The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - bpf: Fix reference count leak in bpf_prog_test_run_xdp() syzbot is reporting unregister_netdevice: waiting     for sit0 to become free. Usage count = 2 problem. A debug printk() patch found that a refcount is obtained     at xdp_convert_md_to_buff() from bpf_prog_test_run_xdp(). According to commit ec94670fcb3b (bpf: Support     specifying ingress via xdp_md context in BPF_PROG_TEST_RUN), the refcount obtained by     xdp_convert_md_to_buff() will be released by xdp_convert_buff_to_md(). Therefore, we can consider that the     error handling path introduced by commit 1c1949982524 (bpf: introduce frags support to     bpf_prog_test_run_xdp()) forgot to call xdp_convert_buff_to_md(). (CVE-2026-22994)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2026-22994

high Nessus Plugin ID 296411

Version 1.3