-4662,CVE-2022-47520,CVE-2022-47929,CVE-2023-0386,CVE-2023-1074,CVE-2023-1076,CVE-2023-1095,CVE-2023-1118,CVE-2023-1281,CVE-2023-1380,CVE-2023-23000,CVE-2023-23004,CVE-2023-23454,CVE-2023-23455,CVE-2023-23559,CVE-2023-26545,CVE-2023-32233") CVSS metrics ("CVSSv2 score" set to 9.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 8.6) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:A") CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (set to "CVE-2022-0435") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin metadata Plugin Feed: 202511211412
Version 1.1 Jun 17, 2025, 2:02 AM New Plugin Feed: 202506170202