The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0564-1 advisory.

    The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security     bugfixes.


    The following security bugs were fixed:

    - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
    - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
    - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161).
    - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101).
    - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset     (bsc#1233028).
    - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum()     (bsc#1233248).
    - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
    - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
    - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
    - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947).
    - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001).
    - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
    - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
    - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
    - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487).
    - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390).
    - CVE-2024-56633: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (bsc#1235485).
    - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
    - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
    - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489).
    - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498).
    - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418).
    - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545).
    - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612).
    - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578).
    - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582).
    - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583).
    - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656).
    - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638).
    - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941).
    - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
    - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()     (bsc#1235948).
    - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127).
    - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).
    - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182).
    - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247).
    - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160).
    - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161).
    - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163).
    - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260).
    - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262).
    - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
    - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
    - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
    - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
    - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
    - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
    - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
    - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688).
    - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
    - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696).
    - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
    - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
    - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7387-1 advisory.

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - MIPS architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - S390 architecture;

    - SuperH RISC architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - ACPI drivers;

    - Drivers core;

    - RAM backed block device driver;

    - Virtio block driver;

    - Data acquisition framework and drivers;

    - Hardware crypto device drivers;

    - DMA engine subsystem;

    - EDAC drivers;

    - ARM SCPI message protocol;

    - GPIO subsystem;

    - GPU drivers;

    - HID subsystem;

    - Microsoft Hyper-V drivers;

    - I3C subsystem;

    - IIO ADC drivers;

    - IIO subsystem;

    - InfiniBand drivers;

    - IOMMU subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - Multifunction device drivers;

    - MMC subsystem;

    - MTD block device drivers;

    - Network drivers;

    - Mellanox network drivers;

    - Microsoft Azure Network Adapter (MANA) driver;

    - NVME drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - x86 platform drivers;

    - Power supply drivers;

    - Real Time Clock drivers;

    - SCSI subsystem;

    - SuperH / SH-Mobile drivers;

    - i.MX SoC drivers;

    - QCOM SoC drivers;

    - SPI subsystem;

    - Media staging drivers;

    - UFS subsystem;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Serial drivers;

    - USB Type-C Port Controller Manager driver;

    - VFIO drivers;

    - Framebuffer layer;

    - Xen hypervisor drivers;

    - AFS file system;

    - BTRFS file system;

    - Ceph distributed file system;

    - File systems infrastructure;

    - F2FS file system;

    - GFS2 file system;

    - JFFS2 file system;

    - JFS file system;

    - Network file system (NFS) client;

    - Network file system (NFS) server daemon;

    - NILFS2 file system;

    - NTFS3 file system;

    - Overlay file system;

    - Proc file system;

    - Diskquota system;

    - SMB network file system;

    - UBI file system;

    - Timer subsystem;

    - VLANs driver;

    - LAPB network protocol;

    - Kernel init infrastructure;

    - BPF subsystem;

    - Kernel CPU control infrastructure;

    - DMA mapping infrastructure;

    - KCSAN framework;

    - Tracing infrastructure;

    - Memory management;

    - 9P file system network protocol;

    - Bluetooth subsystem;

    - CAN network layer;

    - Networking core;

    - DCCP (Datagram Congestion Control Protocol);

    - Distributed Switch Architecture;

    - HSR network protocol;

    - IEEE802154.4 network protocol;

    - IPv4 networking;

    - IPv6 networking;

    - IEEE 802.15.4 subsystem;

    - Multipath TCP;

    - Netfilter;

    - Netlink;

    - NET/ROM layer;

    - Packet sockets;

    - Network traffic control;

    - SCTP protocol;

    - SMC sockets;

    - Sun RPC protocol;

    - TIPC protocol;

    - VMware vSockets driver;

    - eXpress Data Path;

    - SELinux security module;

    - ALSA framework;

    - USB sound devices; (CVE-2024-56558, CVE-2024-53227, CVE-2024-53130, CVE-2025-21664, CVE-2024-53142,     CVE-2024-55881, CVE-2024-57906, CVE-2024-46809, CVE-2024-53198, CVE-2024-53184, CVE-2024-53237,     CVE-2024-56770, CVE-2024-53150, CVE-2024-56700, CVE-2024-50242, CVE-2024-53181, CVE-2024-56574,     CVE-2024-56681, CVE-2024-56678, CVE-2024-53119, CVE-2024-53129, CVE-2024-56567, CVE-2024-56688,     CVE-2024-49925, CVE-2025-21687, CVE-2024-56643, CVE-2025-21631, CVE-2024-52332, CVE-2024-53226,     CVE-2025-21665, CVE-2024-56615, CVE-2024-57911, CVE-2024-53136, CVE-2024-56603, CVE-2024-56690,     CVE-2024-47730, CVE-2024-56586, CVE-2024-46784, CVE-2024-56596, CVE-2024-53172, CVE-2024-57901,     CVE-2024-56693, CVE-2024-56605, CVE-2024-57896, CVE-2024-56698, CVE-2024-56724, CVE-2024-49998,     CVE-2024-53239, CVE-2024-53206, CVE-2024-56636, CVE-2024-56597, CVE-2024-56533, CVE-2024-42315,     CVE-2024-56701, CVE-2024-56587, CVE-2024-57791, CVE-2024-56619, CVE-2024-50051, CVE-2024-56569,     CVE-2025-21694, CVE-2025-21699, CVE-2024-53214, CVE-2024-57904, CVE-2024-49571, CVE-2024-56754,     CVE-2024-56572, CVE-2024-49974, CVE-2024-53140, CVE-2025-21639, CVE-2024-56369, CVE-2024-56601,     CVE-2024-56642, CVE-2024-57792, CVE-2024-57838, CVE-2024-53127, CVE-2025-21690, CVE-2024-56548,     CVE-2024-53155, CVE-2024-47143, CVE-2024-56691, CVE-2024-57938, CVE-2025-21692, CVE-2024-56648,     CVE-2024-46841, CVE-2024-57807, CVE-2024-57908, CVE-2024-50121, CVE-2024-57841, CVE-2024-53135,     CVE-2024-53180, CVE-2025-21683, CVE-2024-56568, CVE-2024-56575, CVE-2024-56774, CVE-2024-56589,     CVE-2024-36899, CVE-2024-57889, CVE-2024-50275, CVE-2024-56606, CVE-2024-56578, CVE-2024-56726,     CVE-2024-36476, CVE-2024-53122, CVE-2024-56594, CVE-2024-56562, CVE-2024-53690, CVE-2024-56769,     CVE-2024-57910, CVE-2024-56720, CVE-2024-56581, CVE-2024-56723, CVE-2025-21669, CVE-2024-56627,     CVE-2024-57925, CVE-2024-56600, CVE-2024-56631, CVE-2024-56595, CVE-2024-53685, CVE-2024-53157,     CVE-2024-57931, CVE-2024-56644, CVE-2024-53215, CVE-2024-57897, CVE-2024-56748, CVE-2024-53138,     CVE-2025-21646, CVE-2024-47707, CVE-2024-56781, CVE-2024-57922, CVE-2024-53197, CVE-2024-56777,     CVE-2024-56625, CVE-2024-56650, CVE-2024-56704, CVE-2025-21638, CVE-2024-56623, CVE-2024-57890,     CVE-2024-56630, CVE-2024-53680, CVE-2025-21637, CVE-2024-56539, CVE-2024-56532, CVE-2024-53217,     CVE-2024-53120, CVE-2024-56780, CVE-2022-49034, CVE-2024-43098, CVE-2024-56590, CVE-2024-50283,     CVE-2024-57917, CVE-2024-56776, CVE-2024-53151, CVE-2024-49950, CVE-2024-57850, CVE-2024-44938,     CVE-2024-47408, CVE-2024-56778, CVE-2024-56779, CVE-2024-56637, CVE-2024-56640, CVE-2024-57907,     CVE-2024-57940, CVE-2025-21697, CVE-2024-57946, CVE-2024-53156, CVE-2024-56759, CVE-2024-53146,     CVE-2024-56610, CVE-2024-56670, CVE-2024-57912, CVE-2024-57874, CVE-2024-57884, CVE-2024-56745,     CVE-2024-56715, CVE-2024-56746, CVE-2024-53112, CVE-2024-53145, CVE-2024-56614, CVE-2024-53174,     CVE-2024-57849, CVE-2024-56767, CVE-2024-53173, CVE-2025-21689, CVE-2024-56739, CVE-2024-56694,     CVE-2024-57939, CVE-2024-56622, CVE-2024-56570, CVE-2024-56634, CVE-2024-53161, CVE-2024-53121,     CVE-2024-56705, CVE-2024-56756, CVE-2024-53183, CVE-2024-56629, CVE-2025-21636, CVE-2024-56763,     CVE-2024-56593, CVE-2025-21640, CVE-2024-53148, CVE-2025-21678, CVE-2024-56602, CVE-2024-57882,     CVE-2024-56576, CVE-2024-53096, CVE-2024-53165, CVE-2024-57903, CVE-2024-57802, CVE-2025-21653,     CVE-2024-56662, CVE-2024-56626, CVE-2024-56645, CVE-2024-48881, CVE-2024-57892, CVE-2024-56531,     CVE-2024-56716, CVE-2024-56787, CVE-2024-57929, CVE-2024-50055, CVE-2024-49996, CVE-2024-53171,     CVE-2025-21648, CVE-2024-57948, CVE-2024-53099, CVE-2024-56785, CVE-2024-57913, CVE-2024-53131,     CVE-2024-53194, CVE-2024-56659, CVE-2024-55916, CVE-2024-56616, CVE-2024-56728, CVE-2024-43900,     CVE-2025-21680, CVE-2024-53113, CVE-2024-58087, CVE-2024-56598, CVE-2024-57902, CVE-2024-56679,     CVE-2025-21666, CVE-2024-57951, CVE-2024-56708, CVE-2024-56633, CVE-2024-56747, CVE-2024-53125,     CVE-2024-45828, CVE-2024-53124, CVE-2024-46871, CVE-2024-57900, CVE-2024-50304, CVE-2024-53158)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1293-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
    - CVE-2021-47645: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com     (bsc#1237767).
    - CVE-2021-47648: gpu: host1x: Fix a memory leak in 'host1x_remove()' (bsc#1237725).
    - CVE-2022-49046: i2c: dev: check return value when calling dev_set_name() (bsc#1237842).
    - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903).
    - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
    - CVE-2022-49059: nfc: nci: add flush_workqueue to prevent uaf (bsc#1238007).
    - CVE-2022-49074: irqchip/gic-v3: Fix GICR_CTLR.RWP polling (bsc#1237728).
    - CVE-2022-49075: btrfs: fix qgroup reserve overflow the qgroup limit (bsc#1237733).
    - CVE-2022-49084: qede: confirm skb is allocated before using (bsc#1237751).
    - CVE-2022-49107: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1237973).
    - CVE-2022-49109: ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1237836).
    - CVE-2022-49119: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (bsc#1237925).
    - CVE-2022-49120: scsi: pm8001: Fix task leak in pm8001_send_abort_all() (bsc#1237969).
    - CVE-2022-49209: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full (bsc#1238252).
    - CVE-2022-49220: dax: make sure inodes are flushed before destroy cache (bsc#1237936).
    - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719).
    - CVE-2022-49286: tpm: use try_get_ops() in tpm-space.c (bsc#1238647).
    - CVE-2022-49292: ALSA: oss: Fix PCM OSS buffer allocation overflow (bsc#1238625).
    - CVE-2022-49308: extcon: Modify extcon device to be created after driver data is set (bsc#1238654).
    - CVE-2022-49331: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (bsc#1237813).
    - CVE-2022-49344: af_unix: Fix a data-race in unix_dgram_peer_wake_me() (bsc#1237988).
    - CVE-2022-49367: net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (bsc#1238447).
    - CVE-2022-49370: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (bsc#1238467).
    - CVE-2022-49372: tcp: tcp_rtx_synack() can be called from process context (bsc#1238251).
    - CVE-2022-49388: ubi: ubi_create_volume: Fix use-after-free when volume creation failed (bsc#1237934).
    - CVE-2022-49395: um: Fix out-of-bounds read in LDT setup (bsc#1237953).
    - CVE-2022-49397: phy: qcom-qmp: fix struct clk leak on probe errors (bsc#1237823).
    - CVE-2022-49404: RDMA/hfi1: Fix potential integer multiplication overflow errors (bsc#1238430).
    - CVE-2022-49416: wifi: mac80211: fix use-after-free in chanctx code (bsc#1238293).
    - CVE-2022-49433: RDMA/hfi1: Prevent use of lock before it is initialized (bsc#1238268).
    - CVE-2022-49472: net: phy: micrel: Allow probing without .driver_data (bsc#1238951).
    - CVE-2022-49488: drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock (bsc#1238600).
    - CVE-2022-49495: drm/msm/hdmi: check return value after calling platform_get_resource_byname()     (bsc#1237932).
    - CVE-2022-49497: net: remove two BUG() from skb_checksum_help() (bsc#1238946).
    - CVE-2022-49505: NFC: NULL out the dev->rfkill to prevent UAF (bsc#1238615).
    - CVE-2022-49516: ice: always check VF VSI pointer values (bsc#1238953).
    - CVE-2022-49519: ath10k: skip ath10k_halt during suspend for driver state RESTARTING (bsc#1238943).
    - CVE-2022-49524: media: pci: cx23885: Fix the error handling in cx23885_initdev() (bsc#1238949).
    - CVE-2022-49530: drm/amd/pm: fix double free in si_parse_power_table() (bsc#1238944).
    - CVE-2022-49538: ALSA: jack: Fix mutex call in snd_jack_report() (bsc#1238843).
    - CVE-2022-49544: ipw2x00: Fix potential NULL dereference in libipw_xmit() (bsc#1238721).
    - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
    - CVE-2022-49546: x86/kexec: Fix double-free of elf header buffer (bsc#1238750).
    - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787).
    - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789).
    - CVE-2022-49578: ip: Fix data-races around sysctl_ip_prot_sock. (bsc#1238794).
    - CVE-2022-49581: be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1238540).
    - CVE-2022-49589: kABI: protect mr_ifc_count change (bsc#1238598).
    - CVE-2022-49605: igc: Reinstate IGC_REMOVED logic and implement it properly (bsc#1238433).
    - CVE-2022-49607: perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()     (bsc#1238817).
    - CVE-2022-49610: KVM: VMX: Prevent RSB underflow before vmenter (bsc#1238952).
    - CVE-2022-49619: net: sfp: fix memory leak in sfp_probe() (bsc#1239003).
    - CVE-2022-49620: net: tipc: fix possible refcount leak in tipc_sk_create() (bsc#1239002).
    - CVE-2022-49640: sysctl: Fix data races in proc_douintvec_minmax() (bsc#1237782).
    - CVE-2022-49641: sysctl: Fix data races in proc_douintvec() (bsc#1237831).
    - CVE-2022-49667: net: bonding: fix use-after-free after 802.3ad slave unbind (bsc#1238282).
    - CVE-2022-49672: net: tun: unlink NAPI from device on destruction (bsc#1238816).
    - CVE-2022-49711: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (bsc#1238416).
    - CVE-2022-49727: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (bsc#1239059).
    - CVE-2022-49740: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads     (bsc#1240233).
    - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
    - CVE-2023-52997: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (bsc#1240303).
    - CVE-2023-53010: bnxt: Do not read past the end of test names (bsc#1240290).
    - CVE-2023-53019: net: mdio: validate parameter addr in mdiobus_get_phy() (bsc#1240286).
    - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).
    - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
    - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
    - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
    - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg     (bsc#1235733).
    - CVE-2024-49935: ACPI: PAD: fix crash in exit_round_robin() (bsc#1232370).
    - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
    - CVE-2024-50269: usb: musb: sunxi: Fix accessing an released usb phy (bsc#1233458).
    - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
    - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
    - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
    - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
    - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
    - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
    - CVE-2024-57973: rdma/cxgb4: Prevent potential integer overflow on 32bit (bsc#1238531).
    - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
    - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
    - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
    - CVE-2024-58052: drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table     (bsc#1238986).
    - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970)
    - CVE-2024-58072: wifi: rtlwifi: remove unused check_buddy_priv (bsc#1238964).
    - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
    - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
    - CVE-2025-21708: net: usb: rtl8150: enable basic endpoint checking (bsc#1239087).
    - CVE-2025-21744: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (bsc#1238903).
    - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
    - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
    - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
    - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
    - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
    - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
    - CVE-2025-21776: USB: hub: Ignore non-compliant devices with too many configs or interfaces     (bsc#1238909).
    - CVE-2025-21782: orangefs: fix a oob in orangefs_debug_write (bsc#1239117).
    - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
    - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
    - CVE-2025-21796: nfsd: clear acl_access/acl_default after releasing them (bsc#1238716).
    - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
    - CVE-2025-21821: fbdev: omap: use threaded IRQ for LCD DMA (bsc#1239174).
    - CVE-2025-21831: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (bsc#1239039).
    - CVE-2025-21846: acct: perform last write from workqueue (bsc#1239508).
    - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
    - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
    - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
    - CVE-2025-21877: usbnet: gl620a: fix endpoint checking in genelink_bind() (bsc#1240172).
    - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
    - CVE-2025-21916: usb: atm: cxacru: fix a flaw in existing endpoint checks (bsc#1240582).
    - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
    - CVE-2025-21934: rapidio: fix an API misues when rio_add_net() fails (bsc#1240708).
    - CVE-2025-21935: rapidio: add check for rio_add_net() in rio_scan_alloc_net() (bsc#1240700).
    - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).
    - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
    - CVE-2025-21996: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (bsc#1240801).
    - CVE-2025-22007: Bluetooth: Fix error code in chan_alloc_skb_cb() (bsc#1240582).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01983-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.


    The following security bugs were fixed:

    - CVE-2021-47670: can: peak_usb: fix use after free bugs (bsc#1241407).
    - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
    - CVE-2022-49145: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (bsc#1238162).
    - CVE-2022-49168: btrfs: do not clean up repair bio if submit fails (bsc#1238109).
    - CVE-2022-49190: kernel/resource: fix kfree() of bootmem memory again (bsc#1238130).
    - CVE-2022-49212: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (bsc#1238331).
    - CVE-2022-49216: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (bsc#1238338).
    - CVE-2022-49235: ath9k_htc: fix uninit value bugs (bsc#1238333).
    - CVE-2022-49248: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (bsc#1238284).
    - CVE-2022-49253: media: usb: go7007: s2250-board: fix leak in probe() (bsc#1238420).
    - CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394).
    - CVE-2022-49326: rtl818x: Prevent using not initialized queues (bsc#1238646).
    - CVE-2022-49371: driver core: fix deadlock in __device_attach (bsc#1238546).
    - CVE-2022-49382: soc: rockchip: Fix refcount leak in rockchip_grf_init (bsc#1238306).
    - CVE-2022-49396: phy: qcom-qmp: fix reset-controller leak on probe errors (bsc#1238289).
    - CVE-2022-49420: net: annotate races around sk->sk_bound_dev_if (bsc#1238887).
    - CVE-2022-49441: tty: fix deadlock caused by calling printk() under tty_port->lock (bsc#1238263).
    - CVE-2022-49445: pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()     (bsc#1238019).
    - CVE-2022-49460: PM / devfreq: rk3399_dmc: Disable edev on remove() (bsc#1238892).
    - CVE-2022-49467: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (bsc#1238815).
    - CVE-2022-49474: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (bsc#1238071).
    - CVE-2022-49491: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (bsc#1238539).
    - CVE-2022-49503: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix     (bsc#1238868).
    - CVE-2022-49592: net: stmmac: fix dma queue left shift overflow issue (bsc#1238311).
    - CVE-2022-49625: sfc: fix kernel panic when creating VF (bsc#1238411).
    - CVE-2022-49635: drm/i915/selftests: fix subtraction overflow bug (bsc#1238806).
    - CVE-2022-49652: dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1238871).
    - CVE-2022-49715: irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (bsc#1238818).
    - CVE-2022-49728: kABI workaround for changeing the variable length type to size_t (bsc#1239111).
    - CVE-2022-49729: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (bsc#1239060).
    - CVE-2022-49751: w1: fix WARNING after calling w1_process() (bsc#1240254).
    - CVE-2022-49761: btrfs: always report error in run_one_delayed_ref() (bsc#1240261).
    - CVE-2022-49772: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (bsc#1242147).
    - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
    - CVE-2022-49776: macvlan: enforce a consistent minimal mtu (bsc#1242248).
    - CVE-2022-49787: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (bsc#1242352).
    - CVE-2022-49788: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (bsc#1242353).
    - CVE-2022-49813: net: ena: Fix error handling in ena_init() (bsc#1242497).
    - CVE-2022-49821: mISDN: fix possible memory leak in mISDN_dsp_element_register() (bsc#1242542).
    - CVE-2022-49826: ata: libata-transport: fix double ata_host_put() in ata_tport_add() (bsc#1242549).
    - CVE-2022-49829: drm/scheduler: fix fence ref counting (bsc#1242691).
    - CVE-2022-49832: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (bsc#1242154).
    - CVE-2022-49835: ALSA: hda: fix potential memleak in 'add_widget_node' (bsc#1242385).
    - CVE-2022-49840: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (bsc#1242447).
    - CVE-2022-49842: ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (bsc#1242484).
    - CVE-2022-49853: net: macvlan: fix memory leaks of macvlan_common_newlink (bsc#1242688).
    - CVE-2022-49861: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (bsc#1242580).
    - CVE-2022-49862: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header     (bsc#1242755).
    - CVE-2022-49865: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (bsc#1242570).
    - CVE-2022-49871: net: tun: call napi_schedule_prep() to ensure we own a napi (bsc#1242558).
    - CVE-2022-49872: net: gso: fix panic on frag_list with mixed head alloc types (bsc#1242594).
    - CVE-2022-49874: HID: hyperv: fix possible memory leak in mousevsc_probe() (bsc#1242478).
    - CVE-2022-49898: btrfs: fix tree mod log mishandling of reallocated nodes (bsc#1242472).
    - CVE-2022-49907: net: mdio: fix undefined behavior in bit shift for __mdiobus_register (bsc#1242450).
    - CVE-2022-49913: btrfs: fix inode list leak during backref walking at find_parent_nodes() (bsc#1242470).
    - CVE-2022-49914: btrfs: fix inode list leak during backref walking at resolve_indirect_refs()     (bsc#1242427).
    - CVE-2022-49922: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (bsc#1242378).
    - CVE-2022-49923: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (bsc#1242394).
    - CVE-2022-49924: nfc: fdp: Fix potential memory leak in fdp_nci_send() (bsc#1242426).
    - CVE-2022-49925: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (bsc#1242371).
    - CVE-2022-49931: IB/hfi1: Correctly move list in sc_disable() (bsc#1242382).
    - CVE-2023-52868: thermal: core: prevent potential string overflow (bsc#1225044).
    - CVE-2023-52975: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (bsc#1240322).
    - CVE-2023-52988: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()     (bsc#1240293).
    - CVE-2023-52989: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region     (bsc#1240266).
    - CVE-2023-52993: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (bsc#1240297).
    - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
    - CVE-2023-53045: usb: gadget: u_audio: do not let userspace block driver unbind (bsc#1242756).
    - CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
    - CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
    - CVE-2023-53080: xsk: Add missing overflow check in xdp_umem_reg (bsc#1242287).
    - CVE-2023-53094: tty: serial: fsl_lpuart: fix race on RX DMA shutdown (bsc#1242288).
    - CVE-2023-53103: bonding: Fix memory leak when changing bond type to Ethernet (bsc#1242408).
    - CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
    - CVE-2023-53139: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties     (bsc#1242361).
    - CVE-2024-26740: Fixed use the backlog for mirred ingress  (bsc#1222563).
    - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
    - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info()     (bsc#1230786).
    - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
    - CVE-2024-50106: nfsd: fix race between laundromat and free_stateid() (bsc#1232882).
    - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).
    - CVE-2024-56779: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (bsc#1235632).
    - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
    - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
    - CVE-2025-21704: usb: cdc-acm: Check control transfer buffer size before access (bsc#1237571).
    - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).
    - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
    - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
    - CVE-2025-22027: media: streamzap: fix race between device disconnection and urb callback (bsc#1241369).
    - CVE-2025-22050: usbnet:fix NPE during rx_complete (bsc#1241441).
    - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
    - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
    - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
    - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
    - CVE-2025-23136: thermal: int340x: Add NULL check for adev (bsc#1241357).
    - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
    - CVE-2025-23161: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (bsc#1242792).
    - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).
    - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
    - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
    - CVE-2025-37782: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (bsc#1242770).
    - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
    - CVE-2025-37794: wifi: mac80211: Purge vif txq in ieee80211_do_stop() (bsc#1242566).
    - CVE-2025-37796: wifi: at76c50x: fix use after free access in at76_disconnect (bsc#1242727).
    - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
    - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
    - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
    - CVE-2025-37852: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()     (bsc#1243074).
    - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
    - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
    - CVE-2025-37989: net: phy: leds: fix memory leak (bsc#1243511).
    - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
216456	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:0564-1)	Nessus	SuSE Local Security Checks	2/19/2025	2/19/2025	high
233468	Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7387-1)	Nessus	Ubuntu Local Security Checks	3/28/2025	4/9/2025	high
234545	SUSE SLES12 Security Update : kernel (SUSE-SU-2025:1293-1)	Nessus	SuSE Local Security Checks	4/17/2025	4/17/2025	high
240793	SUSE SLES12 Security Update : kernel (SUSE-SU-2025:01983-1)	Nessus	SuSE Local Security Checks	6/27/2025	6/27/2025	high

Detections

Analytics

Plugins Search

high

high

high

high