The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4574-1 advisory.

    The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.


    The following security bugs were fixed:

    - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
    - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
    - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
    - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
    - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c     (bsc#1204631).
    - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and     gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
    - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c     (bsc#1203960).
    - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in     net/bluetooth/l2cap_core.c (bsc#1205796).
    - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac     (bsc#1204868).
    - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
    - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
    - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
    - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
    - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
    - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
    - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS     file-system with an unintended group ownership and with group execution and SGID permission bits set     (bsc#1198702).
    - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's     internal memory (bsc#1204653).
    - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c     (bsc#1204402).
    - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
    - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
    - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
    - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c     (bsc#1204574).
    - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
    - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to     cause a denial of service (bsc#1204439).
    - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
    - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
    - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive     information from kernel memory (bsc#1203514).
    - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
    - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET     (bsc#1203290).
    - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the     efi firmware capsule-loader.c (bsc#1203322).
    - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req()     which can be used to leak kernel pointers remotely (bsc#1205705).
    - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect()     and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively)     remotely via Bluetooth (bsc#1205709).
    - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file     drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
    - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).
    - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5792-2 advisory.

    Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not     properly handle cache coherency with Secure Encrypted Virtualization (SEV). A local attacker could     possibly use this to cause a denial of service (host system crash). (CVE-2022-0171)

    It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel,     leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service     (system crash) or possibly execute arbitrary code. (CVE-2022-20421)

    David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel     incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this     to cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

    It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero     vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-3061)

    It was discovered that the sound subsystem in the Linux kernel contained a race condition in some     situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303)

    Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-     after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or     possibly execute arbitrary code. (CVE-2022-3586)

    It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly     deallocate memory in certain error conditions. An attacker could use this to cause a denial of service     (memory exhaustion). (CVE-2022-3646)

    Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly     handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use     this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649)

    Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain     situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this     to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188)

    Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the     Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).
    (CVE-2022-39842)

    It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel,     leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service     (system crash) or possibly execute arbitrary code. (CVE-2022-40307)

    Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel     contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service     (system crash) or possibly execute arbitrary code. (CVE-2022-4095)

    It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set     permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial     of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5862-1 advisory.

    It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2)     implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system     crash) or possibly execute arbitrary code. (CVE-2022-20369)

    Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that     some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle     RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive     information. (CVE-2022-26373)

    David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel     incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this     to cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

    Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor     could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use     this to expose sensitive information. (CVE-2022-29900)

    Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's     protections against speculative branch target injection attacks were insufficient in some circumstances. A     local attacker could possibly use this to expose sensitive information. (CVE-2022-29901)

    It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly     deallocate memory in certain error conditions. An attacker could use this to cause a denial of service     (memory exhaustion). (CVE-2022-3646)

    Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly     handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use     this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649)

    Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the     Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).
    (CVE-2022-39842)

    It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux     kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause     a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849)

    It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a     use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash)     or possibly execute arbitrary code. (CVE-2022-41850)

    It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set     permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial     of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5883-1 advisory.

    Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer     overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary     code. (CVE-2022-4378)

    It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2)     implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system     crash) or possibly execute arbitrary code. (CVE-2022-20369)

    Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that     some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle     RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive     information. (CVE-2022-26373)

    David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel     incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this     to cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

    Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor     could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use     this to expose sensitive information. (CVE-2022-29900)

    Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's     protections against speculative branch target injection attacks were insufficient in some circumstances. A     local attacker could possibly use this to expose sensitive information. (CVE-2022-29901)

    It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket     implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could     use this to cause a denial of service (system crash). (CVE-2022-3521)

    It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free     vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly     execute arbitrary code. (CVE-2022-3545)

    It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform     bounds checking in some situations. A physically proximate attacker could use this to craft a malicious     USB device that when inserted, could cause a denial of service (system crash) or possibly execute     arbitrary code. (CVE-2022-3628)

    It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel.
    A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary     code. (CVE-2022-3640)

    It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly     deallocate memory in certain error conditions. An attacker could use this to cause a denial of service     (memory exhaustion). (CVE-2022-3646)

    Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly     handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use     this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649)

    Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the     Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).
    (CVE-2022-39842)

    It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux     kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause     a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849)

    It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a     use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash)     or possibly execute arbitrary code. (CVE-2022-41850)

    It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when     handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service     (kernel deadlock). (CVE-2022-42328)

    Tams Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly     initialize memory in some situations. A physically proximate attacker could possibly use this to expose     sensitive information (kernel memory). (CVE-2022-42895)

    It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set     permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial     of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750)

    It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly     handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability.
    A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary     code. (CVE-2023-0461)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4273-1 advisory.

    The SUSE Linux Enterprise 12 SP5 Azure kernel was updated.

    The following security bugs were fixed:

    - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS     file-system with an unintended group ownership and with group execution and SGID permission bits set     (bnc#1198702).
    - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to     cause DoS (bnc#1200788).
    - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686).
    - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET     and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290).
    - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and     gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
    - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
    - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
    - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c     (bnc#1204402).
    - CVE-2022-3545: Fixed use-after-free in area_cache_get() in     drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
    - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
    - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to     cause a denial of service (bnc#1204439).
    - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
    - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c     (bnc#1204574).
    - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
    - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
    - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
    - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the     efi firmware capsule-loader.c (bnc#1203322).
    - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive     information from kernel memory (bnc#1203514).
    - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
    - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space  client to corrupt the monitor's     internal memory (bnc#1204653).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3173 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3173-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     November 1, 2022                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-5.10     Version        : 5.10.149-2~deb10u1     CVE ID         : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-1679                      CVE-2022-2153 CVE-2022-2602 CVE-2022-2663 CVE-2022-2905                      CVE-2022-3028 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303                      CVE-2022-3586 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629                      CVE-2022-3633 CVE-2022-3635 CVE-2022-3646 CVE-2022-3649                      CVE-2022-20421 CVE-2022-20422 CVE-2022-39188 CVE-2022-39190                      CVE-2022-39842 CVE-2022-40307 CVE-2022-41222 CVE-2022-41674                      CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722                      CVE-2022-43750     Debian Bug     : 1017425 1019248

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    CVE-2021-4037

        Christian Brauner reported that the inode_init_owner function for         the XFS filesystem in the Linux kernel allows local users to         create files with an unintended group ownership allowing attackers         to escalate privileges by making a plain file executable and SGID.

    CVE-2022-0171

        Mingwei Zhang reported that a cache incoherence issue in the SEV         API in the KVM subsystem may result in denial of service.

    CVE-2022-1184

        A flaw was discovered in the ext4 filesystem driver which can lead         to a use-after-free. A local user permitted to mount arbitrary         filesystems could exploit this to cause a denial of service (crash         or memory corruption) or possibly for privilege escalation.

    CVE-2022-1679

        The syzbot tool found a race condition in the ath9k_htc driver         which can lead to a use-after-free.  This might be exploitable to         cause a denial service (crash or memory corruption) or possibly         for privilege escalation.

    CVE-2022-2153

        kangel reported a flaw in the KVM implementation for x86         processors which could lead to a null pointer dereference. A local         user permitted to access /dev/kvm could exploit this to cause a         denial of service (crash).

    CVE-2022-2602

        A race between handling an io_uring request and the Unix socket         garbage collector was discovered. An attacker can take advantage         of this flaw for local privilege escalation.

    CVE-2022-2663

        David Leadbeater reported flaws in the nf_conntrack_irc         connection-tracking protocol module. When this module is enabled         on a firewall, an external user on the same IRC network as an         internal user could exploit its lax parsing to open arbitrary TCP         ports in the firewall, to reveal their public IP address, or to         block their IRC connection at the firewall.

    CVE-2022-2905

        Hsin-Wei Hung reported a flaw in the eBPF verifier which can lead         to an out-of-bounds read.  If unprivileged use of eBPF is enabled,         this could leak sensitive information.  This was already disabled         by default, which would fully mitigate the vulnerability.

    CVE-2022-3028

        Abhishek Shah reported a race condition in the AF_KEY subsystem,         which could lead to an out-of-bounds write or read.  A local user         could exploit this to cause a denial of service (crash or memory         corruption), to obtain sensitive information, or possibly for         privilege escalation.

    CVE-2022-3061

        A flaw was discovered in the i740 driver which may result in         denial of service.

        This driver is not enabled in Debian's official kernel         configurations.

    CVE-2022-3176

        A use-after-free flaw was discovered in the io_uring subsystem         which may result in local privilege escalation to root.

    CVE-2022-3303

        A race condition in the snd_pcm_oss_sync function in the sound         subsystem in the Linux kernel due to improper locking may result         in denial of service.

    CVE-2022-3586 (ZDI-22-1452)

        The Zero Day Initiative reported a flaw in the sch_sfb network         scheduler, which may lead to a use-after-free and leak of         sensitive information from the kernel.

    CVE-2022-3621, CVE-2022-3646

        The syzbot tool found flaws in the nilfs2 filesystem driver which         can lead to a null pointer dereference or memory leak.  A user         permitted to mount arbitrary filesystem images could use these to         cause a denial of service (crash or resource exhaustion).

    CVE-2022-3625

        A flaw was discovered in the devlink subsystem which can lead to         a use-after-free.  The security impact of this is unclear.

    CVE-2022-3629

        The syzbot tool found a memory leak in the Virtual Socket Protocol         implementation.  A local user could exploit this to cause a denial         of service (resource exhaustion).

    CVE-2022-3633

        The Linux Verification Center found a memory leak in the SAE J1939         protocol implementation.  A local user could exploit this to cause         a denial of service (resource exhaustion).

    CVE-2022-3635

        Several race conditions were discovered in the idt77252 ATM         driver, which can lead to a use-after-free if the module is         removed.  The security impact of this is unclear.

    CVE-2022-3649

        The syzbot tool found flaws in the nilfs2 filesystem driver which         can lead to a use-after-free.  A user permitted to mount arbitrary         filesystem images could use these to cause a denial of service         (crash or memory corruption) or possibly for privilege escalation.

    CVE-2022-20421

        A use-after-free vulnerability was discovered in the         binder_inc_ref_for_node function in the Android binder driver. On         systems where the binder driver is loaded, a local user could         exploit this for privilege escalation.

    CVE-2022-20422

        A race condition was discovered in the instruction emulator for         64-bit Arm systems.  Concurrent changes to the sysctls that         control the emulator could result in a null pointer dereference.
        The security impact of this is unclear.

    CVE-2022-39188

        Jann Horn reported a race condition in the kernel's handling of         unmapping of certain memory ranges. When a driver created a memory         mapping with the VM_PFNMAP flag, which many GPU drivers do, the         memory mapping could be removed and freed before it was flushed         from the CPU TLBs. This could result in a page use-after-free. A         local user with access to such a device could exploit this to         cause a denial of service (crash or memory corruption) or possibly         for privilege escalation.

    CVE-2022-39190

        Gwangun Jung reported a flaw in the nf_tables subsystem.  A local         user could exploit this to cause a denial of service (crash).

    CVE-2022-39842

        An integer overflow was discovered in the pxa3xx-gcu video driver         which could lead to a heap out-of-bounds write.

        This driver is not enabled in Debian's official kernel         configurations.

    CVE-2022-40307

        A race condition was discovered in the EFI capsule-loader driver,         which could lead to use-after-free. A local user permitted to         access this device (/dev/efi_capsule_loader) could exploit this to         cause a denial of service (crash or memory corruption) or possibly         for privilege escalation. However, this device is normally only         accessible by the root user.

    CVE-2022-41222

        A race condition was discovered in the memory management subsystem         that can lead to stale TLB entries.  A local user could exploit         this to cause a denial of service (memory corruption or crash),         information leak, or privilege escalation.

    CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721,     CVE-2022-42722

        Soenke Huster discovered several vulnerabilities in the mac80211         subsystem triggered by WLAN frames which may result in denial of         service or the execution of arbitrary code.

    CVE-2022-43750

        The syzbot tool found that the USB monitor (usbmon) driver allowed         user-space programs to overwrite the driver's data structures.  A         local user permitted to access a USB monitor device could exploit         this to cause a denial of service (memory corruption or crash) or         possibly for privilege escalation.  However, by default only the         root user can access such devices.

    For Debian 10 buster, these problems have been fixed in version     5.10.149-2~deb10u1.  This update also fixes a regression for some     older 32-bit PCs (bug #1017425), and enables the i10nm_edac driver     (bug #1019248).  It additionally includes many more bug fixes from     stable updates 5.10.137-5.10.149 inclusive.

    We recommend that you upgrade your linux-5.10 packages.

    For the detailed security status of linux-5.10 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-5.10

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

    --     Ben Hutchings - Debian developer, member of kernel, installer and LTS teams     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel-generic installed on the remote host is prior to 5.15.80 / 5.15.80_smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-333-01 advisory.

    New kernel packages are available for Slackware 15.0 to fix security issues.

Tenable has extracted the preceding description block directly from the kernel-generic security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function     nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after     free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
    The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)

Note that Nessus relies on the presence of the package as reported by the vendor.

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
168941	SUSE SLES15 Security Update : kernel (SUSE-SU-2022:4574-1)	Nessus	SuSE Local Security Checks	12/20/2022	9/25/2025	high
169726	Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5792-2)	Nessus	Ubuntu Local Security Checks	1/10/2023	8/27/2024	high
171270	Ubuntu 18.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerabilities (USN-5862-1)	Nessus	Ubuntu Local Security Checks	2/9/2023	8/27/2024	high
171812	Ubuntu 16.04 ESM : Linux kernel (HWE) vulnerabilities (USN-5883-1)	Nessus	Ubuntu Local Security Checks	2/22/2023	8/27/2024	high
168308	SUSE SLES12 Security Update : kernel (SUSE-SU-2022:4273-1)	Nessus	SuSE Local Security Checks	11/30/2022	9/26/2025	high
166822	Debian dla-3173 : linux-config-5.10 - security update	Nessus	Debian Local Security Checks	11/2/2022	1/22/2025	high
168270	Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2022-333-01)	Nessus	Slackware Local Security Checks	11/29/2022	9/30/2025	high
224880	Linux Distros Unpatched Vulnerability : CVE-2022-3649	Nessus	Misc.	3/5/2025	10/28/2025	high
503005	Siemens SIMATIC Devices Linux Kernel Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2022-3649)	Tenable OT Security	Tenable.ot	2/25/2025	10/29/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high