The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6896-2 advisory.

    It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition,     leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or     possibly execute arbitrary code. (CVE-2023-6270)

    It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data     structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial     of service. (CVE-2023-7042)

    Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race     condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of     service (system crash). (CVE-2024-22099)

    Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition,     leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a     denial of service (system crash). (CVE-2024-23307)

    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when     modifying certain settings values through debugfs. A privileged local attacker could use this to cause a     denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

    Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a     race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause     a denial of service (system crash). (CVE-2024-24861)

    Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did     not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this     to cause a denial of service (system crash). (CVE-2024-25739)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - x86 architecture;

    - Block layer subsystem;

    - Accessibility subsystem;

    - ACPI drivers;

    - Android drivers;

    - Bluetooth drivers;

    - Clock framework and drivers;

    - Data acquisition framework and drivers;

    - Cryptographic API;

    - GPU drivers;

    - HID subsystem;

    - I2C subsystem;

    - IRQ chip drivers;

    - Multiple devices driver;

    - Media drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - PCI subsystem;

    - SCSI drivers;

    - Freescale SoC drivers;

    - SPI subsystem;

    - Media staging drivers;

    - TTY drivers;

    - USB subsystem;

    - VFIO drivers;

    - Framebuffer layer;

    - Xen hypervisor drivers;

    - File systems infrastructure;

    - BTRFS file system;

    - Ext4 file system;

    - FAT file system;

    - NILFS2 file system;

    - Diskquota system;

    - SMB network file system;

    - UBI file system;

    - io_uring subsystem;

    - BPF subsystem;

    - Core kernel;

    - Memory management;

    - B.A.T.M.A.N. meshing protocol;

    - Bluetooth subsystem;

    - Networking core;

    - HSR network protocol;

    - IPv4 networking;

    - IPv6 networking;

    - MAC80211 subsystem;

    - Netfilter;

    - NET/ROM layer;

    - NFC subsystem;

    - Open vSwitch;

    - Packet sockets;

    - RDS protocol;

    - Network traffic control;

    - Sun RPC protocol;

    - Unix domain sockets;

    - ALSA SH drivers;

    - USB sound devices;

    - KVM core; (CVE-2024-27076, CVE-2024-35849, CVE-2024-35899, CVE-2024-27038, CVE-2024-35982,     CVE-2024-26687, CVE-2024-26863, CVE-2024-36004, CVE-2024-27004, CVE-2024-27065, CVE-2024-36020,     CVE-2024-27000, CVE-2024-26981, CVE-2024-26973, CVE-2024-35922, CVE-2024-35969, CVE-2024-26851,     CVE-2023-52880, CVE-2024-35813, CVE-2024-26859, CVE-2024-27078, CVE-2024-27020, CVE-2024-35809,     CVE-2024-27001, CVE-2024-26969, CVE-2024-26993, CVE-2024-35935, CVE-2024-35815, CVE-2024-26931,     CVE-2024-35823, CVE-2024-26984, CVE-2024-27024, CVE-2024-27419, CVE-2024-27008, CVE-2024-35825,     CVE-2023-52644, CVE-2024-35933, CVE-2024-35830, CVE-2024-35900, CVE-2024-27046, CVE-2024-26651,     CVE-2024-27013, CVE-2024-27437, CVE-2024-26966, CVE-2024-26974, CVE-2024-26889, CVE-2024-26862,     CVE-2024-27043, CVE-2024-35852, CVE-2024-35821, CVE-2024-35886, CVE-2024-35888, CVE-2023-52699,     CVE-2024-35997, CVE-2024-26586, CVE-2024-35898, CVE-2024-26934, CVE-2024-35915, CVE-2024-35897,     CVE-2024-35973, CVE-2024-27028, CVE-2024-26874, CVE-2024-26923, CVE-2024-26937, CVE-2024-26857,     CVE-2024-26855, CVE-2024-35893, CVE-2024-26810, CVE-2024-35910, CVE-2024-26820, CVE-2024-27075,     CVE-2024-26816, CVE-2024-26642, CVE-2024-35936, CVE-2024-27073, CVE-2024-35853, CVE-2024-26965,     CVE-2023-52650, CVE-2024-27396, CVE-2024-26999, CVE-2024-35855, CVE-2024-26880, CVE-2024-26901,     CVE-2024-26894, CVE-2024-26884, CVE-2024-35950, CVE-2024-26957, CVE-2024-27395, CVE-2024-35819,     CVE-2024-35978, CVE-2024-36007, CVE-2024-35805, CVE-2024-27436, CVE-2023-52620, CVE-2023-52656,     CVE-2024-36006, CVE-2024-35877, CVE-2024-26898, CVE-2024-26935, CVE-2024-35828, CVE-2024-26875,     CVE-2024-26654, CVE-2024-35930, CVE-2024-26817, CVE-2024-27388, CVE-2024-26828, CVE-2024-35984,     CVE-2024-26812, CVE-2024-35807, CVE-2024-35854, CVE-2024-26878, CVE-2024-26883, CVE-2024-27077,     CVE-2024-26922, CVE-2024-27059, CVE-2024-35955, CVE-2024-26903, CVE-2024-35895, CVE-2024-35925,     CVE-2024-26882, CVE-2022-48627, CVE-2024-35847, CVE-2024-26813, CVE-2024-26994, CVE-2024-35806,     CVE-2024-26926, CVE-2024-35822, CVE-2024-27074, CVE-2024-26976, CVE-2024-26955, CVE-2024-27044,     CVE-2024-35789, CVE-2024-27030, CVE-2024-26852, CVE-2024-27053, CVE-2024-35960, CVE-2024-26956,     CVE-2024-35944)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    kernel:ACPI: CPPC: Use access_width over bit_width for system memory accesses(CVE-2024-35995)

    ACPI: LPIT: Avoid u32 multiplication overflow(CVE-2023-52683)

    ACPI: video: check for error while searching for backlight device parent(CVE-2023-52693)

    bpf: Fix stackmap overflow check on 32-bit arches(CVE-2024-36949)

    kernel: block: fix overflow in blk_ioctl_discard()(CVE-2024-36917)

    kernel:block: prevent division by zero in blk_rq_stat_sum()(CVE-2024-35925)

    bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue(CVE-2024-36938)

    bpf, sockmap: Prevent lock inversion deadlock in map delete elem(CVE-2024-35895)

    kernel:calipso: fix memory leak in netlbl_calipso_add_pass()(CVE-2023-52698)

    drm/amd/display: Avoid NULL dereference of timing generator(CVE-2023-52753)

    drm/amd/display: Skip on writeback when it's not applicable(CVE-2024-36914)

    kernel:erspan: make sure erspan_base_hdr is present in skb-head(CVE-2024-35888)

    kernel: ext4: fix corruption during on-line resize(CVE-2024-35807)

    kernel: ext4: fix possible UAF when remounting r/o a mmp-protected file system(CVE-2021-47342)

    firewire: ohci: mask bus reset interrupts between ISR and bottom half(CVE-2024-36950)

    gfs2: ignore negated quota changes(CVE-2023-52759)

    kernel:HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up(CVE-2024-35997)

    kernel:i2c: smbus: fix NULL function pointer dereference(CVE-2024-35984)

    kernel:i40e: Do not use WQ_MEM_RECLAIM flag for workqueue(CVE-2024-36004)

    kernel:ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()(CVE-2024-36902)

    kernel:ipv6: Fix infinite recursion in fib6_dump_done().(CVE-2024-35886)

    kernel:ipv6: prevent NULL dereference in ip6_output()(CVE-2024-36901)

    kernel:ipvlan: add ipvlan_route_v6_outbound() helper(CVE-2023-52796)

    kernel: md/dm-raid: don#39;t call md_reap_sync_thread() directly(CVE-2024-35808)

    media: bttv: fix use after free error due to btv-timeout timer(CVE-2023-52847)

    media: gspca: cpia1: shift-out-of-bounds in set_flicker(CVE-2023-52764)

    mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update(CVE-2024-35855)

    mlxsw: spectrum_acl_tcam: Fix warning during rehash(CVE-2024-36007)

    kernel:net/mlx5: Properly link new fs rules into the tree(CVE-2024-35960)

    kernel:net/mlx5e: fix a double-free in arfs_create_groups(CVE-2024-35835)

    kernel:net: fix __dst_negative_advice() race(CVE-2024-36971)

    kernel:net: fix out-of-bounds access in ops_init(CVE-2024-36883)

    kernel:netfilter: validate user input for expected length(CVE-2024-35896)

    NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds(CVE-2021-46952)

    nsh: Restore skb-{protocol,data,mac_header} for outer header in nsh_gso_segment().(CVE-2024-36933)

    nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells(CVE-2021-47497)

    kernel: PCI/PM: Drain runtime-idle callbacks before driver removal(CVE-2024-35809)

    kernel: pinctrl: core: delete incorrect free in pinctrl_enable()(CVE-2024-36940)

    platform/x86: wmi: Fix opening of char device(CVE-2023-52864)

    ppdev: Add an error check in register_device(CVE-2024-36015)

    kernel:RDMA: Verify port when creating flow rule(CVE-2021-47265)

    kernel:ring-buffer: Fix a race between readers and resize checks(CVE-2024-38601)

    kernel: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload(CVE-2024-36919)

    kernel:scsi: iscsi: Fix iscsi_task use after free(CVE-2021-47427)

    kernel:scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()(CVE-2024-36924)

    kernel: selinux: avoid dereference of garbage after mount failure(CVE-2024-35904)

    kernel: smb: client: fix use-after-free bug in cifs_debug_data_proc_show()(CVE-2023-52752)

    kernel:tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets(CVE-2024-36905)

    kernel:tcp: properly terminate timers for kernel sockets(CVE-2024-35910)

    kernel:tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().(CVE-2024-36904)

    kernel: thermal: core: prevent potential string overflow(CVE-2023-52868)

    tipc: fix a possible memleak in tipc_buf_append(CVE-2024-36954)

    tipc: fix UAF in error path(CVE-2024-36886)

    kernel:tty: n_gsm: fix possible out-of-bounds in gsm0_receive()(CVE-2024-36016)

    virtio-blk: fix implicit overflow on virtio_max_dma_size(CVE-2023-52762)

    wifi: mac80211: don't return unset power in ieee80211_get_tx_power()(CVE-2023-52832)

    kernel:llc: verify mac len before reading mac header(CVE-2023-52843)

    x86/mm/pat: fix VM_PAT handling in COW mappings(CVE-2024-35877)

    drm/client: Fully protect modes[] with dev-mode_config.mutex(CVE-2024-35950)

    mlxsw: spectrum_acl_tcam: Fix incorrect list API usage(CVE-2024-36006)

    net: bridge: fix vlan tunnel dst refcnt when egressing(CVE-2021-47222)

    net: bridge: fix vlan tunnel dst null pointer dereference(CVE-2021-47223)

    KVM: x86: Immediately reset the MMU context when the SMM flag is cleared(CVE-2021-47230)

    kernel:net: cdc_eem: fix tx fixup skb leak(CVE-2021-47236)

    net: ipv4: fix memory leak in ip_mc_add1_src(CVE-2021-47238)

    netfilter: synproxy: Fix out of bounds when parsing TCP options(CVE-2021-47245)

    udp: fix race between close() and udp_abort()(CVE-2021-47248)

    net: ipv4: fix memory leak in netlbl_cipsov4_add_std(CVE-2021-47250)

    kvm: LAPIC: Restore guard to prevent illegal APIC register access(CVE-2021-47255)

    NFS: Fix use-after-free in nfs4_init_client()(CVE-2021-47259)

    kernel: IB/mlx5: Fix initializing CQ fragments buffer(CVE-2021-47261)

    ftrace: Do not blindly read the ip address in ftrace_bug()(CVE-2021-47276)

    kernel:kvm: avoid speculation-based attacks from out-of-range memslot accesses(CVE-2021-47277)

    kernel: drm: Fix use-after-free read in drm_getunique()(CVE-2021-47280)

    isdn: mISDN: netjet: Fix crash in nj_probe(CVE-2021-47284)

    media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()(CVE-2021-47288)

    net/sched: act_skbmod: Skip non-Ethernet packets(CVE-2021-47293)

    kernel:igb: Fix use-after-free error during reset(CVE-2021-47301)

    igc: Fix use-after-free error during reset(CVE-2021-47302)

    scsi: libfc: Fix array index out of bound exception(CVE-2021-47308)

    virtio-blk: Fix memory leak among suspend/resume procedure(CVE-2021-47319)

    scsi: iscsi: Fix conn use after free during resets(CVE-2021-47328)

    kernel:scsi: megaraid_sas: Fix resource leak in case of probe failure(CVE-2021-47329)

    KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio(CVE-2021-47341)

    kernel: udf: Fix NULL pointer dereference in udf_symlink function(CVE-2021-47353)

    bpf: Add oversize check before call kvcalloc()(CVE-2021-47376)

    mac80211: limit injected vht mcs     ss in ieee80211_parse_tx_radiotap(CVE-2021-47395)

    kernel:sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb(CVE-2021-47397)

    ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup(CVE-2021-47399)

    HID: usbhid: free raw_report buffers in usbhid_stop(CVE-2021-47405)

    KVM: x86: Handle SRCU initialization failure during page track init(CVE-2021-47407)

    phy: mdio: fix memory leak(CVE-2021-47416)

    net_sched: fix NULL deref in fifo_set_limit()(CVE-2021-47418)

    i40e: Fix freeing of uninitialized misc IRQ vector(CVE-2021-47424)

    kernel:i2c: acpi: fix resource leak in reconfiguration device addition(CVE-2021-47425)

    xhci: Fix command ring pointer corruption while aborting a command(CVE-2021-47434)

    kernel:net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path(CVE-2021-47438)

    can: peak_pci: peak_pci_remove(): fix UAF(CVE-2021-47456)

    audit: fix possible null-pointer dereference in audit_filter_rules(CVE-2021-47464)

    kernel: mm, slub: fix potential memoryleak in kmem_cache_open()(CVE-2021-47466)

    isdn: mISDN: Fix sleeping function called from invalid context(CVE-2021-47468)

    kernel: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()(CVE-2021-47473)

    kernel: isofs: Fix out of bound access for corrupted isofs image(CVE-2021-47478)

    kernel:regmap: Fix possible double-free in regcache_rbtree_exit()(CVE-2021-47483)

    kernel:usbnet: sanity check for maxpacket(CVE-2021-47495)

    net/tls: Fix flipped sign in tls_err_abort() calls(CVE-2021-47496)

    kernel:i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc(CVE-2021-47501)

    ALSA: pcm: oss: Fix negative period/buffer sizes(CVE-2021-47511)

    kernel:nfp: Fix memory leak in nfp_cpp_area_cache_add()(CVE-2021-47516)

    serial: core: fix transmit-buffer reset and memleak(CVE-2021-47527)

    kernel:net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()(CVE-2021-47541)

    tcp: fix page frag corruption on page fault(CVE-2021-47544)

    kernel: scsi: mpt3sas: Fix kernel panic during drive powercycle test(CVE-2021-47565)

    scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()(CVE-2021-47576)

    ovl: fix warning in ovl_create_real()(CVE-2021-47579)

    media: mxl111sf: change mutex_init() location(CVE-2021-47583)

    sit: do not call ipip6_dev_free() from sit_init_net()(CVE-2021-47588)

    igbvf: fix double free in `igbvf_probe`(CVE-2021-47589)

    kernel:inet_diag: fix kernel-infoleak for UDP sockets(CVE-2021-47597)

    mac80211: track only QoS data frames for admission control(CVE-2021-47602)

    net: netlink: af_netlink: Prevent empty skb by adding a check on len.(CVE-2021-47606)

    PCI: pciehp: Fix infinite loop in IRQ handler upon power fault(CVE-2021-47617)

    kernel:i40e: Fix queues reservation for XDP(CVE-2021-47619)

    kernel: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe(CVE-2022-48715)

    drm     ouveau: fix off by one in BIOS boundary checking(CVE-2022-48732)

    rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()(CVE-2022-48742)

    net: amd-xgbe: Fix skb data length underflow(CVE-2022-48743)

    kernel:net/mlx5e: Avoid field-overflowing memcpy()(CVE-2022-48744)

    kernel:block: Fix wrong offset in bio_truncate()(CVE-2022-48747)

    phylib: fix potential use-after-free(CVE-2022-48754)

    net: fix information leakage in /proc/net/ptype(CVE-2022-48757)

    scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()(CVE-2022-48758)

    USB: core: Fix hang in usb_kill_urb by adding memory barriers(CVE-2022-48760)

    media: lgdt3306a: Add a check against null-pointer-def(CVE-2022-48772)

    Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj(CVE-2022-48775)

    vsock: remove vsock from connected table when connect is interrupted by a signal(CVE-2022-48786)

    nvme-rdma: fix possible use-after-free in transport error_recovery work(CVE-2022-48788)

    nvme-tcp: fix possible use-after-free in transport error_recovery work(CVE-2022-48789)

    nvme: fix a possible use-after-free in controller reset during load(CVE-2022-48790)

    kernel:vt_ioctl: fix array_index_nospec in vt_setactivate(CVE-2022-48804)

    net: fix a memleak when uncloning an skb dst and its metadata(CVE-2022-48809)

    ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path(CVE-2022-48810)

    scsi: qedf: Fix refcount issue when LOGO is received during TMF(CVE-2022-48823)

    NFSD: Fix ia_size underflow(CVE-2022-48828)

    Input: aiptek - properly check endpoint type(CVE-2022-48836)

    net/packet: fix slab-out-of-bounds access in packet_recvmsg()(CVE-2022-48839)

    drm/vrr: Set VRR capable prop only if it is attached to connector(CVE-2022-48843)

    net-sysfs: add check for netdevice being present to speed_show(CVE-2022-48850)

    kernel:sctp: fix kernel-infoleak for SCTP sockets(CVE-2022-48855)

    tipc: fix kernel panic when enabling bearer(CVE-2022-48865)

    The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in     the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local     access, this 'could be exploited in a real world scenario.' This is related to     brcmf_cfg80211_escan_timeout_worker in     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.(CVE-2023-47233)

    kernel:net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path(CVE-2023-52703)

    sched/psi: Fix use-after-free in ep_remove_wait_queue()(CVE-2023-52707)

    mmc: sdio: fix possible resource leaks in some error paths(CVE-2023-52730)

    cifs: Fix use-after-free in rdata-read_into_pages()(CVE-2023-52741)

    IB/hfi1: Restore allocated resources on failed copyout(CVE-2023-52747)

    media: imon: fix access to invalid resource for the second interface(CVE-2023-52754)

    kernel:SUNRPC: Fix RPC client cleaned up the freed pipefs dentries(CVE-2023-52803)

    scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()(CVE-2023-52809)

    kernel: crypto: pcrypt - Fix hungtask for PADATA_RESET(CVE-2023-52813)

    atl1c: Work around the DMA RX overflow issue(CVE-2023-52834)

    tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING(CVE-2023-52845)

    tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc(CVE-2023-52880)

    kernel:tcp: do not accept ACK of bytes we never sent(CVE-2023-52881)

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious     actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL     pointer dereference in the NVMe driver, causing kernel panic and a denial of service.(CVE-2023-6536)

    In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to     drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.(CVE-2024-23848)

    A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function.
    This can result in a bluetooth sniffing exception issue, possibly leading denial of     service.(CVE-2024-24859)

    ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr()(CVE-2024-27417)

    genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline(CVE-2024-31076)

    ipvlan: Dont Use skb-sk in ipvlan_process_v{4,6}_outbound(CVE-2024-33621)

    kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes(CVE-2024-35789)

    kernel:fix lockup in dm_exception_table_exit  There was reported lockup(CVE-2024-35805)

    wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach(CVE-2024-35811)

    mlxsw: spectrum_acl_tcam: Fix memory leak during rehash(CVE-2024-35853)

    net/sched: act_skbmod: prevent kernel-infoleak(CVE-2024-35893)

    netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()(CVE-2024-35898)

    kernel:scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()  (CVE-2024-35930)

    dyndbg: fix old BUG_ON in control parser(CVE-2024-35947)

    kernel:netfilter: complete validation of user input(CVE-2024-35962)

    kernel:ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr(CVE-2024-35969)

    xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING(CVE-2024-35976)

    rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation(CVE-2024-36017)

    netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()(CVE-2024-36286)

    wifi: nl80211: don't free NULL coalescing rule(CVE-2024-36941)

    kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up(CVE-2024-36952)

    drm/vmwgfx: Fix invalid reads in fence signaled events(CVE-2024-36960)

    kernel:virtio: delete vq in vp_find_vqs_msix() when request_irq() fails(CVE-2024-37353)

    kernel:tcp: Fix shift-out-of-bounds in dctcp_update_alpha().(CVE-2024-37356)

    kernel:net: bridge: xmit: make sure we have at least eth header len bytes(CVE-2024-38538)

    drm/amd/display: Fix potential index out of bounds in color transformation function(CVE-2024-38552)

    net: openvswitch: fix overwriting ct original tuple for ICMPv6(CVE-2024-38558)

    kernel:scsi: qedf: Ensure the copied buf is NUL terminated(CVE-2024-38559)

    kernel:ftrace: Fix possible use-after-free issue in ftrace_location()(CVE-2024-38588)

    kernel:af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg(CVE-2024-38596)

    kernel: ext4: fix mb_cache_entry#39;s e_refcnt leak in ext4_xattr_block_cache_find()(CVE-2024-39276)

    kernel:kdb: Fix buffer overflow during tab-complete(CVE-2024-39480)

    kernel:bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()(CVE-2024-39487)

    crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak(CVE-2024-39493)

    kernel:ima: Fix use-after-free on a dentry's dname.name(CVE-2024-39494)

    vmci: prevent speculation leaks by sanitizing event in event_deliver()(CVE-2024-39499)

    drivers: core: synchronize really_probe() and dev_uevent()(CVE-2024-39501)

    scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory(CVE-2024-40901)

    kernel:USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages(CVE-2024-40904)

    kernel:ipv6: prevent possible NULL dereference in rt6_probe()(CVE-2024-40960)

    scsi: qedi: Fix crash while reading debugfs attribute(CVE-2024-40978)

    kernel:ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.(CVE-2024-40984)

    kernel:net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()(CVE-2024-40995)

    kernel:ext4: fix uninitialized ratelimit_state-lock access in __ext4_fill_super()(CVE-2024-40998)

    kernel:netpoll: Fix race condition in netpoll_owner_active(CVE-2024-41005)

    kernel:tcp: avoid too many retransmit packets(CVE-2024-41007)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6896-1 advisory.

    It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition,     leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or     possibly execute arbitrary code. (CVE-2023-6270)

    It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data     structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial     of service. (CVE-2023-7042)

    Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race     condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of     service (system crash). (CVE-2024-22099)

    Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition,     leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a     denial of service (system crash). (CVE-2024-23307)

    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when     modifying certain settings values through debugfs. A privileged local attacker could use this to cause a     denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

    Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a     race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause     a denial of service (system crash). (CVE-2024-24861)

    Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did     not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this     to cause a denial of service (system crash). (CVE-2024-25739)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - x86 architecture;

    - Block layer subsystem;

    - Accessibility subsystem;

    - ACPI drivers;

    - Android drivers;

    - Bluetooth drivers;

    - Clock framework and drivers;

    - Data acquisition framework and drivers;

    - Cryptographic API;

    - GPU drivers;

    - HID subsystem;

    - I2C subsystem;

    - IRQ chip drivers;

    - Multiple devices driver;

    - Media drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - PCI subsystem;

    - SCSI drivers;

    - Freescale SoC drivers;

    - SPI subsystem;

    - Media staging drivers;

    - TTY drivers;

    - USB subsystem;

    - VFIO drivers;

    - Framebuffer layer;

    - Xen hypervisor drivers;

    - File systems infrastructure;

    - BTRFS file system;

    - Ext4 file system;

    - FAT file system;

    - NILFS2 file system;

    - Diskquota system;

    - SMB network file system;

    - UBI file system;

    - io_uring subsystem;

    - BPF subsystem;

    - Core kernel;

    - Memory management;

    - B.A.T.M.A.N. meshing protocol;

    - Bluetooth subsystem;

    - Networking core;

    - HSR network protocol;

    - IPv4 networking;

    - IPv6 networking;

    - MAC80211 subsystem;

    - Netfilter;

    - NET/ROM layer;

    - NFC subsystem;

    - Open vSwitch;

    - Packet sockets;

    - RDS protocol;

    - Network traffic control;

    - Sun RPC protocol;

    - Unix domain sockets;

    - ALSA SH drivers;

    - USB sound devices;

    - KVM core; (CVE-2024-35969, CVE-2024-35819, CVE-2024-26851, CVE-2024-26816, CVE-2024-26643,     CVE-2023-52656, CVE-2024-27020, CVE-2024-35821, CVE-2024-35930, CVE-2024-35936, CVE-2024-27075,     CVE-2024-26817, CVE-2024-26984, CVE-2024-35895, CVE-2024-35853, CVE-2024-27043, CVE-2024-35978,     CVE-2024-35960, CVE-2024-26882, CVE-2024-35806, CVE-2024-35830, CVE-2024-26852, CVE-2024-35915,     CVE-2024-36006, CVE-2024-35935, CVE-2024-26926, CVE-2024-35877, CVE-2024-27396, CVE-2024-26654,     CVE-2024-27077, CVE-2024-27078, CVE-2024-27000, CVE-2024-35888, CVE-2024-27437, CVE-2024-26994,     CVE-2024-26973, CVE-2024-26687, CVE-2024-26955, CVE-2024-26898, CVE-2024-26859, CVE-2023-52620,     CVE-2024-35893, CVE-2024-26903, CVE-2024-26862, CVE-2024-35950, CVE-2023-52644, CVE-2024-26969,     CVE-2024-27028, CVE-2024-35984, CVE-2024-36007, CVE-2024-35925, CVE-2024-36020, CVE-2024-26956,     CVE-2024-35789, CVE-2024-26878, CVE-2024-35855, CVE-2024-35822, CVE-2023-52699, CVE-2024-27044,     CVE-2024-27030, CVE-2024-27065, CVE-2024-26993, CVE-2024-27395, CVE-2024-27013, CVE-2024-35922,     CVE-2024-26586, CVE-2024-36004, CVE-2024-35897, CVE-2024-35807, CVE-2024-26901, CVE-2024-27076,     CVE-2023-52880, CVE-2022-48627, CVE-2024-26894, CVE-2023-52650, CVE-2024-27001, CVE-2024-26863,     CVE-2024-26651, CVE-2024-35886, CVE-2024-35982, CVE-2024-26883, CVE-2024-26935, CVE-2024-27074,     CVE-2024-35849, CVE-2024-35955, CVE-2024-26965, CVE-2024-35898, CVE-2024-26855, CVE-2024-35933,     CVE-2024-35823, CVE-2024-35815, CVE-2024-26880, CVE-2024-26874, CVE-2024-26642, CVE-2024-26937,     CVE-2024-35854, CVE-2024-35997, CVE-2024-27059, CVE-2024-26812, CVE-2024-26999, CVE-2024-26923,     CVE-2024-26934, CVE-2024-27024, CVE-2024-27419, CVE-2024-35847, CVE-2024-26974, CVE-2024-26875,     CVE-2024-35805, CVE-2024-27008, CVE-2024-26889, CVE-2024-27053, CVE-2024-27388, CVE-2024-26981,     CVE-2024-26976, CVE-2024-35973, CVE-2024-35852, CVE-2024-35809, CVE-2024-27004, CVE-2024-26884,     CVE-2024-35899, CVE-2024-26931, CVE-2024-35813, CVE-2024-26922, CVE-2024-26957, CVE-2024-35944,     CVE-2024-27038, CVE-2024-35910, CVE-2024-26925, CVE-2024-26820, CVE-2024-26857, CVE-2024-26828,     CVE-2024-35825, CVE-2024-26813, CVE-2024-27046, CVE-2024-26810, CVE-2024-27436, CVE-2024-27073,     CVE-2024-35828, CVE-2024-35900, CVE-2024-26966)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3840 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3840-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     June 25, 2024                                 https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux     Version        : 4.19.316-1     CVE ID         : CVE-2021-33630 CVE-2022-48627 CVE-2023-0386 CVE-2023-6040                      CVE-2023-6270 CVE-2023-7042 CVE-2023-46838 CVE-2023-47233                      CVE-2023-52340 CVE-2023-52429 CVE-2023-52436 CVE-2023-52439                      CVE-2023-52443 CVE-2023-52444 CVE-2023-52445 CVE-2023-52449                      CVE-2023-52464 CVE-2023-52469 CVE-2023-52470 CVE-2023-52486                      CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52599                      CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603                      CVE-2023-52604 CVE-2023-52609 CVE-2023-52612 CVE-2023-52615                      CVE-2023-52619 CVE-2023-52620 CVE-2023-52622 CVE-2023-52623                      CVE-2023-52628 CVE-2023-52644 CVE-2023-52650 CVE-2023-52670                      CVE-2023-52679 CVE-2023-52683 CVE-2023-52691 CVE-2023-52693                      CVE-2023-52698 CVE-2023-52699 CVE-2023-52880 CVE-2024-0340                      CVE-2024-0607 CVE-2024-1086 CVE-2024-22099 CVE-2024-23849                      CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861                      CVE-2024-25739 CVE-2024-26597 CVE-2024-26600 CVE-2024-26602                      CVE-2024-26606 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633                      CVE-2024-26635 CVE-2024-26636 CVE-2024-26642 CVE-2024-26645                      CVE-2024-26651 CVE-2024-26663 CVE-2024-26664 CVE-2024-26671                      CVE-2024-26675 CVE-2024-26679 CVE-2024-26685 CVE-2024-26696                      CVE-2024-26697 CVE-2024-26704 CVE-2024-26720 CVE-2024-26722                      CVE-2024-26735 CVE-2024-26744 CVE-2024-26752 CVE-2024-26754                      CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26772                      CVE-2024-26773 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779                      CVE-2024-26791 CVE-2024-26793 CVE-2024-26801 CVE-2024-26805                      CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825                      CVE-2024-26839 CVE-2024-26840 CVE-2024-26845 CVE-2024-26851                      CVE-2024-26852 CVE-2024-26857 CVE-2024-26859 CVE-2024-26863                      CVE-2024-26874 CVE-2024-26875 CVE-2024-26878 CVE-2024-26880                      CVE-2024-26883 CVE-2024-26884 CVE-2024-26889 CVE-2024-26894                      CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917                      CVE-2024-26922 CVE-2024-26923 CVE-2024-26931 CVE-2024-26934                      CVE-2024-26955 CVE-2024-26956 CVE-2024-26965 CVE-2024-26966                      CVE-2024-26969 CVE-2024-26973 CVE-2024-26974 CVE-2024-26976                      CVE-2024-26981 CVE-2024-26984 CVE-2024-26993 CVE-2024-26994                      CVE-2024-26997 CVE-2024-27001 CVE-2024-27008 CVE-2024-27013                      CVE-2024-27020 CVE-2024-27024 CVE-2024-27028 CVE-2024-27043                      CVE-2024-27046 CVE-2024-27059 CVE-2024-27074 CVE-2024-27075                      CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27395                      CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27401                      CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413                      CVE-2024-27416 CVE-2024-27419 CVE-2024-27436 CVE-2024-31076                      CVE-2024-33621 CVE-2024-35789 CVE-2024-35806 CVE-2024-35807                      CVE-2024-35809 CVE-2024-35811 CVE-2024-35815 CVE-2024-35819                      CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825                      CVE-2024-35828 CVE-2024-35830 CVE-2024-35835 CVE-2024-35847                      CVE-2024-35849 CVE-2024-35877 CVE-2024-35886 CVE-2024-35888                      CVE-2024-35893 CVE-2024-35898 CVE-2024-35902 CVE-2024-35910                      CVE-2024-35915 CVE-2024-35922 CVE-2024-35925 CVE-2024-35930                      CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35944                      CVE-2024-35947 CVE-2024-35955 CVE-2024-35960 CVE-2024-35969                      CVE-2024-35973 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984                      CVE-2024-35997 CVE-2024-36004 CVE-2024-36014 CVE-2024-36015                      CVE-2024-36016 CVE-2024-36017 CVE-2024-36020 CVE-2024-36286                      CVE-2024-36288 CVE-2024-36883 CVE-2024-36886 CVE-2024-36902                      CVE-2024-36904 CVE-2024-36905 CVE-2024-36919 CVE-2024-36933                      CVE-2024-36934 CVE-2024-36940 CVE-2024-36941 CVE-2024-36946                      CVE-2024-36950 CVE-2024-36954 CVE-2024-36959 CVE-2024-36960                      CVE-2024-36964 CVE-2024-36971 CVE-2024-37353 CVE-2024-37356                      CVE-2024-38381 CVE-2024-38549 CVE-2024-38552 CVE-2024-38558                      CVE-2024-38559 CVE-2024-38560 CVE-2024-38565 CVE-2024-38567                      CVE-2024-38578 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583                      CVE-2024-38587 CVE-2024-38589 CVE-2024-38596 CVE-2024-38598                      CVE-2024-38599 CVE-2024-38601 CVE-2024-38612 CVE-2024-38618                      CVE-2024-38621 CVE-2024-38627 CVE-2024-38633 CVE-2024-38634                      CVE-2024-38637 CVE-2024-38659 CVE-2024-38780 CVE-2024-39292

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For Debian 10 buster, these problems have been fixed in version     4.19.316-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
    - CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
    - CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
    - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
    - CVE-2023-42755: Check user supplied offsets (bsc#1215702).
    - CVE-2023-52586: Fixed  mutex lock in control vblank irq (bsc#1221081).
    - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
    - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
    - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
    - CVE-2023-52660: Fiedx IRQ handling due to shared interrupts  (bsc#1224443).
    - CVE-2023-52664: Eliminate double free in error handling logic  (bsc#1224747).
    - CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
    - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put()  (bsc#1224727).
    - CVE-2023-52680: Fixed missing error checks to *_ctl_get()  (bsc#1224608).
    - CVE-2023-52692: Fixed missing error check to  scarlett2_usb_set_config() (bsc#1224628).
    - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass()  (bsc#1224621)
    - CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr()  (bsc#1225114)
    - CVE-2023-52757: Fixed potential deadlock when releasing mids  (bsc#1225548).
    - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe()  (bsc#1225085).
    - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
    - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce  info is read via debugfs     (bsc#1225097).
    - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
    - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's     deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on     (bsc#1218447).
    - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
    - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous  set with timeout (bsc#1221829).
    - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
    - CVE-2024-26692: Fixed regression in writes when non-standard maximum write  size negotiated     (bsc#1222464).
    - CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870)
    - CVE-2024-26715: Fixed NULL pointer dereference in  dwc3_gadget_suspend (bsc#1222561).
    - CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes  bsc#1222608).
    - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
    - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
    - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
    - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
    - CVE-2024-26822: Set correct id, uid and cruid for multiuser  automounts (bsc#1223011).
    - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
    - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
    - CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
    - CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
    - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
    - CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
    - CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
    - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
    - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
    - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
    - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
    - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
    - CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'     (bsc#1223823).
    - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
    - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
    - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
    - CVE-2024-27401: Fixed user_length taken into account when  fetching packet contents (bsc#1224181).
    - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
    - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr()  (bsc#1224721)
    - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read  (bsc#1224759)
    - CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running  XDP program (bsc#1224718).
    - CVE-2024-35791: Flush pages under kvm->lock to fix UAF in  svm_register_enc_region() (bsc#1224725).
    - CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
    - CVE-2024-35804: Mark target gfn of emulated atomic instruction as  dirty (bsc#1224638).
    - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
    - CVE-2024-35852: Fixed memory leak when canceling rehash  work (bsc#1224502).
    - CVE-2024-35854: Fixed possible use-after-free during  rehash (bsc#1224636).
    - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround  (bsc#1224531).
    - CVE-2024-35861: Fixed potential UAF in  cifs_signal_cifsd_for_reconnect() (bsc#1224766).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()  (bsc#1224764).
    - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()  (bsc#1224765,).
    - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break()  (bsc#1224668).
    - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key()  (bsc#1224667).
    - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
    - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
    - CVE-2024-35869: Guarantee refcounted children from parent session  (bsc#1224679).
    - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020,  bsc#1224672).
    - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios  (bsc#1224530).
    - CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
    - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
    - CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf()  (bsc#1224671).
    - CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
    - CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
    - CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
    - CVE-2024-35905: Fixed int overflow for stack access size  (bsc#1224488).
    - CVE-2024-35907: Call request_irq() after NAPI initialized  (bsc#1224492).
    - CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
    - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
    - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
    - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host()  (bsc#1224648).
    - CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
    - CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
    - CVE-2024-35964: Fixed not validating setsockopt user input  (bsc#1224581).
    - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr  (bsc#1224580).
    - CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb  (bsc#1224586).
    - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING  (bsc#1224575).
    - CVE-2024-35998: Fixed lock ordering potential deadlock in  cifs_sync_mid_result (bsc#1224549).
    - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
    - CVE-2024-36006: Fixed incorrect list API usage  (bsc#1224541).
    - CVE-2024-36007: Fixed warning during rehash  (bsc#1224543).
    - CVE-2024-36938: Fixed NULL pointer dereference in  sk_psock_skb_ingress_enqueue (bsc#1225761).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6919-1 advisory.

    Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error     conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this     vulnerability to cause a denial of service. (CVE-2022-38096)

    It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition,     leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or     possibly execute arbitrary code. (CVE-2023-6270)

    It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data     structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial     of service. (CVE-2023-7042)

    It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer     dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
    (CVE-2024-0841)

    It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux     kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker     could use this to cause a denial of service. (CVE-2024-21823)

    Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race     condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of     service (system crash). (CVE-2024-22099)

    Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition,     leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a     denial of service (system crash). (CVE-2024-23307)

    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when     modifying certain settings values through debugfs. A privileged local attacker could use this to cause a     denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

    Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a     race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause     a denial of service (system crash). (CVE-2024-24861)

    Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did     not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this     to cause a denial of service (system crash). (CVE-2024-25739)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM32 architecture;

    - ARM64 architecture;

    - RISC-V architecture;

    - x86 architecture;

    - Block layer subsystem;

    - Accessibility subsystem;

    - ACPI drivers;

    - Android drivers;

    - Bluetooth drivers;

    - Clock framework and drivers;

    - Data acquisition framework and drivers;

    - CPU frequency scaling framework;

    - Cryptographic API;

    - DMA engine subsystem;

    - EFI core;

    - GPU drivers;

    - HID subsystem;

    - I2C subsystem;

    - InfiniBand drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - Multiple devices driver;

    - Media drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - NTB driver;

    - NVME drivers;

    - Device tree and open firmware driver;

    - PCI subsystem;

    - MediaTek PM domains;

    - Power supply drivers;

    - S/390 drivers;

    - SCSI drivers;

    - Freescale SoC drivers;

    - SPI subsystem;

    - Media staging drivers;

    - TCM subsystem;

    - Trusted Execution Environment drivers;

    - TTY drivers;

    - USB subsystem;

    - VFIO drivers;

    - Framebuffer layer;

    - Xen hypervisor drivers;

    - AFS file system;

    - File systems infrastructure;

    - BTRFS file system;

    - EROFS file system;

    - Ext4 file system;

    - F2FS file system;

    - FAT file system;

    - Network file system client;

    - Network file system server daemon;

    - NILFS2 file system;

    - NTFS3 file system;

    - Pstore file system;

    - Diskquota system;

    - SMB network file system;

    - UBI file system;

    - BPF subsystem;

    - Netfilter;

    - TLS protocol;

    - io_uring subsystem;

    - Core kernel;

    - PCI iomap interfaces;

    - Memory management;

    - B.A.T.M.A.N. meshing protocol;

    - Bluetooth subsystem;

    - Ethernet bridge;

    - Networking core;

    - Distributed Switch Architecture;

    - HSR network protocol;

    - IPv4 networking;

    - IPv6 networking;

    - L2TP protocol;

    - MAC80211 subsystem;

    - IEEE 802.15.4 subsystem;

    - Multipath TCP;

    - Netlink;

    - NET/ROM layer;

    - NFC subsystem;

    - Open vSwitch;

    - Packet sockets;

    - RDS protocol;

    - Network traffic control;

    - SMC sockets;

    - Sun RPC protocol;

    - Unix domain sockets;

    - Wireless networking;

    - eXpress Data Path;

    - ALSA SH drivers;

    - USB sound devices;

    - KVM core; (CVE-2024-26984, CVE-2024-26838, CVE-2024-26925, CVE-2024-26790, CVE-2024-26955,     CVE-2024-27431, CVE-2024-26737, CVE-2024-27044, CVE-2024-26964, CVE-2024-26880, CVE-2024-26926,     CVE-2024-26843, CVE-2024-26735, CVE-2024-26881, CVE-2023-52644, CVE-2024-26747, CVE-2024-27405,     CVE-2024-26875, CVE-2024-35896, CVE-2024-35829, CVE-2024-26877, CVE-2024-26855, CVE-2024-27414,     CVE-2024-35897, CVE-2024-35845, CVE-2024-26601, CVE-2024-35817, CVE-2024-36006, CVE-2024-26957,     CVE-2024-27019, CVE-2024-35830, CVE-2024-26977, CVE-2024-26803, CVE-2024-26629, CVE-2024-26994,     CVE-2024-27078, CVE-2024-35789, CVE-2023-52641, CVE-2024-27016, CVE-2024-26752, CVE-2024-27028,     CVE-2024-26817, CVE-2024-26840, CVE-2024-26969, CVE-2024-26965, CVE-2023-52656, CVE-2024-35973,     CVE-2024-35852, CVE-2024-26651, CVE-2024-27432, CVE-2024-27416, CVE-2024-26792, CVE-2024-35877,     CVE-2024-26584, CVE-2024-26903, CVE-2024-26951, CVE-2024-36004, CVE-2024-26861, CVE-2024-27412,     CVE-2024-26788, CVE-2024-35813, CVE-2024-26931, CVE-2023-52620, CVE-2024-27075, CVE-2024-36008,     CVE-2024-35855, CVE-2024-27059, CVE-2024-35806, CVE-2024-26763, CVE-2024-35955, CVE-2024-35936,     CVE-2024-26856, CVE-2024-26966, CVE-2024-35969, CVE-2024-35960, CVE-2024-35796, CVE-2024-26810,     CVE-2024-26862, CVE-2023-52434, CVE-2024-27046, CVE-2024-26999, CVE-2024-26778, CVE-2023-52497,     CVE-2024-35872, CVE-2024-26585, CVE-2024-35978, CVE-2024-35918, CVE-2024-35879, CVE-2024-27388,     CVE-2024-26898, CVE-2024-26879, CVE-2024-26882, CVE-2023-52650, CVE-2024-35884, CVE-2024-27396,     CVE-2024-35785, CVE-2024-36005, CVE-2024-35989, CVE-2023-52662, CVE-2024-35857, CVE-2024-26828,     CVE-2024-27054, CVE-2024-26688, CVE-2024-35997, CVE-2024-26603, CVE-2024-26820, CVE-2024-35915,     CVE-2024-35982, CVE-2024-26874, CVE-2024-26801, CVE-2024-26814, CVE-2024-27045, CVE-2024-26897,     CVE-2024-35895, CVE-2024-35944, CVE-2024-35804, CVE-2024-26805, CVE-2024-27052, CVE-2024-35851,     CVE-2024-35900, CVE-2024-35807, CVE-2024-26816, CVE-2024-26769, CVE-2024-27004, CVE-2024-27001,     CVE-2024-27415, CVE-2024-35825, CVE-2024-26777, CVE-2024-27000, CVE-2024-27030, CVE-2024-26878,     CVE-2024-26804, CVE-2024-27051, CVE-2024-26934, CVE-2024-27043, CVE-2024-26791, CVE-2024-27009,     CVE-2024-26795, CVE-2023-52640, CVE-2024-35893, CVE-2024-35898, CVE-2024-26859, CVE-2024-27393,     CVE-2024-26766, CVE-2024-26659, CVE-2024-26642, CVE-2024-26989, CVE-2024-26811, CVE-2024-26846,     CVE-2024-26743, CVE-2024-35823, CVE-2024-27076, CVE-2024-26935, CVE-2023-52645, CVE-2024-26813,     CVE-2024-26782, CVE-2024-26970, CVE-2024-26915, CVE-2024-27039, CVE-2024-26906, CVE-2024-35791,     CVE-2024-35990, CVE-2024-26845, CVE-2024-35805, CVE-2024-35912, CVE-2024-27437, CVE-2024-27436,     CVE-2024-26772, CVE-2024-26812, CVE-2024-26754, CVE-2024-26958, CVE-2024-26956, CVE-2024-26749,     CVE-2024-27413, CVE-2024-27037, CVE-2023-52447, CVE-2024-27403, CVE-2023-52652, CVE-2024-36025,     CVE-2024-26996, CVE-2024-35847, CVE-2022-48808, CVE-2024-26976, CVE-2024-26802, CVE-2024-36020,     CVE-2024-27034, CVE-2024-26993, CVE-2024-27065, CVE-2024-35930, CVE-2024-26774, CVE-2024-26872,     CVE-2024-26924, CVE-2024-26852, CVE-2024-26923, CVE-2024-26771, CVE-2024-35933, CVE-2024-35925,     CVE-2024-26937, CVE-2024-26894, CVE-2024-26839, CVE-2024-35899, CVE-2024-26889, CVE-2024-35958,     CVE-2024-35885, CVE-2024-35828, CVE-2024-26870, CVE-2024-26583, CVE-2024-26736, CVE-2024-35938,     CVE-2024-26793, CVE-2024-26891, CVE-2024-35910, CVE-2024-26654, CVE-2024-35940, CVE-2024-26851,     CVE-2024-35984, CVE-2024-26809, CVE-2024-35819, CVE-2024-35821, CVE-2024-26643, CVE-2024-36029,     CVE-2024-35888, CVE-2024-27390, CVE-2024-26773, CVE-2024-26733, CVE-2024-26961, CVE-2024-35822,     CVE-2024-35854, CVE-2024-35950, CVE-2024-35970, CVE-2024-27053, CVE-2024-26907, CVE-2024-26776,     CVE-2024-26748, CVE-2024-26988, CVE-2024-35935, CVE-2024-26744, CVE-2024-27008, CVE-2024-35905,     CVE-2024-26974, CVE-2024-26950, CVE-2024-26787, CVE-2024-27077, CVE-2024-35886, CVE-2024-35907,     CVE-2024-27020, CVE-2024-26764, CVE-2024-26835, CVE-2024-35988, CVE-2024-26687, CVE-2024-35809,     CVE-2024-35844, CVE-2024-26901, CVE-2024-26848, CVE-2024-26857, CVE-2024-26751, CVE-2024-27074,     CVE-2024-26885, CVE-2024-26884, CVE-2024-27410, CVE-2024-35871, CVE-2024-26883, CVE-2023-52699,     CVE-2024-35922, CVE-2024-26895, CVE-2024-26798, CVE-2024-26981, CVE-2024-27013, CVE-2024-27419,     CVE-2024-26779, CVE-2024-27395, CVE-2024-27015, CVE-2024-35890, CVE-2024-26863, CVE-2024-26922,     CVE-2024-27417, CVE-2023-52488, CVE-2024-26929, CVE-2024-26960, CVE-2024-26833, CVE-2024-26750,     CVE-2024-27024, CVE-2024-36007, CVE-2024-27047, CVE-2024-35853, CVE-2024-26973, CVE-2024-27038,     CVE-2024-35934, CVE-2024-27073, CVE-2024-35849, CVE-2023-52880, CVE-2024-35976)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-696 advisory.

    2024-12-05: CVE-2024-26973 was added to this advisory.

    2024-12-05: CVE-2024-26934 was added to this advisory.

    2024-12-05: CVE-2024-26891 was added to this advisory.

    2024-12-05: CVE-2024-26882 was added to this advisory.

    2024-12-05: CVE-2024-26894 was added to this advisory.

    2024-12-05: CVE-2024-26906 was added to this advisory.

    2024-12-05: CVE-2024-27435 was added to this advisory.

    2024-12-05: CVE-2024-35791 was added to this advisory.

    2024-12-05: CVE-2024-27047 was added to this advisory.

    2024-12-05: CVE-2024-26937 was added to this advisory.

    2024-12-05: CVE-2024-26870 was added to this advisory.

    2024-12-05: CVE-2024-26864 was added to this advisory.

    2024-12-05: CVE-2024-26860 was added to this advisory.

    2024-09-12: CVE-2024-35827 was added to this advisory.

    2024-09-12: CVE-2024-35823 was added to this advisory.

    2024-09-12: CVE-2024-35800 was added to this advisory.

    2024-09-12: CVE-2024-35804 was added to this advisory.

    2024-09-12: CVE-2024-35815 was added to this advisory.

    2024-09-12: CVE-2024-35826 was added to this advisory.

    2024-08-14: CVE-2024-23307 was added to this advisory.

    2024-08-14: CVE-2024-25742 was added to this advisory.

    2024-08-14: CVE-2024-26865 was added to this advisory.

    2024-08-14: CVE-2024-26862 was added to this advisory.

    2024-08-14: CVE-2024-26585 was added to this advisory.

    2024-08-14: CVE-2024-26815 was added to this advisory.

    2024-08-14: CVE-2024-35805 was added to this advisory.

    2024-08-14: CVE-2024-26863 was added to this advisory.

    2024-08-14: CVE-2024-26643 was added to this advisory.

    2024-08-14: CVE-2024-26878 was added to this advisory.

    2024-08-14: CVE-2024-26812 was added to this advisory.

    2024-08-14: CVE-2024-26584 was added to this advisory.

    2024-08-14: CVE-2024-27388 was added to this advisory.

    2024-08-14: CVE-2024-26642 was added to this advisory.

    2024-08-14: CVE-2024-36031 was added to this advisory.

    2024-08-14: CVE-2024-35801 was added to this advisory.

    2024-08-14: CVE-2024-26880 was added to this advisory.

    2024-08-14: CVE-2024-26810 was added to this advisory.

    2024-08-14: CVE-2024-27038 was added to this advisory.

    2024-08-14: CVE-2023-52656 was added to this advisory.

    2024-08-14: CVE-2024-26898 was added to this advisory.

    2024-08-14: CVE-2024-26861 was added to this advisory.

    2024-08-14: CVE-2024-35809 was added to this advisory.

    2024-08-14: CVE-2024-27437 was added to this advisory.

    2024-08-14: CVE-2024-26809 was added to this advisory.

    2024-08-14: CVE-2024-26883 was added to this advisory.

    2024-08-14: CVE-2024-26901 was added to this advisory.

    2024-08-14: CVE-2024-26816 was added to this advisory.

    2024-08-14: CVE-2024-26868 was added to this advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    io_uring: drop any code related to SCM_RIGHTS (CVE-2023-52656)

    Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM (md, raid, raid5 modules)     allows Forced Integer Overflow. (CVE-2024-23307)

    A malicious hypervisor can potentially break confidentiality and integrity of Linux SEV-SNP guests by     injecting interrupts. (CVE-2024-25742)

    In the Linux kernel, the following vulnerability has been resolved:

    net: tls: handle backlogging of crypto requests

    Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on ourrequests to the crypto API,     crypto_aead_{encrypt,decrypt} can return-EBUSY instead of -EINPROGRESS in valid situations. For example,     whenthe cryptd queue for AESNI is full (easy to trigger with anartificially low     cryptd.cryptd_max_cpu_qlen), requests will be enqueuedto the backlog but still processed. In that case,     the async callbackwill also be called twice: first with err == -EINPROGRESS, which itseems we can just     ignore, then with err == 0.

    Compared to Sabrina's original patch this version uses the newtls_*crypt_async_wait() helpers and converts     the EBUSY toEINPROGRESS to avoid having to modify all the error handlingpaths. The handling is identical.
    (CVE-2024-26584)

    In the Linux kernel, the following vulnerability has been resolved:

    tls: fix race between tx work scheduling and socket close

    Similarly to previous commit, the submitting thread (recvmsg/sendmsg)may exit as soon as the async crypto     handler calls complete().Reorder scheduling the work before calling complete().This seems more logical in     the first place, as it'sthe inverse order of what the submitting thread will do. (CVE-2024-26585)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nft_set_pipapo: release elements in clone only from destroy path (CVE-2024-26809)

    In the Linux kernel, the following vulnerability has been resolved:

    vfio/pci: Lock external INTx masking ops (CVE-2024-26810)

    In the Linux kernel, the following vulnerability has been resolved:

    vfio/pci: Create persistent INTx handler (CVE-2024-26812)

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check (CVE-2024-26815)

    In the Linux kernel, the following vulnerability has been resolved:

    x86, relocs: Ignore relocations in .notes section (CVE-2024-26816)

    In the Linux kernel, the following vulnerability has been resolved:

    dm-integrity: fix a memory leak when rechecking the data (CVE-2024-26860)

    In the Linux kernel, the following vulnerability has been resolved:

    wireguard: receive: annotate data-race around receiving_counter.counter (CVE-2024-26861)

    In the Linux kernel, the following vulnerability has been resolved:

    packet: annotate data-races around ignore_outgoing (CVE-2024-26862)

    In the Linux kernel, the following vulnerability has been resolved:

    hsr: Fix uninit-value access in hsr_get_node() (CVE-2024-26863)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp: Fix refcnt handling in __inet_hash_connect(). (CVE-2024-26864)

    In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in     reqsk_timer_handler(). syzkaller reported a warning of netns tracker [0] followed by KASAN splat [1] and     another ref tracker warning [1]. syzkaller could not find a repro, but in the log, the only suspicious     sequence was as follows: 18:26:22 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ...
    connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async) The notable thing here is     0x4001 in connect(), which is RDS_TCP_PORT. (CVE-2024-26865)

    In the Linux kernel, the following vulnerability has been resolved:

    nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (CVE-2024-26868)

    In the Linux kernel, the following vulnerability has been resolved:

    NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)

    In the Linux kernel, the following vulnerability has been resolved:

    quota: Fix potential NULL pointer dereference (CVE-2024-26878)

    In the Linux kernel, the following vulnerability has been resolved:

    dm: call the resume method on internal suspend (CVE-2024-26880)

    In the Linux kernel, the following vulnerability has been resolved:

    net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() (CVE-2024-26882)

    In the Linux kernel, the following vulnerability has been resolved:

    bpf: Fix stackmap overflow check on 32-bit arches (CVE-2024-26883)

    In the Linux kernel, the following vulnerability has been resolved:

    iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected (CVE-2024-26891)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (CVE-2024-26894)

    In the Linux kernel, the following vulnerability has been resolved:

    aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (CVE-2024-26898)

    In the Linux kernel, the following vulnerability has been resolved:

    do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)

    In the Linux kernel, the following vulnerability has been resolved:

    USB: core: Fix deadlock in port disable sysfs attribute (CVE-2024-26933)

    In the Linux kernel, the following vulnerability has been resolved:

    USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934)

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915/gt: Reset queue_priority_hint on parking (CVE-2024-26937)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (CVE-2024-26938)

    In the Linux kernel, the following vulnerability has been resolved:

    kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)

    In the Linux kernel, the following vulnerability has been resolved:

    wireguard: netlink: access device through ctx instead of peer (CVE-2024-26950)

    In the Linux kernel, the following vulnerability has been resolved:

    wireguard: netlink: check for dangling peer via is_dead instead of empty list (CVE-2024-26951)

    In the Linux kernel, the following vulnerability has been resolved:

    nfs: fix UAF in direct writes (CVE-2024-26958)

    In the Linux kernel, the following vulnerability has been resolved:

    mm: swap: fix race between free_swap_and_cache() and swapoff() (CVE-2024-26960)

    In the Linux kernel, the following vulnerability has been resolved:

    usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964)

    In the Linux kernel, the following vulnerability has been resolved:

    fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

    In the Linux kernel, the following vulnerability has been resolved:

    pci_iounmap(): Fix MMIO mapping leak (CVE-2024-26977)

    In the Linux kernel, the following vulnerability has been resolved:

    nbd: null check for nla_nest_start (CVE-2024-27025)

    In the Linux kernel, the following vulnerability has been resolved:

    clk: Fix clk_core_get NULL dereference (CVE-2024-27038)

    In the Linux kernel, the following vulnerability has been resolved:

    net: phy: fix phy_get_internal_delay accessing an empty array (CVE-2024-27047)

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: nf_tables: do not compare internal table flags on updates (CVE-2024-27065)

    In the Linux kernel, the following vulnerability has been resolved:

    SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388)

    In the Linux kernel, the following vulnerability has been resolved:

    pstore: inode: Only d_invalidate() is needed (CVE-2024-27389)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() (CVE-2024-27390)

    In the Linux kernel, the following vulnerability has been resolved:

    nvme: fix reconnection fail due to reserved tag allocation (CVE-2024-27435)

    In the Linux kernel, the following vulnerability has been resolved:

    vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791)

    In the Linux kernel, the following vulnerability has been resolved:

    efi: fix panic in kdump kernel (CVE-2024-35800)

    In the Linux kernel, the following vulnerability has been resolved:

    x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: x86: Mark target gfn of emulated atomic instruction as dirty (CVE-2024-35804)

    In the Linux kernel, the following vulnerability has been resolved:

    dm snapshot: fix lockup in dm_exception_table_exit (CVE-2024-35805)

    In the Linux kernel, the following vulnerability has been resolved:

    PCI/PM: Drain runtime-idle callbacks before driver removal (CVE-2024-35809)

    In the Linux kernel, the following vulnerability has been resolved:

    fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (CVE-2024-35815)

    In the Linux kernel, the following vulnerability has been resolved:

    vt: fix unicode buffer corruption when deleting characters (CVE-2024-35823)

    In the Linux kernel, the following vulnerability has been resolved:

    block: Fix page refcounts for unaligned buffers in __bio_release_pages() (CVE-2024-35826)

    In the Linux kernel, the following vulnerability has been resolved:

    io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (CVE-2024-35827)

    In the Linux kernel, the following vulnerability has been resolved:

    keys: Fix overwrite of key expiration on instantiation (CVE-2024-36031)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory.

    Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error     conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this     vulnerability to cause a denial of service. (CVE-2022-38096)

    Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition     during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could     possibly use this to cause a denial of service (system crash). (CVE-2023-47233)

    It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition,     leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or     possibly execute arbitrary code. (CVE-2023-6270)

    It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data     structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial     of service. (CVE-2023-7042)

    Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition,     leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a     denial of service (system crash). (CVE-2024-23307)

    Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a     race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause     a denial of service (system crash). (CVE-2024-24861)

    Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did     not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this     to cause a denial of service (system crash). (CVE-2024-25739)

    It was discovered that the MediaTek SoC Gigabit Ethernet driver in the Linux kernel contained a race     condition when stopping the device. A local attacker could possibly use this to cause a denial of service     (device unavailability). (CVE-2024-27432)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM32 architecture;

    - PowerPC architecture;

    - x86 architecture;

    - Block layer subsystem;

    - ACPI drivers;

    - Bluetooth drivers;

    - Clock framework and drivers;

    - CPU frequency scaling framework;

    - Cryptographic API;

    - DPLL subsystem;

    - ARM SCMI message protocol;

    - EFI core;

    - GPU drivers;

    - InfiniBand drivers;

    - IOMMU subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - MMC subsystem;

    - Network drivers;

    - NTB driver;

    - NVME drivers;

    - PCI subsystem;

    - Powercap sysfs driver;

    - SCSI drivers;

    - Freescale SoC drivers;

    - SPI subsystem;

    - Media staging drivers;

    - Thermal drivers;

    - TTY drivers;

    - USB subsystem;

    - DesignWare USB3 driver;

    - VFIO drivers;

    - Backlight driver;

    - Virtio drivers;

    - Xen hypervisor drivers;

    - AFS file system;

    - File systems infrastructure;

    - BTRFS file system;

    - debug file system;

    - Ext4 file system;

    - F2FS file system;

    - FAT file system;

    - Network file system client;

    - NILFS2 file system;

    - Overlay file system;

    - Pstore file system;

    - Diskquota system;

    - SMB network file system;

    - UBI file system;

    - io_uring subsystem;

    - BPF subsystem;

    - Core kernel;

    - Memory management;

    - Bluetooth subsystem;

    - Networking core;

    - HSR network protocol;

    - IPv4 networking;

    - IPv6 networking;

    - MAC80211 subsystem;

    - IEEE 802.15.4 subsystem;

    - Netfilter;

    - Packet sockets;

    - Network traffic control;

    - Sun RPC protocol;

    - ALSA SH drivers;

    - SOF drivers;

    - USB sound devices;

    - KVM core; (CVE-2024-26859, CVE-2024-26944, CVE-2024-27049, CVE-2024-26868, CVE-2024-26932,     CVE-2024-35843, CVE-2024-35814, CVE-2024-26866, CVE-2024-26941, CVE-2024-27080, CVE-2024-26938,     CVE-2024-26889, CVE-2024-27075, CVE-2024-27077, CVE-2024-26864, CVE-2024-35787, CVE-2024-27071,     CVE-2024-26880, CVE-2024-26961, CVE-2024-26945, CVE-2024-26863, CVE-2024-35795, CVE-2024-27045,     CVE-2024-27066, CVE-2024-27046, CVE-2024-26816, CVE-2024-27069, CVE-2024-26861, CVE-2024-26968,     CVE-2024-26963, CVE-2024-26878, CVE-2024-27073, CVE-2024-35806, CVE-2024-26951, CVE-2024-26954,     CVE-2024-27026, CVE-2024-26956, CVE-2024-35811, CVE-2024-35803, CVE-2024-26964, CVE-2024-26848,     CVE-2024-27434, CVE-2024-35844, CVE-2024-26977, CVE-2024-27031, CVE-2024-35813, CVE-2024-26960,     CVE-2024-27067, CVE-2024-26937, CVE-2024-26884, CVE-2024-26656, CVE-2024-27068, CVE-2024-26871,     CVE-2023-52653, CVE-2024-26939, CVE-2024-26967, CVE-2024-26966, CVE-2024-27043, CVE-2024-26814,     CVE-2024-35829, CVE-2024-26973, CVE-2024-35810, CVE-2024-26877, CVE-2024-27392, CVE-2024-35805,     CVE-2024-26875, CVE-2024-26970, CVE-2024-26657, CVE-2024-26874, CVE-2024-26971, CVE-2024-26872,     CVE-2024-35798, CVE-2024-26931, CVE-2024-26948, CVE-2024-26883, CVE-2024-26955, CVE-2024-27039,     CVE-2024-27038, CVE-2024-27065, CVE-2024-26899, CVE-2024-27048, CVE-2024-35874, CVE-2024-35845,     CVE-2024-35799, CVE-2024-35827, CVE-2024-26935, CVE-2024-27079, CVE-2024-35821, CVE-2024-26950,     CVE-2024-26879, CVE-2024-26940, CVE-2024-35788, CVE-2024-26891, CVE-2024-27063, CVE-2024-27433,     CVE-2024-27036, CVE-2024-35819, CVE-2024-26969, CVE-2024-27044, CVE-2024-27028, CVE-2024-27070,     CVE-2023-52649, CVE-2024-27435, CVE-2024-35830, CVE-2024-26929, CVE-2024-26653, CVE-2024-26887,     CVE-2024-26869, CVE-2024-26942, CVE-2024-35822, CVE-2024-26979, CVE-2024-26881, CVE-2024-26655,     CVE-2024-26975, CVE-2023-52650, CVE-2024-26651, CVE-2024-35828, CVE-2024-26965, CVE-2024-27437,     CVE-2024-35794, CVE-2024-26962, CVE-2024-27058, CVE-2024-27076, CVE-2024-27035, CVE-2024-27074,     CVE-2024-27027, CVE-2024-26860, CVE-2024-27042, CVE-2024-27390, CVE-2024-26815, CVE-2023-52662,     CVE-2024-27051, CVE-2024-35796, CVE-2024-27047, CVE-2024-26930, CVE-2024-26865, CVE-2024-27064,     CVE-2024-35826, CVE-2024-26885, CVE-2024-26873, CVE-2024-26943, CVE-2024-26893, CVE-2024-27030,     CVE-2024-26976, CVE-2024-35793, CVE-2024-26952, CVE-2023-52644, CVE-2024-35797, CVE-2024-27029,     CVE-2024-26927, CVE-2024-26812, CVE-2024-27432, CVE-2024-26897, CVE-2024-26890, CVE-2024-26972,     CVE-2024-35800, CVE-2024-27032, CVE-2024-27052, CVE-2023-52647, CVE-2024-26898, CVE-2023-52652,     CVE-2024-35808, CVE-2024-26876, CVE-2024-26933, CVE-2024-26862, CVE-2024-27033, CVE-2023-52663,     CVE-2024-27041, CVE-2023-52648, CVE-2024-26888, CVE-2024-26957, CVE-2024-26953, CVE-2023-52659,     CVE-2024-27436, CVE-2024-27040, CVE-2024-27054, CVE-2024-27050, CVE-2024-26886, CVE-2023-52661,     CVE-2024-35831, CVE-2024-26946, CVE-2024-26949, CVE-2024-26809, CVE-2024-26892, CVE-2024-26654,     CVE-2024-26901, CVE-2024-27053, CVE-2024-26882, CVE-2024-35809, CVE-2024-26978, CVE-2024-27037,     CVE-2024-27391, CVE-2024-27034, CVE-2024-26895, CVE-2024-35817, CVE-2024-26900, CVE-2024-26896,     CVE-2024-26958, CVE-2024-35801, CVE-2024-27388, CVE-2024-26934, CVE-2024-27078, CVE-2024-35789,     CVE-2024-26894, CVE-2024-27389, CVE-2024-35807, CVE-2024-27072, CVE-2024-26947, CVE-2024-26870,     CVE-2024-26813, CVE-2022-48669, CVE-2024-26959, CVE-2024-26810)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
202478	Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-6896-2)	Nessus	Ubuntu Local Security Checks	7/16/2024	12/31/2024	high
205968	EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-2178)	Nessus	Huawei Local Security Checks	8/21/2024	8/21/2024	high
207120	EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2394)	Nessus	Huawei Local Security Checks	9/12/2024	9/12/2024	high
209785	EulerOS Virtualization 2.12.0 : kernel (EulerOS-SA-2024-2781)	Nessus	Huawei Local Security Checks	10/27/2024	10/27/2024	high
202292	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6896-1)	Nessus	Ubuntu Local Security Checks	7/12/2024	12/31/2024	high
201099	Debian dla-3840 : hyperv-daemons - security update	Nessus	Debian Local Security Checks	6/27/2024	9/27/2024	high
209777	EulerOS Virtualization 2.12.1 : kernel (EulerOS-SA-2024-2763)	Nessus	Huawei Local Security Checks	10/27/2024	10/27/2024	high
201009	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)	Nessus	SuSE Local Security Checks	6/26/2024	10/7/2024	critical
204794	Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6919-1)	Nessus	Ubuntu Local Security Checks	7/26/2024	8/27/2024	high
205093	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-696)	Nessus	Amazon Linux Local Security Checks	8/6/2024	12/31/2024	high
200633	Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)	Nessus	Ubuntu Local Security Checks	6/14/2024	2/4/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

critical

high

high

high