According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function.
    This can result in a bluetooth sniffing exception issue, possibly leading denial of     service.(CVE-2024-24859)

    bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq(CVE-2024-38540)

    drivers: core: synchronize really_probe() and dev_uevent()(CVE-2024-39501)

    drm/amd/display: Fix potential index out of bounds in color transformation function(CVE-2024-38552)

    drop_monitor: replace spin_lock by raw_spin_lock(CVE-2024-40980)

    dyndbg: fix old BUG_ON in control parser(CVE-2024-35947)

    ext4: do not create EA inode under buffer lock(CVE-2024-40972)

    HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()(CVE-2024-40934)

    ice: Fix crash by keep old cfg when update TCs more than queues(CVE-2022-48652)

    In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to     drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.(CVE-2024-23848)

    ipv6: fix possible race in __fib6_drop_pcpu_from()(CVE-2024-40905)

    ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr()(CVE-2024-27417)

    kernel:af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg(CVE-2024-38596)

    kernel:bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()(CVE-2024-39487)

    kernel:dm: call the resume method on internal suspend(CVE-2024-26880)

    kernel:fix lockup in dm_exception_table_exit  There was reported lockup(CVE-2024-35805)

    kernel:ftrace: Fix possible use-after-free issue in ftrace_location()(CVE-2024-38588)

    kernel:ima: Fix use-after-free on a dentry's dname.name(CVE-2024-39494)

    kernel:ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr(CVE-2024-35969)

    kernel:ipv6: prevent possible NULL dereference in rt6_probe()(CVE-2024-40960)

    kernel:kdb: Fix buffer overflow during tab-complete(CVE-2024-39480)

    kernel:net/mlx5e: Avoid field-overflowing memcpy()(CVE-2022-48744)

    kernel:net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()(CVE-2024-40995)

    kernel:net: bridge: xmit: make sure we have at least eth header len bytes(CVE-2024-38538)

    kernel:netpoll: Fix race condition in netpoll_owner_active(CVE-2024-41005)

    kernel:nouveau: lock the client object tree. (CVE-2024-27062)

    kernel:nvme-fc: do not wait in vain when unloading module(CVE-2024-26846)

    kernel:of: Fix double free in of_parse_phandle_with_args_map(CVE-2023-52679)

    kernel:of: module: add buffer overflow check in of_modalias()(CVE-2024-38541)

    kernel:scsi: lpfc: Fix link down processing to address NULL pointer dereference(CVE-2021-47183)

    kernel:SUNRPC: fix some memleaks in gssx_dec_option_array(CVE-2024-27388)

    kernel:tcp: avoid too many retransmit packets(CVE-2024-41007)

    kernel:tcp: Fix shift-out-of-bounds in dctcp_update_alpha().(CVE-2024-37356)

    md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING(CVE-2024-39476)

    md: fix resync softlockup when bitmap size is less than array size(CVE-2024-38598)

    media: imon: fix access to invalid resource for the second interface(CVE-2023-52754)

    net/mlx5: Add a timeout to acquire the command queue semaphore(CVE-2024-38556)

    net/mlx5: Discard command completions in internal error(CVE-2024-38555)

    net/mlx5e: Fix netif state handling(CVE-2024-38608)

    net/sched: act_skbmod: prevent kernel-infoleak(CVE-2024-35893)

    netfilter: bridge: replace physindev with physinif in nf_bridge_info(CVE-2024-35839)

    netfilter: ipset: fix performance regression in swap operation(CVE-2024-26910)

    netfilter: nf_tables: flush pending destroy work before exit_net release(CVE-2024-35899)

    netfilter: nf_tables: honor table dormant flag from netdev release event path(CVE-2024-36005)

    netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()(CVE-2024-36286)

    NFSD: Fix ia_size underflow(CVE-2022-48828)

    RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt(CVE-2024-38544)

    scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory(CVE-2024-40901)

    tipc: force a dst refcount before doing decryption(CVE-2024-40983)

    usb: config: fix iteration issue in 'usb_get_bos_descriptor()'(CVE-2023-52781)

    bcache: fix variable length array abuse in btree_iter(CVE-2024-39482)

    pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER(CVE-2024-42090)

    udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().(CVE-2024-41041)

    net: hns3: fix kernel crash when 1588 is received on HIP08 devices(CVE-2024-26881)

    bpf: Fix a segment issue when downgrading gso_size(CVE-2024-42281)

    quota: Fix potential NULL pointer dereference(CVE-2024-26878)

    rds: tcp: Fix use-after-free of net in reqsk_timer_handler().(CVE-2024-26865)

    io_uring: fix possible deadlock in io_register_iowq_max_workers()(CVE-2024-41080)

    ASoC: topology: Fix references to freed memory(CVE-2024-41069)

    crypto: hisilicon/sec - Fix memory leak for sec resource release(CVE-2024-41002)

    filelock: Remove locks reliably when fcntl/close race is detected(CVE-2024-41012)

    x86: stop playing stack games in profile_pc()(CVE-2024-42096)

    iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected(CVE-2024-26891)

    xfs: add bounds checking to xlog_recover_process_data(CVE-2024-41014)

    xfs: don't walk off the end of a directory data block(CVE-2024-41013)

    sched/deadline: Fix task_struct reference leak(CVE-2024-41023)

    of: module: prevent NULL pointer dereference in vsnprintf()(CVE-2024-35878)

    mm: avoid overflows in dirty throttling logic(CVE-2024-42131)

    drm/ nouveau: fix null pointer dereference in nouveau_connector_get_modes(CVE-2024-42101)

    crypto: ecdh - explicitly zeroize private_key(CVE-2024-42098)

    Fix userfaultfd_api to return EINVAL as expected(CVE-2024-41027)

    ftruncate: pass a signed offset(CVE-2024-42084)

    nvmet: fix a possible leak when destroy a ctrl during qp establishment(CVE-2024-42152)

    nvmet: always initialize cqe.result(CVE-2024-41079)

    crypto: aead,cipher - zeroize key buffer after use(CVE-2024-42229)

    Bluetooth: L2CAP: Fix not validating setsockopt user input(CVE-2024-35965)

    KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()(CVE-2024-40953)

    filelock: Fix fcntl/close race recovery compat path(CVE-2024-41020)

    USB: serial: mos7840: fix crash on resume(CVE-2024-42244)

    tty: add the option to have a tty reject a new ldisc(CVE-2024-40966)

    media: dvb-frontends: tda10048: Fix integer overflow(CVE-2024-42223)

    ata: libata-core: Fix double free on error(CVE-2024-41087)

    ata: libata-core: Fix null pointer dereference on error(CVE-2024-41098)

    leds: trigger: Unregister sysfs attributes before calling deactivate()(CVE-2024-43830)

    enic: Validate length of nl attributes in enic_set_vf_port(CVE-2024-38659)

    tap: add missing verification for short frame(CVE-2024-41090)

    tun: add missing verification for short frame(CVE-2024-41091)

    netfilter: tproxy: bail out if IP has been disabled on the device(CVE-2024-36270)

    ext4: make sure the first directory block is not a hole(CVE-2024-42304)

    ext4: fix infinite loop when replaying fast_commit(CVE-2024-43828)

    ppp: reject claimed-as-LCP but actually malformed packets(CVE-2024-41044)

    RDMA/restrack: Fix potential invalid address access(CVE-2024-42080)

    nvme-fabrics: use reserved tag for reg read/write command(CVE-2024-41082)

    bnx2x: Fix multiple UBSAN array-index-out-of-bounds(CVE-2024-42148)

    inet_diag: Initialize pad field in struct inet_diag_req_v2(CVE-2024-42106)

    bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD(CVE-2024-42161)

    drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)(CVE-2024-39497)

    drm/amd/display: Add NULL pointer check for kzalloc(CVE-2024-42122)

    net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket(CVE-2024-42246)

    net: phy: fix phy_get_internal_delay accessing an empty array(CVE-2024-27047)

    tcp_metrics: validate source addr length(CVE-2024-42154)

    netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers(CVE-2024-42070)

    RDMA/hns: Modify the print level of CQE error(CVE-2024-38590)

    udp: do not accept non-tunnel GSO skbs landing in a tunnel(CVE-2024-35884)

    skmsg: Skip zero length skb in sk_msg_recvmsg(CVE-2024-41048)

    xdp: Remove WARN() from __xdp_reg_mem_model()(CVE-2024-42082)

    HID: core: remove unnecessary WARN_ON() in implement()(CVE-2024-39509)

    net: nexthop: Initialize all fields in dumped nexthops(CVE-2024-42283)

    IB/core: Implement a limit on UMAD receive List(CVE-2024-42145)

    RDMA/iwcm: Fix a use-after-free related to destroying CM IDs(CVE-2024-42285)

    ipvs: properly dereference pe in ip_vs_add_service(CVE-2024-42322)

    net: usb: qmi_wwan: fix memory leak for not ip packets(CVE-2024-43861)

    libceph: fix race between delayed_work() and ceph_monc_stop()(CVE-2024-42232)

    tipc: Return non-zero value from tipc_udp_addr2str() on error(CVE-2024-42284)

    drm/ nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes(CVE-2024-41089)

    netfilter: nf_tables: prefer nft_chain_validate(CVE-2024-41042)

    net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE(CVE-2024-42321)

    net/mlx5: Always drain health in shutdown callback(CVE-2024-43866)

    USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor(CVE-2024-41035)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5102 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)

    * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)

    * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)

    * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)

    * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)

    * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)

    * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)

    * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

    * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)

    * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by     untrusted application (CVE-2024-21823)

    * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)

    * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)

    * kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)

    * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)

    * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)

    * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)

    * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)

    * kernel: Revert net/mlx5: Block entering switchdev mode with ns inconsistency (CVE-2023-52658)

    * kernel: crash due to a missing check for leb_size (CVE-2024-25739)

    * kernel: tcp: make sure init the accept_queue's spinlocks once (CVE-2024-26614)

    * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

    * kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)

    * kernel: nfs: fix UAF in direct writes (CVE-2024-26958)

    * kernel: SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388)

    * kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (CVE-2024-27434)

    * kernel: of: Fix double free in of_parse_phandle_with_args_map (CVE-2023-52679)

    * kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (CVE-2024-35930)

    * kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks (CVE-2024-35912)

    * kernel: block: prevent division by zero in blk_rq_stat_sum() (CVE-2024-35925)

    * kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB (CVE-2024-35938)

    * kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)

    * kernel: wifi: rtw89: fix null pointer access when abort scan (CVE-2024-35946)

    * kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)

    * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)

    * kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (CVE-2024-36006)

    * kernel: net: ieee802154: fix null deref in parse dev addr (CVE-2021-47257)

    * kernel: mmc: sdio: fix possible resource leaks in some error paths (CVE-2023-52730)

    * kernel: wifi: ath11k: fix gtk offload status event locking (CVE-2023-52777)

    * (CVE-2023-52832)
    * (CVE-2023-52803)
    * (CVE-2023-52756)
    * (CVE-2023-52834)
    * (CVE-2023-52791)
    * (CVE-2023-52764)
    * (CVE-2021-47468)
    * (CVE-2021-47284)
    * (CVE-2024-36025)
    * (CVE-2024-36941)
    * (CVE-2024-36940)
    * (CVE-2024-36904)
    * (CVE-2024-36896)
    * (CVE-2024-36954)
    * (CVE-2024-36950)
    * (CVE-2024-38575)
    * (CVE-2024-36917)
    * (CVE-2024-36016)
    * (CVE-2023-52762)
    * (CVE-2024-27025)
    * (CVE-2021-47548)
    * (CVE-2023-52619)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5102 advisory.

    * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
    * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)
    * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)
    * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)
    * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)
    * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)
    * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)
    * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)
    * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)
    * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by     untrusted application (CVE-2024-21823)
    * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)
    * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)
    * kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)
    * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)
    * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)
    * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)
    * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)
    * kernel: Revert net/mlx5: Block entering switchdev mode with ns inconsistency (CVE-2023-52658)
    * kernel: crash due to a missing check for leb_size (CVE-2024-25739)
    * kernel: tcp: make sure init the accept_queue's spinlocks once (CVE-2024-26614)
    * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)
    * kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)
    * kernel: nfs: fix UAF in direct writes (CVE-2024-26958)
    * kernel: SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388)
    * kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (CVE-2024-27434)
    * kernel: of: Fix double free in of_parse_phandle_with_args_map (CVE-2023-52679)
    * kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (CVE-2024-35930)
    * kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks (CVE-2024-35912)
    * kernel: block: prevent division by zero in blk_rq_stat_sum() (CVE-2024-35925)
    * kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB (CVE-2024-35938)
    * kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)
    * kernel: wifi: rtw89: fix null pointer access when abort scan (CVE-2024-35946)
    * kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)
    * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)
    * kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (CVE-2024-36006)
    * kernel: net: ieee802154: fix null deref in parse dev addr (CVE-2021-47257)
    * kernel: mmc: sdio: fix possible resource leaks in some error paths (CVE-2023-52730)
    * kernel: wifi: ath11k: fix gtk offload status event locking (CVE-2023-52777)
    * (CVE-2023-52832)
    * (CVE-2023-52803)
    * (CVE-2023-52756)
    * (CVE-2023-52834)
    * (CVE-2023-52791)
    * (CVE-2023-52764)
    * (CVE-2021-47468)
    * (CVE-2021-47284)
    * (CVE-2024-36025)
    * (CVE-2024-36941)
    * (CVE-2024-36940)
    * (CVE-2024-36904)
    * (CVE-2024-36896)
    * (CVE-2024-36954)
    * (CVE-2024-36950)
    * (CVE-2024-38575)
    * (CVE-2024-36917)
    * (CVE-2024-36016)
    * (CVE-2023-52762)
    * (CVE-2024-27025)
    * (CVE-2021-47548)
    * (CVE-2023-52619)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12581 advisory.

    - net/mlx5e: drop shorter ethernet frames (Manjunath Patil)  [Orabug: 36879157]  {CVE-2024-41090}     {CVE-2024-41091}
    - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik)     [Orabug: 36835599] {CVE-2024-39503}
    - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug:
    36836328] {CVE-2024-40916}
    - s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592]     {CVE-2024-38661}
    - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598]     {CVE-2024-39276}
    - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449]     {CVE-2024-35976}
    - net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971}
    - kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson)     [Orabug: 36809288] {CVE-2024-39480}
    - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301}
    - drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471}
    - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636]     {CVE-2024-39467}
    - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564]     {CVE-2024-38583}
    - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512]     {CVE-2024-36288}
    - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618}
    - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551]     {CVE-2024-33621}
    - netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563]     {CVE-2024-36270}
    - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836]     {CVE-2024-38659}
    - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844]     {CVE-2024-38780}
    - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug:
    36763570] {CVE-2024-36286}
    - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587]     {CVE-2024-37353}
    - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258]     {CVE-2024-39488}
    - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591]     {CVE-2024-37356}
    - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489}
    - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602]     {CVE-2024-38621}
    - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583]     {CVE-2024-39292}
    - ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015}
    - stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763]     {CVE-2024-38627}
    - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814]     {CVE-2024-38633}
    - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug:
    36763819] {CVE-2024-38634}
    - soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635}
    - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832]     {CVE-2024-38637}
    - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589}
    - drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061]     {CVE-2024-36014}
    - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549}
    - drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan     Shanmugam) [Orabug: 36753424] {CVE-2024-38552}
    - ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612}
    - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462]     {CVE-2024-38558}
    - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599]     {CVE-2024-38596}
    - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613}
    - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559}
    - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560}
    - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485]     {CVE-2024-38565}
    - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508]     {CVE-2024-38567}
    - cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615}
    - md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648]     {CVE-2024-38598}
    - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651]     {CVE-2024-38599}
    - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578}
    - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579}
    - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557]     {CVE-2024-38582}
    - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661]     {CVE-2024-38601}
    - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068]     {CVE-2024-36016}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6951-2 advisory.

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - M68K architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Accessibility subsystem;

    - Character device driver;

    - Clock framework and drivers;

    - CPU frequency scaling framework;

    - Hardware crypto device drivers;

    - Buffer Sharing and Synchronization framework;

    - FireWire subsystem;

    - GPU drivers;

    - HW tracing;

    - Macintosh device drivers;

    - Multiple devices driver;

    - Media drivers;

    - Network drivers;

    - Pin controllers subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - SoundWire subsystem;

    - Greybus lights staging drivers;

    - TTY drivers;

    - Framebuffer layer;

    - Virtio drivers;

    - 9P distributed file system;

    - eCrypt file system;

    - EROFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFFS2 file system;

    - Network file system client;

    - NILFS2 file system;

    - SMB network file system;

    - Kernel debugger infrastructure;

    - IRQ subsystem;

    - Tracing infrastructure;

    - Dynamic debug library;

    - 9P file system network protocol;

    - Bluetooth subsystem;

    - Networking core;

    - IPv4 networking;

    - IPv6 networking;

    - Netfilter;

    - NET/ROM layer;

    - NFC subsystem;

    - NSH protocol;

    - Open vSwitch;

    - Phonet protocol;

    - TIPC protocol;

    - Unix domain sockets;

    - Wireless networking;

    - eXpress Data Path;

    - XFRM subsystem;

    - ALSA framework; (CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399, CVE-2024-39276,     CVE-2024-38596, CVE-2024-36933, CVE-2024-36919, CVE-2024-35976, CVE-2024-37356, CVE-2023-52585,     CVE-2024-38558, CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633, CVE-2024-36886,     CVE-2024-27398, CVE-2024-39493, CVE-2024-26886, CVE-2024-31076, CVE-2024-38559, CVE-2024-38615,     CVE-2024-36971, CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353, CVE-2024-38621,     CVE-2024-36883, CVE-2024-39488, CVE-2024-38661, CVE-2024-36939, CVE-2024-38589, CVE-2024-38565,     CVE-2024-38381, CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017, CVE-2024-36946,     CVE-2024-27401, CVE-2024-38579, CVE-2024-38612, CVE-2024-38598, CVE-2024-38635, CVE-2024-38587,     CVE-2024-38567, CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019, CVE-2024-38601,     CVE-2024-39489, CVE-2024-39467, CVE-2023-52882, CVE-2024-38583, CVE-2024-39480, CVE-2024-38607,     CVE-2024-36940, CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582, CVE-2024-36950,     CVE-2024-38552, CVE-2024-33621, CVE-2024-36954, CVE-2024-39475, CVE-2024-39301, CVE-2024-38599,     CVE-2024-36902, CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941, CVE-2024-36014,     CVE-2024-38618, CVE-2024-36904, CVE-2024-36270, CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5101 advisory.

    * kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451)

    * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)

    * kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)

    * kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)

    * kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)

    * kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)

    * kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)

    * kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)

    * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

    * kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)

    * kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by     untrusted application (CVE-2024-21823)

    * kernel: Revert net/mlx5: Block entering switchdev mode with ns inconsistency (CVE-2023-52658)

    * kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)

    * kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)

    * kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)

    * kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)

    * kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)

    * kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)

    * kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)

    * (CVE-2023-28746)
    * (CVE-2023-52847)
    * (CVE-2021-47548)
    * (CVE-2024-36921)
    * (CVE-2024-26921)
    * (CVE-2021-47579)
    * (CVE-2024-36927)
    * (CVE-2024-39276)
    * (CVE-2024-33621)
    * (CVE-2024-27010)
    * (CVE-2024-26960)
    * (CVE-2024-38596)
    * (CVE-2022-48743)
    * (CVE-2024-26733)
    * (CVE-2024-26586)
    * (CVE-2024-26698)
    * (CVE-2023-52619)

    Bug Fix(es):

    * Rocky Linux8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output     (JIRA:Rocky Linux-17678)

    * [AWS][8.9]There are call traces found when booting debug-kernel  for Amazon EC2 r8g.metal-24xl instance     (JIRA:Rocky Linux-23841)

    * [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux-32941)

    * lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux-33437)

    * [Hyper-V][Rocky Linux-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux-39074)

    * Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux-40167)

    * blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux-40939)

    * (JIRA:Rocky Linux-31798)
    * (JIRA:Rocky Linux-10263)
    * (JIRA:Rocky Linux-40901)
    * (JIRA:Rocky Linux-43547)
    * (JIRA:Rocky Linux-34876)

    Enhancement(s):

    * [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog     configuration (JIRA:Rocky Linux-19723)

Tenable has extracted the preceding description block directly from the Rocky Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4583 advisory.

    * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

    * kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in     hns_dsaf_ge_srst_by_port() (CVE-2021-47548)

    * kernel: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (CVE-2021-47596)

    * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)

    * kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (CVE-2023-52638)

    * kernel: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783)

    * kernel: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after     populating the metadata_map (CVE-2024-26858)

    * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

    * kernel: nvme: fix reconnection fail due to reserved tag allocation (CVE-2024-27435)

    * kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

    * kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904)

    * kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (CVE-2024-38543)

    * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

    * kernel: net: micrel: Fix receiving the timestamp in the frame for lan8841 (CVE-2024-38593)

    * kernel: netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270)

    * kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)

    * kernel: blk-cgroup: fix list corruption from resetting io stat (CVE-2024-38663)

Tenable has extracted the preceding description block directly from the Rocky Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3209-1 advisory.

    The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
    - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
    - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
    - CVE-2024-41087: Fix double free on error (bsc#1228466).
    - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
    - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
    - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808).
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function     (bsc#1229569).
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
    - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
    - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
    - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
    - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
    - CVE-2024-27016: Validate pppoe header (bsc#1223807).
    - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
    - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
    - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number')     (bsc#1222387)
    - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
    - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2024-26669: Fix chain template offload (bsc#1222350).
    - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
    - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
    - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
    - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
    - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
    - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
    - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42139: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
    - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local     privilege escalation (bsc#1213580).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613).
    - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
    - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3483-1 advisory.

    The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
    - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch     (bsc#1226798)
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
    - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
    - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
    - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
    - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
    - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function     (bsc#1229569).
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
    - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
    - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
    - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
    - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
    - CVE-2024-27016: Validate pppoe header (bsc#1223807).
    - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
    - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
    - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number')     (bsc#1222387)
    - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
    - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42308: Update DRM patch reference (bsc#1229411)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2024-26669: Fix chain template offload (bsc#1222350).
    - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
    - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
    - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
    - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
    - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
    - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
    - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42139: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
    - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local     privilege escalation (bsc#1213580).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
    - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
    - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
208356	EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-2559)	Nessus	Huawei Local Security Checks	10/9/2024	10/9/2024	high
205212	RHEL 8 : kernel-rt (RHSA-2024:5102)	Nessus	Red Hat Local Security Checks	8/8/2024	3/6/2025	high
205294	AlmaLinux 8 : kernel-rt (ALSA-2024:5102)	Nessus	Alma Linux Local Security Checks	8/9/2024	9/10/2024	high
205422	Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12581)	Nessus	Oracle Linux Local Security Checks	8/13/2024	8/13/2024	high
205550	Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6951-2)	Nessus	Ubuntu Local Security Checks	8/14/2024	8/27/2024	high
206056	Rocky Linux 8 : kernel (RLSA-2024:5101)	Nessus	Rocky Linux Local Security Checks	8/21/2024	9/10/2024	high
204769	Rocky Linux 9 : kernel (RLSA-2024:4583)	Nessus	Rocky Linux Local Security Checks	7/26/2024	7/26/2024	critical
207050	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)	Nessus	SuSE Local Security Checks	9/12/2024	9/12/2024	high
207884	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3483-1)	Nessus	SuSE Local Security Checks	9/28/2024	9/30/2024	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

critical

high

high