The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7088-1 advisory.

    Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer     overflow vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-36402)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - PowerPC architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - CPU frequency scaling framework;

    - Device frequency scaling framework;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - InfiniBand drivers;

    - Input Device core drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - EEPROM drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB subsystem;

    - BTRFS file system;

    - File systems infrastructure;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - BPF subsystem;

    - Core kernel;

    - DMA mapping infrastructure;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Simplified Mandatory Access Control Kernel framework;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2024-43894, CVE-2024-46737, CVE-2024-46828, CVE-2024-42244, CVE-2024-46723,     CVE-2024-41073, CVE-2024-46756, CVE-2024-42288, CVE-2024-46840, CVE-2024-46771, CVE-2024-46757,     CVE-2024-43860, CVE-2024-46747, CVE-2024-41017, CVE-2024-42246, CVE-2024-44988, CVE-2024-42281,     CVE-2024-36484, CVE-2024-43856, CVE-2024-47668, CVE-2024-46759, CVE-2024-46744, CVE-2024-42289,     CVE-2024-42131, CVE-2024-46679, CVE-2024-42304, CVE-2024-46818, CVE-2024-43858, CVE-2024-44960,     CVE-2024-45028, CVE-2024-26885, CVE-2024-46676, CVE-2024-46780, CVE-2024-42310, CVE-2024-44987,     CVE-2024-41090, CVE-2024-44954, CVE-2024-45026, CVE-2024-42285, CVE-2023-52614, CVE-2024-27051,     CVE-2024-43880, CVE-2024-43839, CVE-2024-43884, CVE-2024-42311, CVE-2024-43893, CVE-2024-41072,     CVE-2024-41091, CVE-2024-46758, CVE-2024-41022, CVE-2024-46745, CVE-2024-42305, CVE-2024-46673,     CVE-2024-42284, CVE-2024-46844, CVE-2024-46677, CVE-2024-45025, CVE-2024-43861, CVE-2024-43914,     CVE-2024-46783, CVE-2024-41012, CVE-2024-44999, CVE-2024-44946, CVE-2024-42276, CVE-2024-46740,     CVE-2024-42295, CVE-2024-44947, CVE-2024-41059, CVE-2024-26669, CVE-2024-38602, CVE-2024-42306,     CVE-2023-52918, CVE-2024-42297, CVE-2024-42229, CVE-2024-43853, CVE-2024-45006, CVE-2024-44998,     CVE-2024-42283, CVE-2024-44952, CVE-2024-46761, CVE-2024-43841, CVE-2024-44944, CVE-2024-42313,     CVE-2024-45008, CVE-2024-46714, CVE-2024-41065, CVE-2024-43883, CVE-2024-43867, CVE-2024-42286,     CVE-2024-43879, CVE-2024-43846, CVE-2024-42280, CVE-2024-43854, CVE-2021-47212, CVE-2024-35848,     CVE-2024-41020, CVE-2024-41068, CVE-2024-45021, CVE-2024-41098, CVE-2024-44965, CVE-2024-43890,     CVE-2024-45003, CVE-2024-44969, CVE-2024-41011, CVE-2024-46738, CVE-2024-41071, CVE-2024-26800,     CVE-2024-46721, CVE-2024-42292, CVE-2024-41081, CVE-2024-44948, CVE-2023-52531, CVE-2024-26891,     CVE-2024-26641, CVE-2024-42287, CVE-2024-46722, CVE-2024-41042, CVE-2024-46675, CVE-2024-46743,     CVE-2024-42259, CVE-2024-41015, CVE-2024-43908, CVE-2024-46719, CVE-2024-43871, CVE-2024-46739,     CVE-2024-42301, CVE-2024-47659, CVE-2024-42271, CVE-2024-26668, CVE-2024-43835, CVE-2024-46829,     CVE-2024-47667, CVE-2024-44995, CVE-2024-47669, CVE-2024-38611, CVE-2024-40929, CVE-2024-46815,     CVE-2024-43830, CVE-2024-42309, CVE-2024-41063, CVE-2024-46782, CVE-2024-46777, CVE-2024-42265,     CVE-2024-46781, CVE-2024-26607, CVE-2024-41064, CVE-2024-46685, CVE-2024-43882, CVE-2024-44935,     CVE-2024-46800, CVE-2024-46822, CVE-2024-46755, CVE-2024-46817, CVE-2024-43829, CVE-2024-46798,     CVE-2024-46689, CVE-2024-42290, CVE-2024-46750, CVE-2024-26640, CVE-2024-47663, CVE-2024-41070)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7088-2 advisory.

    Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer     overflow vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-36402)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - PowerPC architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - CPU frequency scaling framework;

    - Device frequency scaling framework;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - InfiniBand drivers;

    - Input Device core drivers;

    - Input Device (Miscellaneous) drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - EEPROM drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Serial drivers;

    - BTRFS file system;

    - File systems infrastructure;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - BPF subsystem;

    - Core kernel;

    - DMA mapping infrastructure;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Simplified Mandatory Access Control Kernel framework;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2024-46714, CVE-2024-42288, CVE-2024-42290, CVE-2024-44987, CVE-2024-41090,     CVE-2024-42313, CVE-2024-46689, CVE-2024-46737, CVE-2024-44946, CVE-2024-44999, CVE-2024-44935,     CVE-2024-38602, CVE-2024-43883, CVE-2024-26607, CVE-2024-41091, CVE-2024-45025, CVE-2024-42305,     CVE-2024-26891, CVE-2024-41073, CVE-2024-44969, CVE-2024-26641, CVE-2024-46719, CVE-2024-40929,     CVE-2024-46721, CVE-2024-46740, CVE-2024-41012, CVE-2024-42280, CVE-2024-46738, CVE-2024-46722,     CVE-2024-42246, CVE-2024-41063, CVE-2024-41072, CVE-2024-41068, CVE-2024-43884, CVE-2024-46758,     CVE-2024-43861, CVE-2024-42306, CVE-2024-42285, CVE-2024-41065, CVE-2024-46818, CVE-2024-43894,     CVE-2024-44954, CVE-2024-42310, CVE-2024-46829, CVE-2023-52614, CVE-2024-47663, CVE-2024-42281,     CVE-2024-42297, CVE-2024-46800, CVE-2024-44960, CVE-2024-44952, CVE-2024-46747, CVE-2024-42286,     CVE-2024-41071, CVE-2024-43893, CVE-2023-52531, CVE-2024-43860, CVE-2024-46840, CVE-2024-41011,     CVE-2024-43890, CVE-2024-45026, CVE-2024-42292, CVE-2024-27051, CVE-2024-41015, CVE-2024-47668,     CVE-2024-46817, CVE-2024-43846, CVE-2024-44988, CVE-2024-44944, CVE-2024-43829, CVE-2024-45021,     CVE-2024-43914, CVE-2024-43856, CVE-2024-46673, CVE-2024-46771, CVE-2024-41081, CVE-2024-43830,     CVE-2024-43839, CVE-2024-43853, CVE-2024-47669, CVE-2024-42244, CVE-2021-47212, CVE-2024-46844,     CVE-2024-44965, CVE-2024-41059, CVE-2024-46783, CVE-2024-42295, CVE-2024-35848, CVE-2024-41017,     CVE-2024-47659, CVE-2024-42309, CVE-2024-26800, CVE-2024-41064, CVE-2024-43879, CVE-2024-46679,     CVE-2024-43854, CVE-2024-41022, CVE-2024-43858, CVE-2024-46739, CVE-2024-46685, CVE-2024-42289,     CVE-2024-44998, CVE-2024-46761, CVE-2024-46677, CVE-2024-42131, CVE-2024-46815, CVE-2024-46777,     CVE-2024-43880, CVE-2024-42276, CVE-2024-42265, CVE-2024-46723, CVE-2024-42259, CVE-2024-45028,     CVE-2024-42229, CVE-2024-42283, CVE-2024-44948, CVE-2024-44995, CVE-2024-46757, CVE-2024-46822,     CVE-2024-45006, CVE-2024-46780, CVE-2024-26668, CVE-2024-42284, CVE-2024-46782, CVE-2024-46781,     CVE-2024-43871, CVE-2024-42304, CVE-2024-42311, CVE-2024-45003, CVE-2024-46745, CVE-2024-41098,     CVE-2024-46750, CVE-2024-47667, CVE-2024-41020, CVE-2024-26640, CVE-2024-41070, CVE-2024-42301,     CVE-2024-43882, CVE-2024-45008, CVE-2024-26885, CVE-2024-42287, CVE-2024-46744, CVE-2024-43908,     CVE-2024-46798, CVE-2023-52918, CVE-2024-36484, CVE-2024-43841, CVE-2024-41042, CVE-2024-38611,     CVE-2024-43867, CVE-2024-26669, CVE-2024-42271, CVE-2024-46756, CVE-2024-44947, CVE-2024-43835,     CVE-2024-46676, CVE-2024-46743, CVE-2024-46759, CVE-2024-46675, CVE-2024-46828, CVE-2024-46755)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12780 advisory.

    - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez)     [Orabug: 37037205] {CVE-2024-46738}
    - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984017]     {CVE-2024-43882}
    - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953969]     {CVE-2024-42259}
    - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896846] {CVE-2024-41042}
    - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug:
    36630432] {CVE-2024-27397}
    - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028936] {CVE-2024-44948}
    - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992998] {CVE-2024-43890}
    - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993009]     {CVE-2024-43893}
    - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37036032]     {CVE-2024-44968}
    - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028988] {CVE-2024-44960}
    - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug:
    36992971] {CVE-2024-43883}
    - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028957] {CVE-2024-44954}
    - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993014]     {CVE-2024-43894}
    - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029020] {CVE-2024-44969}
    - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993084] {CVE-2024-43908}
    - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993127]     {CVE-2024-43914}
    - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983959]     {CVE-2024-43861}
    - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993147]     {CVE-2024-44935}
    - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029012]     {CVE-2024-44965}
    - protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963808]     {CVE-2024-42265}
    - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964006] {CVE-2024-42271}
    - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983979] {CVE-2024-43867}
    - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug:
    36964537] {CVE-2024-43860}
    - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964085]     {CVE-2024-42290}
    - devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983991]     {CVE-2024-43871}
    - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964223] {CVE-2024-42301}
    - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897803] {CVE-2024-42131}
    - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964022]     {CVE-2024-42276}
    - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964032] {CVE-2024-42280}
    - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964038] {CVE-2024-42281}
    - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964044]     {CVE-2024-42283}
    - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964047]     {CVE-2024-42284}
    - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964523] {CVE-2024-43856}
    - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964530] {CVE-2024-43858}
    - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964203]     {CVE-2024-42295}
    - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964054]     {CVE-2024-42285}
    - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36964059] {CVE-2024-42286}
    - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36964065] {CVE-2024-42287}
    - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36964070] {CVE-2024-42288}
    - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964080]     {CVE-2024-42289}
    - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 36964092] {CVE-2024-42292}
    - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964213] {CVE-2024-42297}
    - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964232] {CVE-2024-42304}
    - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964237]     {CVE-2024-42305}
    - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964242] {CVE-2024-42306}
    - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964247] {CVE-2024-42308}
    - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964253]     {CVE-2024-42309}
    - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964260]     {CVE-2024-42310}
    - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964265]     {CVE-2024-42311}
    - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964275] {CVE-2024-42313}
    - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013755]     {CVE-2024-44944}
    - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964456] {CVE-2024-43829}
    - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug:
    36964459] {CVE-2024-43830}
    - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964480]     {CVE-2024-43839}
    - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964487]     {CVE-2024-43841}
    - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug:
    36984010] {CVE-2024-43879}
    - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984013] {CVE-2024-43880}
    - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964495] {CVE-2024-43846}
    - tap: add missing verification for short frame (Si-Wei Liu)   [Orabug: 36660755] {CVE-2024-41090}
    - tun: add missing verification for short frame (Dongli Zhang)   [Orabug: 36660755] {CVE-2024-41091}
    - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36896789] {CVE-2024-41020}     {CVE-2024-41012}
    - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891667] {CVE-2024-41017}
    - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891655] {CVE-2024-41015}
    - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896969] {CVE-2024-41059}
    - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896994]     {CVE-2024-41063}
    - powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897003]     {CVE-2024-41064}
    - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897009]     {CVE-2024-41065}
    - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897032] {CVE-2024-41068}
    - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug:
    36897048] {CVE-2024-41070}
    - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897312]     {CVE-2024-41072}
    - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897360] {CVE-2024-41081}
    - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874758]     {CVE-2024-41012} {CVE-2024-41020}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-516.el9 build changelog.

  - In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer     corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented     packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to     calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing     changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in     rtl8169_tso_csum_v2(). To fix this, postpone inspecting nr_frags until after any padding has been applied.
    (CVE-2024-38586)

  - In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary     destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev     release. This sequence is guaranteed by driver file operations. Therefore, there is no need to destroy an     already empty file_ida when the WQ cdev is removed. Worse, ida_free() in cdev release may happen after     destruction of file_ida per WQ cdev. This can lead to accessing an id in file_ida after it has been     destroyed, resulting in a kernel panic. Remove ida_destroy(&file_ida) to address these issues.
    (CVE-2024-38629)

  - In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDP_TX     action In the XDP_TX path, ionic driver sends a packet to the TX path with rx page and corresponding dma     address. After tx is done, ionic_tx_clean() frees that page. But RX ring buffer isn't reset to NULL. So,     it uses a freed page, which causes kernel panic. BUG: unable to handle page fault for address:
    ffff8881576c110c PGD 773801067 P4D 773801067 PUD 87f086067 PMD 87efca067 PTE 800ffffea893e060 Oops: Oops:
    0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI CPU: 1 PID: 25 Comm: ksoftirqd/1 Not tainted 6.9.0+ #11     Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP:
    0010:bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f Code: 00 53 41 55 41 56 41 57 b8 01 00 00 00 48     8b 5f 08 4c 8b 77 00 4c 89 f7 48 83 c7 0e 48 39 d8 RSP: 0018:ffff888104e6fa28 EFLAGS: 00010283 RAX:
    0000000000000002 RBX: ffff8881576c1140 RCX: 0000000000000002 RDX: ffffffffc0051f64 RSI: ffffc90002d33048     RDI: ffff8881576c110e RBP: ffff888104e6fa88 R08: 0000000000000000 R09: ffffed1027a04a23 R10:
    0000000000000000 R11: 0000000000000000 R12: ffff8881b03a21a8 R13: ffff8881589f800f R14: ffff8881576c1100     R15: 00000001576c1100 FS: 0000000000000000(0000) GS:ffff88881ae00000(0000) knlGS:0000000000000000 CS: 0010     DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881576c110c CR3: 0000000767a90000 CR4: 00000000007506f0     PKRU: 55555554 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x254/0x790 ?
    __pfx_page_fault_oops+0x10/0x10 ? __pfx_is_prefetch.constprop.0+0x10/0x10 ?     search_bpf_extables+0x165/0x260 ? fixup_exception+0x4a/0x970 ? exc_page_fault+0xcb/0xe0 ?     asm_exc_page_fault+0x22/0x30 ? 0xffffffffc0051f64 ? bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f     ? do_raw_spin_unlock+0x54/0x220 ionic_rx_service+0x11ab/0x3010 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? ionic_tx_clean+0x29b/0xc60 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_tx_clean+0x10/0x10 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_rx_service+0x10/0x10 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? ionic_tx_cq_service+0x25d/0xa00 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ? __pfx_ionic_rx_service+0x10/0x10 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ionic_cq_service+0x69/0x150 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] ionic_txrx_napi+0x11a/0x540 [ionic     9180c3001ab627d82bbc5f3ebe8a0decaf6bb864] __napi_poll.constprop.0+0xa0/0x440 net_rx_action+0x7e7/0xc30 ?
    __pfx_net_rx_action+0x10/0x10 (CVE-2024-40907)

  - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync     reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on     that host, it misses taking devlink lock before calling devlink_remote_reload_actions_performed() which     results in triggering lock assert like the following: WARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261     devl_assert_locked+0x3e/0x50  CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116     Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015 Workqueue: mlx5_fw_reset_events     mlx5_sync_reset_reload_work [mlx5_core] RIP: 0010:devl_assert_locked+0x3e/0x50  Call Trace: <TASK> ?
    __warn+0xa4/0x210 ? devl_assert_locked+0x3e/0x50 ? report_bug+0x160/0x280 ? handle_bug+0x3f/0x80 ?     exc_invalid_op+0x17/0x40 ? asm_exc_invalid_op+0x1a/0x20 ? devl_assert_locked+0x3e/0x50     devlink_notify+0x88/0x2b0 ? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10 ?     process_one_work+0x4b6/0xbb0 process_one_work+0x4b6/0xbb0 [] (CVE-2024-42268)

  - In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from     tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is     invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning     1 on an invalid UDP media address. (CVE-2024-42284)

  - In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in     dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for     reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation.
    Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and     add it to the devres list. If this happens, there will be two entries in the devres list with the same     vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by     destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption     http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03 (CVE-2024-43856)

  - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks     of modify header context The cited commit allocates a new modify header to replace the old one when     updating CT entry. But if failed to allocate a new one, eg. exceed the max number firmware can support,     modify header will be an error pointer that will trigger a panic when deallocating it. And the old modify     header point is copied to old attr. When the old attr is freed, the old modify header is lost. Fix it by     restoring the old attr to attr when failed to allocate a new modify header context. So when the CT entry     is freed, the right modify header context will be freed. And the panic of accessing error pointer is also     fixed. (CVE-2024-43864)

  - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in     shutdown callback There is no point in recovery during device shutdown. if health work started need to     wait for it to avoid races and NULL pointer access. Hence, drain health WQ on shutdown callback.
    (CVE-2024-43866)

  - In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to     mem_cgroup_idr Commit 73f576c04b94 (mm: memcontrol: fix cgroup creation failure after many small jobs)     decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to     maintain the memcg ID space. The IDR depends on external synchronization mechanisms for modifications. For     the mem_cgroup_idr, the idr_alloc() and idr_replace() happen within css callback and thus are protected     through cgroup_mutex from concurrent modifications. However idr_remove() for mem_cgroup_idr was not     protected against concurrency and can be run concurrently for different memcgs when they hit their refcnt     to zero. Fix that. We have been seeing list_lru based kernel crashes at a low frequency in our fleet for a     long time. These crashes were in different part of list_lru code including list_lru_add(), list_lru_del()     and reparenting code. Upon further inspection, it looked like for a given object (dentry and inode), the     super_block's list_lru didn't have list_lru_one for the memcg of that object. The initial suspicions were     either the object is not allocated through kmem_cache_alloc_lru() or somehow memcg_list_lru_alloc() failed     to allocate list_lru_one() for a memcg but returned success. No evidence were found for these cases.
    Looking more deeply, we started seeing situations where valid memcg's id is not present in mem_cgroup_idr     and in some cases multiple valid memcgs have same id and mem_cgroup_idr is pointing to one of them. So,     the most reasonable explanation is that these situations can happen due to race between multiple     idr_remove() calls or race between idr_alloc()/idr_replace() and idr_remove(). These races are causing     multiple memcgs to acquire the same ID and then offlining of one of them would cleanup list_lrus on the     system for all of them. Later access from other memcgs to the list_lru cause crashes due to missing     list_lru_one. (CVE-2024-43892)

  - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ     linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ     linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the     same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the     same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides without     unlinking the WQE again. (CVE-2024-44970)

  - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for     XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. This should     have been removed when we let the page pool handle the DMA mapping. This bug causes the warning: WARNING:
    CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100 CPU: 7 PID: 59 Comm:
    ksoftirqd/7 Tainted: G W 6.8.0-1010-gcp #11-Ubuntu Hardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS     2.15.2 04/02/2024 RIP: 0010:iommu_dma_unmap_page+0xd5/0x100 Code: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4     08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08     5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 RSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246 RAX:
    0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000     RDI: 0000000000000000 RBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c R10:
    ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000 R13: 0000000000000050 R14: 0000000000001000     R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000 CS: 0010     DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0     ? show_regs+0x6d/0x80 ? __warn+0x89/0x150 ? iommu_dma_unmap_page+0xd5/0x100 ? report_bug+0x16a/0x190 ?     handle_bug+0x51/0xa0 ? exc_invalid_op+0x18/0x80 ? iommu_dma_unmap_page+0xd5/0x100 ?     iommu_dma_unmap_page+0x35/0x100 dma_unmap_page_attrs+0x55/0x220 ?     bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f bnxt_rx_xdp+0x237/0x520 [bnxt_en]     bnxt_rx_pkt+0x640/0xdd0 [bnxt_en] __bnxt_poll_work+0x1a1/0x3d0 [bnxt_en] bnxt_poll+0xaa/0x1e0 [bnxt_en]
    __napi_poll+0x33/0x1e0 net_rx_action+0x18a/0x2f0 (CVE-2024-44984)

  - In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception     issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via     using kernel parameter kvm.use_gisa=0 or by setting the related sysfs attribute to N (echo N     >/sys/module/kvm/parameters/use_gisa). The validity is caused by an invalid value in the SIE control     block's gisa designation. That happens because we pass the uninitialized gisa origin to virt_to_phys()     before writing it to the gisa designation. To fix this we return 0 in kvm_s390_get_gisa_desc() if the     origin is 0. kvm_s390_get_gisa_desc() is used to determine which gisa designation to set in the SIE     control block. A value of 0 in the gisa designation disables gisa usage. The issue surfaces in the host     kernel with the following kernel message as soon a new kvm guest start is attemted. kvm: unhandled     validity intercept 0x1011 WARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101     kvm_handle_sie_intercept+0x42e/0x4d0 [kvm] Modules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE     xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core     irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet     nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct     nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs     ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel     drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390     prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390     sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc     scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci] CPU: 0 PID: 781237 Comm:
    CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6 Hardware name: IBM 3931 A01 701 (LPAR) Krnl PSW :
    0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm]) R:0 T:1 IO:1 EX:1 Key:0 M:1     W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 Krnl GPRS: 000003d900000027 000003d900000023 0000000000000028     000002cd00000000 000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff 000002cfd82e9000     000002cfd80bc000 0000000000001011 000003d93deda412 000003ff8962df98 000003d93de77ce0 000003d93deb011e     00000359c6daf960 Krnl Code: 000003d93deb0112: c020fffe7259 larl %r2,000003d93de7e5c4 000003d93deb0118:
    c0e53fa8beac brasl %r14,000003d9bd3c7e70 #000003d93deb011e: af000000 mc 0,0 >000003d93deb0122: a728ffea     lhi %r2,-22 000003d93deb0126: a7f4fe24 brc 15,000003d93deafd6e 000003d93deb012a: 9101f0b0 tm 176(%r15),1     000003d93deb012e: a774fe48 brc 7,000003d93deafdbe 000003d93deb0132: 40a0f0ae sth %r10,174(%r15) Call     Trace: [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm] ([<000003d93deb011e>]     kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]) [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]     [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm] [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430     [kvm] [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm] [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70     [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0 [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0     [<000003d9be0f9a90>] system_call+0x70/0x98 Last Breaking-Event-Address: [<000003d9bd3c7f58>]
    __warn_printk+0xe8/0xf0 (CVE-2024-45005)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12782 advisory.

    - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez)     [Orabug: 37037205] {CVE-2024-46738}
    - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984017]     {CVE-2024-43882}
    - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953969]     {CVE-2024-42259}
    - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896846] {CVE-2024-41042}
    - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug:
    36630432] {CVE-2024-27397}
    - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028936] {CVE-2024-44948}
    - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992998] {CVE-2024-43890}
    - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993009]     {CVE-2024-43893}
    - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37036032]     {CVE-2024-44968}
    - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028988] {CVE-2024-44960}
    - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug:
    36992971] {CVE-2024-43883}
    - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028957] {CVE-2024-44954}
    - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993014]     {CVE-2024-43894}
    - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029020] {CVE-2024-44969}
    - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993084] {CVE-2024-43908}
    - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993127]     {CVE-2024-43914}
    - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983959]     {CVE-2024-43861}
    - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993147]     {CVE-2024-44935}
    - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029012]     {CVE-2024-44965}
    - protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963808]     {CVE-2024-42265}
    - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964006] {CVE-2024-42271}
    - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983979] {CVE-2024-43867}
    - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug:
    36964537] {CVE-2024-43860}
    - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964085]     {CVE-2024-42290}
    - devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983991]     {CVE-2024-43871}
    - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964223] {CVE-2024-42301}
    - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897803] {CVE-2024-42131}
    - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964022]     {CVE-2024-42276}
    - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964032] {CVE-2024-42280}
    - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964038] {CVE-2024-42281}
    - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964044]     {CVE-2024-42283}
    - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964047]     {CVE-2024-42284}
    - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964523] {CVE-2024-43856}
    - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964530] {CVE-2024-43858}
    - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964203]     {CVE-2024-42295}
    - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964054]     {CVE-2024-42285}
    - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36964059] {CVE-2024-42286}
    - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36964065] {CVE-2024-42287}
    - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36964070] {CVE-2024-42288}
    - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964080]     {CVE-2024-42289}
    - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 36964092] {CVE-2024-42292}
    - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964213] {CVE-2024-42297}
    - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964232] {CVE-2024-42304}
    - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964237]     {CVE-2024-42305}
    - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964242] {CVE-2024-42306}
    - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964247] {CVE-2024-42308}
    - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964253]     {CVE-2024-42309}
    - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964260]     {CVE-2024-42310}
    - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964265]     {CVE-2024-42311}
    - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964275] {CVE-2024-42313}
    - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013755]     {CVE-2024-44944}
    - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964456] {CVE-2024-43829}
    - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug:
    36964459] {CVE-2024-43830}
    - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964480]     {CVE-2024-43839}
    - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964487]     {CVE-2024-43841}
    - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug:
    36984010] {CVE-2024-43879}
    - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984013] {CVE-2024-43880}
    - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964495] {CVE-2024-43846}
    - tap: add missing verification for short frame (Si-Wei Liu)   [Orabug: 36660755] {CVE-2024-41090}
    - tun: add missing verification for short frame (Dongli Zhang)   [Orabug: 36660755] {CVE-2024-41091}
    - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36896789] {CVE-2024-41020}     {CVE-2024-41012}
    - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891667] {CVE-2024-41017}
    - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891655] {CVE-2024-41015}
    - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896969] {CVE-2024-41059}
    - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896994]     {CVE-2024-41063}
    - powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897003]     {CVE-2024-41064}
    - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897009]     {CVE-2024-41065}
    - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897032] {CVE-2024-41068}
    - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug:
    36897048] {CVE-2024-41070}
    - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897312]     {CVE-2024-41072}
    - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897360] {CVE-2024-41081}
    - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874758]     {CVE-2024-41012} {CVE-2024-41020}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3209-1 advisory.

    The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
    - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
    - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
    - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
    - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
    - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
    - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
    - CVE-2024-41087: Fix double free on error (bsc#1228466).
    - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
    - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
    - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
    - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
    - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808).
    - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
    - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function     (bsc#1229569).
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
    - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
    - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
    - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
    - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
    - CVE-2024-27016: Validate pppoe header (bsc#1223807).
    - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
    - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
    - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
    - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number')     (bsc#1222387)
    - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
    - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2024-26669: Fix chain template offload (bsc#1222350).
    - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
    - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
    - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
    - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
    - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
    - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
    - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
    - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
    - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
    - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42139: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
    - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local     privilege escalation (bsc#1213580).
    - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
    - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613).
    - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
    - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3383-1 advisory.

    The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session     (bsc#1229827).
    - CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496).
    - CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342).
    - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316).
    - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353).
    - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-42308: Update DRM patch reference (bsc#1229411)
    - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).
    - CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379).
    - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404).
    - CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init()     (bsc#1229402).
    - CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket     (bsc#1228989).
    - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978).
    - CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986).
    - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
    - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
    - CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754).
    - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727).
    - CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
    - CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file     (bsc#1228500).
    - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
    - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).
    - CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568).
    - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()     (bsc#1228501).
    - CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505).
    - CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
    - CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
    - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
    - CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457).
    - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers     (bsc#1228470).
    - CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472).
    - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
    - CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
    - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
    - CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646).
    - CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643).
    - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
    - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
    - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
    - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
    - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
    - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
    - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
    - CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object     (bsc#1228468).
    - CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499).
    - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
    - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
    - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
    - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
    - CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496).
    - CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460).
    - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
    - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
    - CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021).
    - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).
    - CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
    - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
    - CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
    - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
    - CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors     (bsc#1227811).
    - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
    - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
    - CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail     (bsc#1227799).
    - CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840).
    - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784).
    - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781).
    - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
    - CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
    - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604).
    - CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
    - CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
    - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
    - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted     (bsc#1225744).
    - CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718).
    - CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()     (bsc#1226801)
    - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch     (bsc#1226798)
    - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
    - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
    - CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion     (bsc#1224510).
    - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
    - CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in     clk_mt8135_apmixed_probe() (bsc#1224711).
    - CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742).
    - CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777).
    - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of     the list of MDB events to replay (bsc#1222973).
    - CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).
    - CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path     (bsc#1222633).
    - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain     (bsc#1222634).
    - CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference     serial number') (bsc#1222387)
    - CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350).
    - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252).
    - CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
    - CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).



Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7184-1 advisory.

    Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer     overflow vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-36402)

    Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during     device removal. A privileged attacker could use this to cause a denial of service (system crash).
    (CVE-2023-35827)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - GPU drivers;

    - I2C subsystem;

    - Network drivers;

    - Pin controllers subsystem;

    - TTY drivers;

    - USB Mass Storage drivers;

    - Framebuffer layer;

    - Ext4 file system;

    - File systems infrastructure;

    - Bluetooth subsystem;

    - Kernel init infrastructure;

    - DMA mapping infrastructure;

    - Memory management;

    - 9P file system network protocol;

    - IPv4 networking;

    - IPv6 networking;

    - Logical Link layer;

    - MAC80211 subsystem;

    - Netfilter;

    - NFC subsystem;

    - Phonet protocol;

    - Network traffic control;

    - Wireless networking; (CVE-2024-44944, CVE-2023-52507, CVE-2024-42101, CVE-2021-47118, CVE-2024-36941,     CVE-2024-38633, CVE-2021-47086, CVE-2024-26625, CVE-2024-39301, CVE-2024-42090, CVE-2024-53057,     CVE-2024-26777, CVE-2024-36946, CVE-2024-42153, CVE-2024-40912, CVE-2024-36968, CVE-2024-43856,     CVE-2024-49967, CVE-2024-43884, CVE-2023-52509, CVE-2023-52594, CVE-2024-36270, CVE-2024-44947,     CVE-2024-45021, CVE-2024-35886, CVE-2024-40959, CVE-2021-47501, CVE-2024-38619)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7185-1 advisory.

    Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer     overflow vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-36402)

    Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during     device removal. A privileged attacker could use this to cause a denial of service (system crash).
    (CVE-2023-35827)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - GPU drivers;

    - I2C subsystem;

    - InfiniBand drivers;

    - IRQ chip drivers;

    - Network drivers;

    - Pin controllers subsystem;

    - S/390 drivers;

    - TTY drivers;

    - USB Host Controller drivers;

    - USB Mass Storage drivers;

    - Framebuffer layer;

    - Ext4 file system;

    - File systems infrastructure;

    - Bluetooth subsystem;

    - DMA mapping infrastructure;

    - Memory management;

    - 9P file system network protocol;

    - IPv4 networking;

    - IPv6 networking;

    - Logical Link layer;

    - MAC80211 subsystem;

    - Netfilter;

    - NFC subsystem;

    - Phonet protocol;

    - Network traffic control;

    - VMware vSockets driver;

    - Wireless networking; (CVE-2024-42090, CVE-2024-42156, CVE-2021-47082, CVE-2024-26921, CVE-2023-52594,     CVE-2024-36968, CVE-2024-38633, CVE-2024-42077, CVE-2021-47076, CVE-2021-47501, CVE-2023-52507,     CVE-2024-42153, CVE-2024-39301, CVE-2024-36946, CVE-2024-43884, CVE-2023-52509, CVE-2024-36004,     CVE-2023-52486, CVE-2024-50264, CVE-2024-45006, CVE-2024-36941, CVE-2024-43856, CVE-2024-40912,     CVE-2024-49967, CVE-2024-53057, CVE-2024-26777, CVE-2024-36270, CVE-2024-26625, CVE-2024-45021,     CVE-2024-35886, CVE-2024-44947, CVE-2024-44944, CVE-2024-35847, CVE-2024-40959, CVE-2024-42101,     CVE-2024-38619)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43856 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in     dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for     reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation.
    Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and     add it to the devres list. If this happens, there will be two entries in the devres list with the same     vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by     destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption     http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03 (CVE-2024-43856)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
210006	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7088-1)	Nessus	Ubuntu Local Security Checks	10/31/2024	9/24/2025	high
210256	Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7088-2)	Nessus	Ubuntu Local Security Checks	11/5/2024	9/24/2025	high
210815	RHEL 9 : kernel (RHSA-2024:9315)	Nessus	Red Hat Local Security Checks	11/12/2024	3/24/2026	high
208953	Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12780)	Nessus	Oracle Linux Local Security Checks	10/14/2024	2/9/2026	high
208962	CentOS 9 : kernel-5.14.0-516.el9	Nessus	CentOS Local Security Checks	10/14/2024	10/14/2024	high
209005	Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12782)	Nessus	Oracle Linux Local Security Checks	10/14/2024	2/9/2026	high
207050	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)	Nessus	SuSE Local Security Checks	9/12/2024	2/3/2026	high
207676	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3383-1)	Nessus	SuSE Local Security Checks	9/24/2024	2/3/2026	high
213506	Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-7184-1)	Nessus	Ubuntu Local Security Checks	1/6/2025	9/24/2025	high
213508	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-7185-1)	Nessus	Ubuntu Local Security Checks	1/6/2025	9/24/2025	high
215615	Azure Linux 3.0 Security Update: kernel (CVE-2024-43856)	Nessus	Azure Linux Local Security Checks	2/10/2025	9/15/2025	medium

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

medium