The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-2 advisory.

    Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly     handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a     guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838)

    It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache     memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion).
    (CVE-2023-52340)

    It was discovered that the device mapper driver in the Linux kernel did not properly validate target size     during certain memory allocations. A local attacker could use this to cause a denial of service (system     crash). (CVE-2023-52429, CVE-2024-23851)

    Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly     sized memory locations. A local user could use this to cause a denial of service (system crash).
    (CVE-2024-0607)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - Architecture specifics;

    - Cryptographic API;

    - Android drivers;

    - EDAC drivers;

    - GPU drivers;

    - Media drivers;

    - MTD block device drivers;

    - Network drivers;

    - NVME drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - F2FS file system;

    - GFS2 file system;

    - IPv6 Networking;

    - AppArmor security module; (CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443,     CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597, CVE-2023-52449, CVE-2023-52444,     CVE-2023-52609, CVE-2023-52469, CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454,     CVE-2023-52436, CVE-2023-52438)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-3 advisory.

    Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly     handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a     guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838)

    It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache     memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion).
    (CVE-2023-52340)

    It was discovered that the device mapper driver in the Linux kernel did not properly validate target size     during certain memory allocations. A local attacker could use this to cause a denial of service (system     crash). (CVE-2023-52429, CVE-2024-23851)

    Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly     sized memory locations. A local user could use this to cause a denial of service (system crash).
    (CVE-2024-0607)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - Architecture specifics;

    - Cryptographic API;

    - Android drivers;

    - EDAC drivers;

    - GPU drivers;

    - Media drivers;

    - MTD block device drivers;

    - Network drivers;

    - NVME drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - F2FS file system;

    - GFS2 file system;

    - IPv6 Networking;

    - AppArmor security module; (CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443,     CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597, CVE-2023-52449, CVE-2023-52444,     CVE-2023-52609, CVE-2023-52469, CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454,     CVE-2023-52436, CVE-2023-52438)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote host is prior to 5.4.268-181.368. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-059 advisory.

    2024-12-05: CVE-2023-52683 was added to this advisory.

    2024-12-05: CVE-2023-52679 was added to this advisory.

    2024-09-12: CVE-2023-52675 was added to this advisory.

    2024-09-12: CVE-2023-52691 was added to this advisory.

    2024-07-03: CVE-2023-52612 was added to this advisory.

    2024-07-03: CVE-2024-26633 was added to this advisory.

    2024-07-03: CVE-2023-52470 was added to this advisory.

    2024-06-06: CVE-2023-52698 was added to this advisory.

    2024-06-06: CVE-2023-52464 was added to this advisory.

    2024-04-25: CVE-2023-52448 was added to this advisory.

    2024-03-27: CVE-2023-52439 was added to this advisory.

    2024-03-13: CVE-2023-52469 was added to this advisory.

    2024-02-15: CVE-2023-6546 was added to this advisory.

    A flaw has been found in Xen. An unprivileged guest can cause Denial of Service (DoS) of the host by     sending network packets to the backend, causing the backend to crash. (CVE-2023-46838)

    In the Linux kernel, the following vulnerability has been resolved:

    uio: Fix use-after-free in uio_open

    core-1                          core-2-------------------------------------------------------     uio_unregister_device              uio_openidev = idr_find()device_unregister(&idev->dev)put_device(&idev-     >dev)uio_device_releaseget_device(&idev->dev)kfree(idev)uio_free_minor(minor)uio_releaseput_device(&idev-     >dev)kfree(idev)-------------------------------------------------------

    In the core-1 uio_unregister_device(), the device_unregister will kfreeidev when the idev->dev kobject ref     is 1. But after core-1device_unregister, put_device and before doing kfree, the core-2 mayget_device.
    Then:1. After core-1 kfree idev, the core-2 will do use-after-free for idev.2. When core-2 do uio_release     and put_device, the idev will be doublefreed.

    To address this issue, we can get idev atomic & inc idev reference withminor_lock. (CVE-2023-52439)

    In the Linux kernel, the following vulnerability has been resolved:

    gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

    Syzkaller has reported a NULL pointer dereference when accessingrgd->rd_rgl in gfs2_rgrp_dump().  This can     happen when creatingrgd->rd_gl fails in read_rindex_entry().  Add a NULL pointer check ingfs2_rgrp_dump()     to prevent that. (CVE-2023-52448)

    In the Linux kernel, the following vulnerability has been resolved:

    EDAC/thunderx: Fix possible out-of-bounds string access

    Enabling -Wstringop-overflow globally exposes a warning for a common bugin the usage of strncat():

    drivers/edac/thunderx_edac.c: In function     'thunderx_ocx_com_threaded_isr':drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound     1024 equals destination size [-Werror=stringop-overflow=]1136 |                 strncat(msg, other,     OCX_MESSAGE_SIZE);|                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...1145 |     strncat(msg, other, OCX_MESSAGE_SIZE);...1150 |                                 strncat(msg, other,     OCX_MESSAGE_SIZE);

    ...

    Apparently the author of this driver expected strncat() to behave theway that strlcat() does, which uses     the size of the destination bufferas its third argument rather than the length of the source buffer.
    Theresult is that there is no check on the size of the allocated buffer.

    Change it to strlcat().

    [ bp: Trim compiler output, fixup commit message. ] (CVE-2023-52464)

    In the Linux kernel, the following vulnerability has been resolved:

    drivers/amd/pm: fix a use-after-free in kv_parse_power_table

    When ps allocated by kzalloc equals to NULL, kv_parse_power_tablefrees adev->pm.dpm.ps that allocated     before. However, after the controlflow goes through the following call chains:

    kv_parse_power_table|-> kv_dpm_init|-> kv_dpm_sw_init|-> kv_dpm_fini

    The adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after itsfirst free in kv_parse_power_table and     causes a use-after-free bug. (CVE-2023-52469)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

    check the alloc_workqueue return value in radeon_crtc_init()to avoid null-ptr-deref. (CVE-2023-52470)

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: scomp - fix req->dst buffer overflow (CVE-2023-52612)

    In the Linux kernel, the following vulnerability has been resolved:

    powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (CVE-2023-52675)

    In the Linux kernel, the following vulnerability has been resolved:

    of: Fix double free in of_parse_phandle_with_args_map (CVE-2023-52679)

    In the Linux kernel, the following vulnerability has been resolved:

    ACPI: LPIT: Avoid u32 multiplication overflow (CVE-2023-52683)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/amd/pm: fix a double-free in si_dpm_init (CVE-2023-52691)

    In the Linux kernel, the following vulnerability has been resolved:

    calipso: fix memory leak in netlbl_calipso_add_pass() (CVE-2023-52698)

    An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4     (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of     a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an     attacker to achieve out-of-bounds access. (CVE-2023-6040)

    A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two     threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline     enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This     could allow a local unprivileged user to escalate their privileges on the system. (CVE-2023-6546)

    A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may     allow an attacker using this library to cause a denial of service problem due to a missing check at a     function return. (CVE-2023-6915)

    An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in     the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy     length, leading to a denial of service. (CVE-2024-0565)

    netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (CVE-2024-0607)

    An out-of-bounds memory write flaw was found in the Linux kernel's Transport Layer Security functionality     in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user     to crash or potentially escalate their privileges on the system. (CVE-2024-0646)

    In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one     error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. (CVE-2024-23849)

    In the Linux kernel, the following vulnerability has been resolved:

    ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory.

    Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C     PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a     denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)

    It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux     kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker     could use this to cause a denial of service. (CVE-2024-21823)

    Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-     bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system     crash). (CVE-2024-23849)

    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to     a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a     denial of service (system crash). (CVE-2024-24860)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - S390 architecture;

    - Core kernel;

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - ACPI drivers;

    - Android drivers;

    - Drivers core;

    - Power management core;

    - Bus devices;

    - Device frequency scaling framework;

    - DMA engine subsystem;

    - EDAC drivers;

    - ARM SCMI message protocol;

    - GPU drivers;

    - IIO ADC drivers;

    - InfiniBand drivers;

    - IOMMU subsystem;

    - Media drivers;

    - Multifunction device drivers;

    - MTD block device drivers;

    - Network drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - PCI driver for MicroSemi Switchtec;

    - Power supply drivers;

    - RPMSG subsystem;

    - SCSI drivers;

    - QCOM SoC drivers;

    - SPMI drivers;

    - Thermal drivers;

    - TTY drivers;

    - VFIO drivers;

    - BTRFS file system;

    - Ceph distributed file system;

    - EFI Variable file system;

    - EROFS file system;

    - Ext4 file system;

    - F2FS file system;

    - GFS2 file system;

    - JFS file system;

    - Network file systems library;

    - Network file system server daemon;

    - File systems infrastructure;

    - Pstore file system;

    - ReiserFS file system;

    - SMB network file system;

    - BPF subsystem;

    - Memory management;

    - TLS protocol;

    - Ethernet bridge;

    - Networking core;

    - IPv4 networking;

    - IPv6 networking;

    - Logical Link layer;

    - MAC80211 subsystem;

    - Multipath TCP;

    - Netfilter;

    - NetLabel subsystem;

    - Network traffic control;

    - SMC sockets;

    - Sun RPC protocol;

    - AppArmor security module;

    - Intel ASoC drivers;

    - MediaTek ASoC drivers;

    - USB sound devices; (CVE-2023-52598, CVE-2023-52676, CVE-2023-52609, CVE-2024-26620, CVE-2023-52487,     CVE-2023-52465, CVE-2023-52473, CVE-2023-52467, CVE-2024-26583, CVE-2023-52669, CVE-2023-52664,     CVE-2023-52449, CVE-2023-52614, CVE-2024-26595, CVE-2023-52611, CVE-2023-52696, CVE-2023-52591,     CVE-2023-52491, CVE-2024-35839, CVE-2023-52679, CVE-2024-26607, CVE-2023-52587, CVE-2023-52469,     CVE-2023-52608, CVE-2023-52617, CVE-2023-52698, CVE-2024-26673, CVE-2024-35835, CVE-2024-26808,     CVE-2024-26668, CVE-2023-52626, CVE-2023-52621, CVE-2024-35837, CVE-2023-52489, CVE-2023-52597,     CVE-2024-26649, CVE-2024-26615, CVE-2024-35838, CVE-2023-52693, CVE-2023-52497, CVE-2024-35842,     CVE-2024-26618, CVE-2024-26610, CVE-2024-26631, CVE-2024-26644, CVE-2024-26627, CVE-2023-52677,     CVE-2023-52472, CVE-2023-52627, CVE-2023-52486, CVE-2023-52632, CVE-2023-52494, CVE-2023-52468,     CVE-2024-26634, CVE-2023-52588, CVE-2024-26646, CVE-2024-26584, CVE-2023-52443, CVE-2023-52691,     CVE-2024-26612, CVE-2023-52595, CVE-2024-26592, CVE-2024-26623, CVE-2023-52492, CVE-2024-26670,     CVE-2023-52583, CVE-2023-52681, CVE-2023-52635, CVE-2023-52457, CVE-2023-52445, CVE-2024-26629,     CVE-2024-26594, CVE-2023-52675, CVE-2023-52488, CVE-2023-52446, CVE-2024-26625, CVE-2023-52697,     CVE-2023-52453, CVE-2023-52498, CVE-2023-52686, CVE-2023-52593, CVE-2023-52612, CVE-2023-52687,     CVE-2023-52470, CVE-2023-52455, CVE-2023-52444, CVE-2024-26608, CVE-2024-26633, CVE-2024-26645,     CVE-2023-52451, CVE-2023-52456, CVE-2024-26640, CVE-2023-52670, CVE-2023-52589, CVE-2024-26598,     CVE-2024-35841, CVE-2024-26647, CVE-2024-26636, CVE-2023-52680, CVE-2023-52616, CVE-2023-52685,     CVE-2024-26582, CVE-2024-26638, CVE-2023-52694, CVE-2024-35840, CVE-2023-52448, CVE-2023-52623,     CVE-2023-52462, CVE-2023-52452, CVE-2024-26641, CVE-2023-52683, CVE-2023-52682, CVE-2023-52594,     CVE-2023-52490, CVE-2023-52493, CVE-2023-52633, CVE-2023-52606, CVE-2024-26669, CVE-2023-52584,     CVE-2024-26585, CVE-2023-52610, CVE-2023-52672, CVE-2023-52450, CVE-2023-52666, CVE-2023-52458,     CVE-2023-52622, CVE-2023-52674, CVE-2023-52619, CVE-2024-26586, CVE-2023-52667, CVE-2024-26616,     CVE-2023-52463, CVE-2024-26632, CVE-2023-52447, CVE-2023-52692, CVE-2023-52678, CVE-2023-52607,     CVE-2023-52618, CVE-2023-52464, CVE-2024-26671, CVE-2023-52599, CVE-2023-52454, CVE-2023-52495,     CVE-2023-52690)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3841 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3841-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     June 25, 2024                                 https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-5.10     Version        : 5.10.209-2~deb10u1     CVE ID         : CVE-2023-6040 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536                      CVE-2023-6606 CVE-2023-6915 CVE-2023-39198 CVE-2023-46838                      CVE-2023-51779 CVE-2023-52340 CVE-2023-52436 CVE-2023-52438                      CVE-2023-52439 CVE-2023-52443 CVE-2023-52444 CVE-2023-52445                      CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454                      CVE-2023-52456 CVE-2023-52457 CVE-2023-52462 CVE-2023-52463                      CVE-2023-52464 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470                      CVE-2023-52609 CVE-2023-52612 CVE-2023-52675 CVE-2023-52679                      CVE-2023-52683 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691                      CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698                      CVE-2024-0646 CVE-2024-1086 CVE-2024-24860 CVE-2024-26586                      CVE-2024-26597 CVE-2024-26598 CVE-2024-26633

    Several vulnerabilities were discovered in the Linux kernel that may     lead to a privilege escalation, denial of service or information     leaks.

    For Debian 10 buster, these problems were fixed earlier in version     5.10.209-2~deb10u1.  This update additionally included many more bug     fixes from stable updates 5.10.206-5.10.209 inclusive.

    For the detailed security status of linux-5.10 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-5.10

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

In the Linux kernel, the following vulnerability has been resolved:
EDAC/thunderx: Fix possible out-of-bounds string access Enabling
-Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr': drivers/edac/thunderx_edac.c:1136:17:
error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=] 1136 | strncat(msg, other, OCX_MESSAGE_SIZE); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... 1145 | strncat(msg, other, OCX_MESSAGE_SIZE); ... 1150 | strncat(msg, other, OCX_MESSAGE_SIZE); ... Apparently the author of this driver expected strncat() to behave the way that strlcat() does, which uses the size of the destination buffer as its third argument rather than the length of the source buffer. The result is that there is no check on the size of the allocated buffer. Change it to strlcat(). [ bp: Trim compiler output, fixup commit message. ]

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
193376	Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6726-2)	Nessus	Ubuntu Local Security Checks	4/17/2024	3/17/2025	high
193407	Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6726-3)	Nessus	Ubuntu Local Security Checks	4/17/2024	3/17/2025	high
190047	Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-059)	Nessus	Amazon Linux Local Security Checks	2/6/2024	12/16/2024	high
200276	Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)	Nessus	Ubuntu Local Security Checks	6/10/2024	9/24/2025	high
201106	Debian dla-3841 : linux-config-5.10 - security update	Nessus	Debian Local Security Checks	6/27/2024	6/28/2024	high
276342	TencentOS Server 2: kernel (TSSA-2024:0557)	Nessus	Tencent Local Security Checks	11/20/2025	11/20/2025	high
198091	EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)	Nessus	Huawei Local Security Checks	5/29/2024	9/29/2025	high
198320	EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)	Nessus	Huawei Local Security Checks	6/3/2024	9/26/2025	high
504224	Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-52464)	Tenable OT Security	Tenable.ot	11/13/2025	11/13/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high