The version of kernel installed on the remote host is prior to 5.4.284-196.380. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-086 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494)

    In the Linux kernel, the following vulnerability has been resolved:

    net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246)

    In the Linux kernel, the following vulnerability has been resolved:

    virtio_net: Fix napi_skb_cache_put warning (CVE-2024-43835)

    In the Linux kernel, the following vulnerability has been resolved:

    block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723)

    In the Linux kernel, the following vulnerability has been resolved:

    VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738)

    In the Linux kernel, the following vulnerability has been resolved:

    uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739)

    In the Linux kernel, the following vulnerability has been resolved:

    of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743)

    In the Linux kernel, the following vulnerability has been resolved:

    Squashfs: sanity check symbolic link size (CVE-2024-46744)

    In the Linux kernel, the following vulnerability has been resolved:

    Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745)

    In the Linux kernel, the following vulnerability has been resolved:

    PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750)

    In the Linux kernel, the following vulnerability has been resolved:

    hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759)

    In the Linux kernel, the following vulnerability has been resolved:

    can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771)

    In the Linux kernel, the following vulnerability has been resolved:

    udf: Avoid excessive partition lengths (CVE-2024-46777)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781)

    In the Linux kernel, the following vulnerability has been resolved:

    ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783)

    In the Linux kernel, the following vulnerability has been resolved:

    ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798)

    In the Linux kernel, the following vulnerability has been resolved:

    sch/netem: fix use after free in netem_dequeue (CVE-2024-46800)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822)

    In the Linux kernel, the following vulnerability has been resolved:

    sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828)

    In the Linux kernel, the following vulnerability has been resolved:

    rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840)

    In the Linux kernel, the following vulnerability has been resolved:

    lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: fix state management in error path of log writing function (CVE-2024-47669)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.10.226-214.879. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-070 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: fix use-after-free after failure to create a snapshot (CVE-2022-48733)

    In the Linux kernel, the following vulnerability has been resolved:

    rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (CVE-2024-38577)

    In the Linux kernel, the following vulnerability has been resolved:

    ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494)

    In the Linux kernel, the following vulnerability has been resolved:

    net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246)

    In the Linux kernel, the following vulnerability has been resolved:

    virtio_net: Fix napi_skb_cache_put warning (CVE-2024-43835)

    In the Linux kernel, the following vulnerability has been resolved:

    block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

    In the Linux kernel, the following vulnerability has been resolved:

    memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (CVE-2024-43905)

    In the Linux kernel, the following vulnerability has been resolved:

    mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)

    In the Linux kernel, the following vulnerability has been resolved:

    perf/aux: Fix AUX buffer serialization (CVE-2024-46713)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (CVE-2024-46714)

    In the Linux kernel, the following vulnerability has been resolved:

    usb: typec: ucsi: Fix null pointer dereference in trace (CVE-2024-46719)

    In the Linux kernel, the following vulnerability has been resolved:

    apparmor: fix possible NULL pointer dereference (CVE-2024-46721)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (CVE-2024-46724)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: Fix out-of-bounds write warning (CVE-2024-46725)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amd/pm: fix the Out-of-bounds read warning (CVE-2024-46731)

    In the Linux kernel, the following vulnerability has been resolved:

    nvmet-tcp: fix kernel crash if commands allocation fails (CVE-2024-46737)

    In the Linux kernel, the following vulnerability has been resolved:

    VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738)

    In the Linux kernel, the following vulnerability has been resolved:

    uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739)

    In the Linux kernel, the following vulnerability has been resolved:

    of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743)

    In the Linux kernel, the following vulnerability has been resolved:

    Squashfs: sanity check symbolic link size (CVE-2024-46744)

    In the Linux kernel, the following vulnerability has been resolved:

    Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745)

    In the Linux kernel, the following vulnerability has been resolved:

    HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (CVE-2024-46747)

    In the Linux kernel, the following vulnerability has been resolved:

    PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750)

    In the Linux kernel, the following vulnerability has been resolved:

    wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (CVE-2024-46755)

    In the Linux kernel, the following vulnerability has been resolved:

    hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759)

    In the Linux kernel, the following vulnerability has been resolved:

    can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771)

    In the Linux kernel, the following vulnerability has been resolved:

    udf: Avoid excessive partition lengths (CVE-2024-46777)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781)

    In the Linux kernel, the following vulnerability has been resolved:

    ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782)

    In the Linux kernel, the following vulnerability has been resolved:

    tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783)

    In the Linux kernel, the following vulnerability has been resolved:

    ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798)

    In the Linux kernel, the following vulnerability has been resolved:

    sch/netem: fix use after free in netem_dequeue (CVE-2024-46800)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (CVE-2024-46819)

    In the Linux kernel, the following vulnerability has been resolved:

    arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822)

    In the Linux kernel, the following vulnerability has been resolved:

    sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828)

    In the Linux kernel, the following vulnerability has been resolved:

    rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829)

    In the Linux kernel, the following vulnerability has been resolved:

    btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840)

    In the Linux kernel, the following vulnerability has been resolved:

    fsnotify: clear PARENT_WATCHED flags lazily (CVE-2024-47660)

    In the Linux kernel, the following vulnerability has been resolved:

    lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

    In the Linux kernel, the following vulnerability has been resolved:

    nilfs2: fix state management in error path of log writing function (CVE-2024-47669)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5782 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5782-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     October 03, 2024                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : linux     CVE ID         : CVE-2023-31083 CVE-2024-27017 CVE-2024-35937 CVE-2024-35943                      CVE-2024-35966 CVE-2024-40972 CVE-2024-41016 CVE-2024-41096                      CVE-2024-41098 CVE-2024-42228 CVE-2024-42314 CVE-2024-43835                      CVE-2024-43859 CVE-2024-43884 CVE-2024-43892 CVE-2024-44931                      CVE-2024-44938 CVE-2024-44939 CVE-2024-44940 CVE-2024-44946                      CVE-2024-44947 CVE-2024-44974 CVE-2024-44977 CVE-2024-44982                      CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987                      CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991                      CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000                      CVE-2024-45002 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007                      CVE-2024-45008 CVE-2024-45009 CVE-2024-45010 CVE-2024-45011                      CVE-2024-45016 CVE-2024-45018 CVE-2024-45019 CVE-2024-45021                      CVE-2024-45022 CVE-2024-45025 CVE-2024-45026 CVE-2024-45028                      CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675                      CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685                      CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702                      CVE-2024-46707 CVE-2024-46711 CVE-2024-46713 CVE-2024-46714                      CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719                      CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723                      CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46731                      CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737                      CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743                      CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747                      CVE-2024-46750 CVE-2024-46752 CVE-2024-46755 CVE-2024-46756                      CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761                      CVE-2024-46763 CVE-2024-46770 CVE-2024-46771 CVE-2024-46773                      CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782                      CVE-2024-46783 CVE-2024-46784 CVE-2024-46791 CVE-2024-46794                      CVE-2024-46795 CVE-2024-46798 CVE-2024-46800 CVE-2024-46802                      CVE-2024-46804 CVE-2024-46805 CVE-2024-46807 CVE-2024-46810                      CVE-2024-46812 CVE-2024-46814 CVE-2024-46815 CVE-2024-46817                      CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46822                      CVE-2024-46826 CVE-2024-46828 CVE-2024-46829 CVE-2024-46830                      CVE-2024-46832 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840                      CVE-2024-46844 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849                      CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855                      CVE-2024-46857 CVE-2024-46858 CVE-2024-46859 CVE-2024-46865

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For the stable distribution (bookworm), these problems have been fixed in     version 6.1.112-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7088-1 advisory.

    Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer     overflow vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-36402)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - PowerPC architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - CPU frequency scaling framework;

    - Device frequency scaling framework;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - InfiniBand drivers;

    - Input Device core drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - EEPROM drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB subsystem;

    - BTRFS file system;

    - File systems infrastructure;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - BPF subsystem;

    - Core kernel;

    - DMA mapping infrastructure;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Simplified Mandatory Access Control Kernel framework;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2024-43894, CVE-2024-46737, CVE-2024-46828, CVE-2024-42244, CVE-2024-46723,     CVE-2024-41073, CVE-2024-46756, CVE-2024-42288, CVE-2024-46840, CVE-2024-46771, CVE-2024-46757,     CVE-2024-43860, CVE-2024-46747, CVE-2024-41017, CVE-2024-42246, CVE-2024-44988, CVE-2024-42281,     CVE-2024-36484, CVE-2024-43856, CVE-2024-47668, CVE-2024-46759, CVE-2024-46744, CVE-2024-42289,     CVE-2024-42131, CVE-2024-46679, CVE-2024-42304, CVE-2024-46818, CVE-2024-43858, CVE-2024-44960,     CVE-2024-45028, CVE-2024-26885, CVE-2024-46676, CVE-2024-46780, CVE-2024-42310, CVE-2024-44987,     CVE-2024-41090, CVE-2024-44954, CVE-2024-45026, CVE-2024-42285, CVE-2023-52614, CVE-2024-27051,     CVE-2024-43880, CVE-2024-43839, CVE-2024-43884, CVE-2024-42311, CVE-2024-43893, CVE-2024-41072,     CVE-2024-41091, CVE-2024-46758, CVE-2024-41022, CVE-2024-46745, CVE-2024-42305, CVE-2024-46673,     CVE-2024-42284, CVE-2024-46844, CVE-2024-46677, CVE-2024-45025, CVE-2024-43861, CVE-2024-43914,     CVE-2024-46783, CVE-2024-41012, CVE-2024-44999, CVE-2024-44946, CVE-2024-42276, CVE-2024-46740,     CVE-2024-42295, CVE-2024-44947, CVE-2024-41059, CVE-2024-26669, CVE-2024-38602, CVE-2024-42306,     CVE-2023-52918, CVE-2024-42297, CVE-2024-42229, CVE-2024-43853, CVE-2024-45006, CVE-2024-44998,     CVE-2024-42283, CVE-2024-44952, CVE-2024-46761, CVE-2024-43841, CVE-2024-44944, CVE-2024-42313,     CVE-2024-45008, CVE-2024-46714, CVE-2024-41065, CVE-2024-43883, CVE-2024-43867, CVE-2024-42286,     CVE-2024-43879, CVE-2024-43846, CVE-2024-42280, CVE-2024-43854, CVE-2021-47212, CVE-2024-35848,     CVE-2024-41020, CVE-2024-41068, CVE-2024-45021, CVE-2024-41098, CVE-2024-44965, CVE-2024-43890,     CVE-2024-45003, CVE-2024-44969, CVE-2024-41011, CVE-2024-46738, CVE-2024-41071, CVE-2024-26800,     CVE-2024-46721, CVE-2024-42292, CVE-2024-41081, CVE-2024-44948, CVE-2023-52531, CVE-2024-26891,     CVE-2024-26641, CVE-2024-42287, CVE-2024-46722, CVE-2024-41042, CVE-2024-46675, CVE-2024-46743,     CVE-2024-42259, CVE-2024-41015, CVE-2024-43908, CVE-2024-46719, CVE-2024-43871, CVE-2024-46739,     CVE-2024-42301, CVE-2024-47659, CVE-2024-42271, CVE-2024-26668, CVE-2024-43835, CVE-2024-46829,     CVE-2024-47667, CVE-2024-44995, CVE-2024-47669, CVE-2024-38611, CVE-2024-40929, CVE-2024-46815,     CVE-2024-43830, CVE-2024-42309, CVE-2024-41063, CVE-2024-46782, CVE-2024-46777, CVE-2024-42265,     CVE-2024-46781, CVE-2024-26607, CVE-2024-41064, CVE-2024-46685, CVE-2024-43882, CVE-2024-44935,     CVE-2024-46800, CVE-2024-46822, CVE-2024-46755, CVE-2024-46817, CVE-2024-43829, CVE-2024-46798,     CVE-2024-46689, CVE-2024-42290, CVE-2024-46750, CVE-2024-26640, CVE-2024-47663, CVE-2024-41070)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12813 advisory.

    - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang)  [Orabug: 37137548]     {CVE-2024-49863}
    - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin)  [Orabug:
    36683094]  {CVE-2024-36028}
    - rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116446] {CVE-2024-46829}
    - nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074465]     {CVE-2024-46737}
    - arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug:
    37116413] {CVE-2024-46822}
    - nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug:
    37074677] {CVE-2024-46780}
    - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug:
    37074473] {CVE-2024-46739}
    - binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074477] {CVE-2024-46740}
    - staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug:
    37159728] {CVE-2024-47663}
    - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159757]     {CVE-2024-47668}
    - of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug:
    37074488] {CVE-2024-46743}
    - Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074495] {CVE-2024-46744}
    - Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074503]     {CVE-2024-46745}
    - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074513]     {CVE-2024-46747}
    - PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074532] {CVE-2024-46750}
    - btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116494]     {CVE-2024-46840}
    - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074561]     {CVE-2024-46755}
    - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074566]     {CVE-2024-46756}
    - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug:
    37074571] {CVE-2024-46757}
    - hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074579]     {CVE-2024-46758}
    - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074584]     {CVE-2024-46759}
    - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074595]     {CVE-2024-46761}
    - um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116518] {CVE-2024-46844}
    - tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074693] {CVE-2024-46783}
    - can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074625]     {CVE-2024-46771}
    - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug:
    37159750] {CVE-2024-47667}
    - udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074665] {CVE-2024-46777}
    - nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159765]     {CVE-2024-47669}
    - nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074684]     {CVE-2024-46781}
    - sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Hoiland-Jorgensen) [Orabug:
    37116443] {CVE-2024-46828}
    - ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074689] {CVE-2024-46782}
    - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074722] {CVE-2024-46798}
    - sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074726] {CVE-2024-46800}
    - virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964474] {CVE-2024-43835}
    - block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug:
    36964515] {CVE-2024-43854}
    - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073032]     {CVE-2024-46714}
    - usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073065]     {CVE-2024-46719}
    - apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073078] {CVE-2024-46721}
    - drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073083] {CVE-2024-46722}
    - drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073088] {CVE-2024-46723}
    - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116366]     {CVE-2024-46815}
    - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug:
    37116376] {CVE-2024-46817}
    - drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116385]     {CVE-2024-46818}
    - scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070700] {CVE-2024-46673}
    - usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug:
    37070705] {CVE-2024-46674}
    - usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug:
    37070710] {CVE-2024-46675}
    - nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070717] {CVE-2024-46676}
    - gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070722] {CVE-2024-46677}
    - ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070728]     {CVE-2024-46679}
    - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964510] {CVE-2024-43853}
    - ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897457]     {CVE-2024-41098}
    - drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867631]     {CVE-2024-41011}
    - pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070744]     {CVE-2024-46685}
    - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug:
    36898009] {CVE-2024-42228}     (Alexander Lobakin)
    - Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029137] {CVE-2024-45008}
    - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug:
    36654191] {CVE-2023-31083}
    - Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992976]     {CVE-2024-43884}
    - mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070691]     {CVE-2024-45028}
    - ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029076] {CVE-2024-44987}
    - netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070660]     {CVE-2024-45016}
    - net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029082] {CVE-2024-44988}
    - kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013761]     {CVE-2024-44946}
    - gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029111] {CVE-2024-44999}
    - net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029098]     {CVE-2024-44995}
    - atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029105]     {CVE-2024-44998}
    - memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070672] {CVE-2024-45021}
    - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070680]     {CVE-2024-45025}
    - vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029119]     {CVE-2024-45003}
    - s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug:
    37070687] {CVE-2024-45026}
    - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug:
    37029125] {CVE-2024-45006}
    - fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017951]     {CVE-2024-44947}
    - wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld)     [Orabug: 36596766]  {CVE-2024-26951}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7123-1 advisory.

    It was discovered that the CIFS network file system implementation in the Linux kernel did not properly     validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this     to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6610)

    Supraja Sridhara, Benedict Schlter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the     Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit     emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service     (guest crash) or possibly execute arbitrary code. (CVE-2024-25744)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - MIPS architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - Null block device driver;

    - Character device driver;

    - ARM SCMI message protocol;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - I3C subsystem;

    - InfiniBand drivers;

    - Input Device core drivers;

    - Input Device (Miscellaneous) drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - Thunderbolt and USB4 drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Host Controller drivers;

    - USB Type-C Connector System Software Interface driver;

    - USB over IP driver;

    - VHOST drivers;

    - File systems infrastructure;

    - BTRFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - NTFS3 file system;

    - Proc file system;

    - SMB network file system;

    - Core kernel;

    - DMA mapping infrastructure;

    - RCU subsystem;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - Ethernet bridge;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Multipath TCP;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Landlock security;

    - Simplified Mandatory Access Control Kernel framework;

    - FireWire sound drivers;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2023-52751, CVE-2024-43902, CVE-2024-46791, CVE-2024-45018, CVE-2024-44987,     CVE-2024-46763, CVE-2024-46724, CVE-2024-26893, CVE-2024-42283, CVE-2024-46738, CVE-2024-46819,     CVE-2024-44982, CVE-2023-52889, CVE-2024-45025, CVE-2023-52918, CVE-2024-46800, CVE-2024-46756,     CVE-2024-46719, CVE-2024-39472, CVE-2024-42292, CVE-2024-45006, CVE-2024-46675, CVE-2024-44971,     CVE-2024-46731, CVE-2024-42286, CVE-2024-44954, CVE-2024-42274, CVE-2024-46746, CVE-2024-42276,     CVE-2024-43869, CVE-2024-43830, CVE-2024-42288, CVE-2024-41042, CVE-2024-42126, CVE-2024-43870,     CVE-2024-46805, CVE-2024-41078, CVE-2024-44966, CVE-2024-44989, CVE-2024-46795, CVE-2024-44988,     CVE-2024-38577, CVE-2024-43839, CVE-2024-43909, CVE-2024-46745, CVE-2024-42285, CVE-2024-43871,     CVE-2024-41081, CVE-2024-42289, CVE-2024-44965, CVE-2024-42271, CVE-2024-42284, CVE-2024-45009,     CVE-2024-41068, CVE-2024-44958, CVE-2024-46759, CVE-2024-42304, CVE-2024-43890, CVE-2024-41019,     CVE-2024-43846, CVE-2024-41012, CVE-2024-44983, CVE-2024-41072, CVE-2024-46702, CVE-2024-26800,     CVE-2024-42302, CVE-2023-52572, CVE-2024-46783, CVE-2024-43892, CVE-2024-45028, CVE-2024-44999,     CVE-2024-46814, CVE-2024-41022, CVE-2024-42281, CVE-2024-46679, CVE-2024-42290, CVE-2024-44960,     CVE-2024-41071, CVE-2024-41091, CVE-2024-44990, CVE-2024-46757, CVE-2024-38611, CVE-2024-47668,     CVE-2024-45008, CVE-2024-46707, CVE-2024-44935, CVE-2024-42299, CVE-2024-46771, CVE-2024-42265,     CVE-2024-43883, CVE-2024-46673, CVE-2024-46747, CVE-2024-43875, CVE-2024-44985, CVE-2024-42311,     CVE-2024-46798, CVE-2024-43884, CVE-2024-46725, CVE-2024-42318, CVE-2024-43873, CVE-2024-42296,     CVE-2024-43907, CVE-2024-43834, CVE-2024-46721, CVE-2024-47659, CVE-2024-45026, CVE-2024-47667,     CVE-2024-44986, CVE-2024-41020, CVE-2024-43849, CVE-2024-46744, CVE-2024-44946, CVE-2024-43861,     CVE-2024-42269, CVE-2024-46822, CVE-2024-46739, CVE-2024-44948, CVE-2024-46804, CVE-2024-41064,     CVE-2024-44995, CVE-2024-26669, CVE-2024-46781, CVE-2024-46732, CVE-2024-42246, CVE-2024-46780,     CVE-2024-46743, CVE-2024-44947, CVE-2024-47663, CVE-2024-46752, CVE-2024-43893, CVE-2024-45021,     CVE-2024-43856, CVE-2024-46714, CVE-2024-41011, CVE-2024-41070, CVE-2024-46832, CVE-2024-46737,     CVE-2024-43867, CVE-2024-42277, CVE-2024-44934, CVE-2024-46723, CVE-2024-43880, CVE-2024-43860,     CVE-2024-42297, CVE-2024-45003, CVE-2024-46810, CVE-2024-43889, CVE-2024-42287, CVE-2024-43854,     CVE-2024-42313, CVE-2024-42305, CVE-2024-41077, CVE-2024-38602, CVE-2024-46758, CVE-2024-46807,     CVE-2024-43853, CVE-2024-45007, CVE-2024-41090, CVE-2024-42280, CVE-2024-46844, CVE-2024-45011,     CVE-2024-47660, CVE-2024-47665, CVE-2024-46829, CVE-2024-44944, CVE-2024-41015, CVE-2024-42259,     CVE-2024-43914, CVE-2024-43829, CVE-2022-48666, CVE-2024-43828, CVE-2024-46755, CVE-2024-43858,     CVE-2024-46740, CVE-2024-46689, CVE-2024-42309, CVE-2024-42295, CVE-2024-41098, CVE-2023-52757,     CVE-2024-46782, CVE-2024-46777, CVE-2024-46685, CVE-2024-44969, CVE-2024-47669, CVE-2024-43882,     CVE-2024-42310, CVE-2024-43905, CVE-2024-44998, CVE-2024-42306, CVE-2024-40915, CVE-2024-46713,     CVE-2024-41059, CVE-2024-41017, CVE-2024-43879, CVE-2024-46677, CVE-2024-42312, CVE-2024-43908,     CVE-2024-46750, CVE-2024-46722, CVE-2024-42267, CVE-2024-46818, CVE-2024-26661, CVE-2024-43817,     CVE-2024-42272, CVE-2024-41065, CVE-2024-46828, CVE-2024-46840, CVE-2024-46676, CVE-2024-43841,     CVE-2024-46815, CVE-2024-26607, CVE-2023-52434, CVE-2024-46761, CVE-2024-42114, CVE-2024-41073,     CVE-2024-43894, CVE-2024-43835, CVE-2024-46817, CVE-2024-41060, CVE-2024-36484, CVE-2024-42301,     CVE-2024-44974, CVE-2024-43863, CVE-2024-41063)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7155-1 advisory.

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - MIPS architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - S390 architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Android drivers;

    - ATM drivers;

    - Drivers core;

    - Ublk userspace block driver;

    - Bluetooth drivers;

    - Character device driver;

    - Hardware crypto device drivers;

    - Buffer Sharing and Synchronization framework;

    - DMA engine subsystem;

    - Qualcomm firmware drivers;

    - GPIO subsystem;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - I2C subsystem;

    - I3C subsystem;

    - IIO subsystem;

    - InfiniBand drivers;

    - Input Device core drivers;

    - Input Device (Miscellaneous) drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - LED subsystem;

    - Mailbox framework;

    - Multiple devices driver;

    - Media drivers;

    - Fastrpc Driver;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Ethernet bonding driver;

    - Network drivers;

    - Mellanox network drivers;

    - Microsoft Azure Network Adapter (MANA) driver;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - x86 platform drivers;

    - Power supply drivers;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI subsystem;

    - QCOM SoC drivers;

    - SPI subsystem;

    - Direct Digital Synthesis drivers;

    - Thunderbolt and USB4 drivers;

    - TTY drivers;

    - UFS subsystem;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Host Controller drivers;

    - USB Type-C Connector System Software Interface driver;

    - USB over IP driver;

    - Virtio Host (VHOST) subsystem;

    - Framebuffer layer;

    - Xen hypervisor drivers;

    - File systems infrastructure;

    - BTRFS file system;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - Network file systems library;

    - Network file system (NFS) client;

    - Network file system (NFS) server daemon;

    - NILFS2 file system;

    - File system notification infrastructure;

    - NTFS3 file system;

    - Proc file system;

    - SMB network file system;

    - Tracing file system;

    - Bitmap API;

    - BPF subsystem;

    - Memory Management;

    - Objagg library;

    - Perf events;

    - Virtio network driver;

    - VMware vSockets driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - Control group (cgroup);

    - DMA mapping infrastructure;

    - Locking primitives;

    - Padata parallel execution mechanism;

    - Scheduler infrastructure;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - KUnit for arithmetic overflow checks;

    - Memory management;

    - Bluetooth subsystem;

    - Ethernet bridge;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - MAC80211 subsystem;

    - Multipath TCP;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - TIPC protocol;

    - Wireless networking;

    - AppArmor security module;

    - Landlock security;

    - SELinux security module;

    - Simplified Mandatory Access Control Kernel framework;

    - FireWire sound drivers;

    - AMD SoC Alsa drivers;

    - Texas InstrumentS Audio (ASoC/HDA) drivers;

    - SoC Audio for Freescale CPUs drivers;

    - Intel ASoC drivers;

    - Amlogic Meson SoC drivers;

    - SoC audio core drivers;

    - USB sound devices;

    - Real-Time Linux Analysis tools; (CVE-2024-43845, CVE-2024-42311, CVE-2024-46757, CVE-2024-46738,     CVE-2024-44961, CVE-2024-44935, CVE-2024-46845, CVE-2024-46783, CVE-2024-42315, CVE-2023-52918,     CVE-2024-46708, CVE-2024-44934, CVE-2024-42298, CVE-2024-46786, CVE-2024-46778, CVE-2024-44960,     CVE-2024-42295, CVE-2024-43881, CVE-2024-44971, CVE-2024-43849, CVE-2024-43914, CVE-2024-44962,     CVE-2024-43841, CVE-2024-46794, CVE-2024-46752, CVE-2024-46853, CVE-2024-46861, CVE-2024-47664,     CVE-2024-46717, CVE-2024-46806, CVE-2024-46797, CVE-2024-42261, CVE-2024-46828, CVE-2024-45013,     CVE-2024-46870, CVE-2024-42258, CVE-2024-46689, CVE-2024-43818, CVE-2024-46762, CVE-2024-46825,     CVE-2024-46698, CVE-2024-46816, CVE-2024-46728, CVE-2024-46726, CVE-2024-43835, CVE-2024-45000,     CVE-2024-43850, CVE-2024-43840, CVE-2024-46846, CVE-2024-43846, CVE-2024-46725, CVE-2024-46867,     CVE-2024-42310, CVE-2024-42274, CVE-2024-46760, CVE-2024-46683, CVE-2024-42304, CVE-2024-43839,     CVE-2024-44954, CVE-2024-43895, CVE-2024-44967, CVE-2024-43889, CVE-2024-46854, CVE-2024-46860,     CVE-2024-45029, CVE-2024-44938, CVE-2024-46785, CVE-2024-46713, CVE-2024-46715, CVE-2024-46731,     CVE-2024-42297, CVE-2024-43912, CVE-2024-46751, CVE-2024-46711, CVE-2024-46695, CVE-2024-42317,     CVE-2024-44957, CVE-2024-46792, CVE-2024-45020, CVE-2024-44985, CVE-2024-46746, CVE-2024-43868,     CVE-2024-45017, CVE-2024-46824, CVE-2024-46787, CVE-2024-42288, CVE-2024-46681, CVE-2024-42306,     CVE-2024-46755, CVE-2024-46826, CVE-2024-46777, CVE-2024-46844, CVE-2024-44972, CVE-2024-43883,     CVE-2024-43909, CVE-2024-46676, CVE-2024-46798, CVE-2024-42273, CVE-2024-44990, CVE-2024-46744,     CVE-2024-42305, CVE-2024-45006, CVE-2024-42309, CVE-2024-46722, CVE-2024-44956, CVE-2024-46739,     CVE-2024-46680, CVE-2024-46765, CVE-2024-46714, CVE-2024-46771, CVE-2024-46847, CVE-2024-43879,     CVE-2024-46703, CVE-2024-46733, CVE-2024-46815, CVE-2024-46802, CVE-2024-45027, CVE-2024-42281,     CVE-2024-43891, CVE-2024-45030, CVE-2024-47662, CVE-2024-43887, CVE-2024-46836, CVE-2024-46782,     CVE-2024-46835, CVE-2024-43907, CVE-2024-46779, CVE-2024-43869, CVE-2024-43821, CVE-2024-44978,     CVE-2024-42286, CVE-2023-52889, CVE-2024-43852, CVE-2024-42320, CVE-2024-44931, CVE-2024-44993,     CVE-2024-46829, CVE-2024-46701, CVE-2024-42272, CVE-2024-47660, CVE-2024-49984, CVE-2024-44973,     CVE-2024-43817, CVE-2024-42322, CVE-2024-43830, CVE-2024-42301, CVE-2024-44969, CVE-2024-47674,     CVE-2024-46702, CVE-2024-45025, CVE-2024-46710, CVE-2024-43866, CVE-2024-46718, CVE-2024-46773,     CVE-2024-43834, CVE-2024-46754, CVE-2024-46871, CVE-2024-44942, CVE-2024-43913, CVE-2024-46818,     CVE-2024-42318, CVE-2024-43831, CVE-2024-43832, CVE-2024-43908, CVE-2024-43827, CVE-2024-46737,     CVE-2024-47665, CVE-2024-43854, CVE-2024-46707, CVE-2024-42303, CVE-2024-43860, CVE-2024-43824,     CVE-2024-45019, CVE-2024-44984, CVE-2024-46813, CVE-2024-45022, CVE-2024-44970, CVE-2024-46791,     CVE-2024-45012, CVE-2024-43829, CVE-2024-46850, CVE-2024-44987, CVE-2024-44940, CVE-2024-43864,     CVE-2024-46723, CVE-2024-44999, CVE-2024-43884, CVE-2024-42287, CVE-2024-46675, CVE-2024-44974,     CVE-2024-46721, CVE-2024-44937, CVE-2024-45008, CVE-2024-43853, CVE-2024-46697, CVE-2024-43899,     CVE-2024-43823, CVE-2024-46747, CVE-2024-45007, CVE-2024-46822, CVE-2024-42262, CVE-2024-47661,     CVE-2024-44953, CVE-2024-46859, CVE-2024-46694, CVE-2024-42279, CVE-2024-43873, CVE-2024-43828,     CVE-2024-46851, CVE-2024-42296, CVE-2024-46719, CVE-2024-46677, CVE-2024-42259, CVE-2024-44941,     CVE-2024-44946, CVE-2024-46745, CVE-2024-42299, CVE-2024-46724, CVE-2024-46749, CVE-2024-46706,     CVE-2024-42267, CVE-2024-46774, CVE-2024-46685, CVE-2024-42292, CVE-2024-47667, CVE-2024-42319,     CVE-2024-43888, CVE-2024-46729, CVE-2024-44947, CVE-2024-45003, CVE-2024-46827, CVE-2024-46693,     CVE-2024-46705, CVE-2024-46767, CVE-2024-46838, CVE-2024-46805, CVE-2024-43904, CVE-2024-43906,     CVE-2024-42265, CVE-2024-42278, CVE-2024-46750, CVE-2024-46692, CVE-2024-43847, CVE-2024-44995,     CVE-2024-43825, CVE-2024-46803, CVE-2024-47669, CVE-2024-46830, CVE-2024-46784, CVE-2024-46840,     CVE-2024-44939, CVE-2024-46848, CVE-2024-42313, CVE-2024-46823, CVE-2024-44989, CVE-2024-42270,     CVE-2024-43856, CVE-2024-46716, CVE-2024-43859, CVE-2024-46841, CVE-2024-47658, CVE-2024-46811,     CVE-2024-45028, CVE-2024-46781, CVE-2024-42290, CVE-2024-44991, CVE-2024-43894, CVE-2024-44979,     CVE-2024-46804, CVE-2024-43826, CVE-2024-43877, CVE-2024-42284, CVE-2024-43876, CVE-2024-45011,     CVE-2024-43819, CVE-2024-46709, CVE-2024-43867, CVE-2024-44963, CVE-2024-45010, CVE-2024-46753,     CVE-2024-46759, CVE-2024-43880, CVE-2024-44977, CVE-2024-46772, CVE-2024-44950, CVE-2024-46687,     CVE-2024-46834, CVE-2024-43911, CVE-2024-45015, CVE-2024-46819, CVE-2024-43875, CVE-2024-44996,     CVE-2024-44988, CVE-2024-46673, CVE-2024-44943, CVE-2024-42316, CVE-2024-47683, CVE-2024-42307,     CVE-2024-46788, CVE-2024-43892, CVE-2024-47659, CVE-2024-46857, CVE-2024-43820, CVE-2024-46832,     CVE-2024-42312, CVE-2024-43910, CVE-2024-43886, CVE-2024-43905, CVE-2024-46766, CVE-2024-42263,     CVE-2024-46821, CVE-2024-43842, CVE-2024-43857, CVE-2024-42276, CVE-2024-42268, CVE-2024-46740,     CVE-2024-46843, CVE-2024-46807, CVE-2024-46780, CVE-2024-46678, CVE-2024-44944, CVE-2024-42264,     CVE-2024-43863, CVE-2024-39472, CVE-2024-46691, CVE-2024-44959, CVE-2024-44958, CVE-2024-46679,     CVE-2024-43843, CVE-2024-43900, CVE-2024-45021, CVE-2024-44982, CVE-2024-46793, CVE-2024-42260,     CVE-2024-43890, CVE-2024-43871, CVE-2024-42269, CVE-2024-42277, CVE-2024-46720, CVE-2024-45005,     CVE-2024-46727, CVE-2024-46808, CVE-2024-46852, CVE-2024-47668, CVE-2024-42321, CVE-2024-46743,     CVE-2024-45002, CVE-2024-46763, CVE-2024-46817, CVE-2024-42285, CVE-2024-46770, CVE-2024-45026,     CVE-2024-46768, CVE-2024-42314, CVE-2024-42291, CVE-2024-46756, CVE-2024-42283, CVE-2024-45018,     CVE-2024-44966, CVE-2024-42289, CVE-2024-42294, CVE-2024-46814, CVE-2024-44986, CVE-2024-43870,     CVE-2024-44980, CVE-2024-43902, CVE-2024-47666, CVE-2024-46864, CVE-2024-46761, CVE-2024-46831,     CVE-2024-46758, CVE-2024-46735, CVE-2024-46858, CVE-2024-46795, CVE-2024-46810, CVE-2024-46849,     CVE-2024-46775, CVE-2024-46868, CVE-2024-46809, CVE-2024-46776, CVE-2024-46866, CVE-2024-44983,     CVE-2024-46741, CVE-2024-43837, CVE-2024-43833, CVE-2024-46672, CVE-2024-43861, CVE-2024-42302,     CVE-2024-47663, CVE-2024-46812, CVE-2024-43893, CVE-2024-46686, CVE-2024-44948, CVE-2024-46732,     CVE-2024-44965, CVE-2024-46855, CVE-2024-45009, CVE-2024-46842, CVE-2024-46730, CVE-2024-44975,     CVE-2024-44998)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pci_bus_lock().

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
208038	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2024-086 (ALASKERNEL-5.4-2024-086)	Nessus	Amazon Linux Local Security Checks	10/2/2024	11/5/2025	high
208045	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2024-070 (ALASKERNEL-5.10-2024-070)	Nessus	Amazon Linux Local Security Checks	10/2/2024	11/5/2025	high
208099	Debian dsa-5782 : affs-modules-6.1.0-21-4kc-malta-di - security update	Nessus	Debian Local Security Checks	10/3/2024	10/28/2025	high
210006	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7088-1)	Nessus	Ubuntu Local Security Checks	10/31/2024	9/24/2025	high
210882	Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12813)	Nessus	Oracle Linux Local Security Checks	11/13/2024	9/9/2025	high
211654	Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-7123-1)	Nessus	Ubuntu Local Security Checks	11/20/2024	9/24/2025	high
212723	Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-7155-1)	Nessus	Ubuntu Local Security Checks	12/12/2024	9/24/2025	high
237324	RHEL 9 : kernel (RHSA-2025:6966)	Nessus	Red Hat Local Security Checks	5/27/2025	10/28/2025	critical
503772	Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Resource Locking (CVE-2024-46750)	Tenable OT Security	Tenable.ot	10/29/2025	10/29/2025	medium

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

critical

medium