The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0855-1 advisory.

    The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.

    The following security bugs were fixed:

    - CVE-2023-6270: Fixed a use-after-free bug in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
    - CVE-2023-52462: Fixed a security check for attempt to corrupt spilled pointer (bsc#1220325).
    - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
    - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
    - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
    - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
    - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach  (bsc#1220254).
    - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
    - CVE-2024-26585: Fixed race between tx work scheduling and socket close  (bsc#1220187).
    - CVE-2023-52340: Fixed ICMPv6 Packet Too Big packets force a DoS of the Linux kernel by forcing     100% CPU (bsc#1219295).
    - CVE-2024-0607: Fixed 64-bit load issue in  nft_byteorder_eval() (bsc#1218915).
    - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
    - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
    - CVE-2024-23850: Fixed double free of anonymous device after snapshot  creation failure (bsc#1219126).
    - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
    - CVE-2023-52457: Fixed skipped resource freeing if  pm_runtime_resume_and_get() failed (bsc#1220350).
    - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
    - CVE-2023-52451: Fixed access beyond end of drmem array  (bsc#1220250).
    - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround  (bsc#1220251).
    - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier  (bsc#1220238).
    - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
    - CVE-2024-26598: Fixed potential UAF in LPI translation  cache (bsc#1220326).
    - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
    - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
    - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
    - CVE-2023-52443: Fixed crash when parsed profile name is empty  (bsc#1220240).
    - CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
    - CVE-2024-26586: Fixed stack corruption (bsc#1220243).
    - CVE-2024-26595: Fixed NULL pointer dereference in  error path (bsc#1220344).
    - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
    - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump  (bsc#1220253).
    - CVE-2024-1151: Fixed unlimited number of recursions from action  sets (bsc#1219835).
    - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the     same transaction (bsc#1218216).
    - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv  (bsc#1219127).
    - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
    - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the linux package has been released.

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory.

    Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C     PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a     denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)

    It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux     kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker     could use this to cause a denial of service. (CVE-2024-21823)

    Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-     bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system     crash). (CVE-2024-23849)

    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to     a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a     denial of service (system crash). (CVE-2024-24860)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - PowerPC architecture;

    - RISC-V architecture;

    - S390 architecture;

    - Core kernel;

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - ACPI drivers;

    - Android drivers;

    - Drivers core;

    - Power management core;

    - Bus devices;

    - Device frequency scaling framework;

    - DMA engine subsystem;

    - EDAC drivers;

    - ARM SCMI message protocol;

    - GPU drivers;

    - IIO ADC drivers;

    - InfiniBand drivers;

    - IOMMU subsystem;

    - Media drivers;

    - Multifunction device drivers;

    - MTD block device drivers;

    - Network drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - PCI driver for MicroSemi Switchtec;

    - Power supply drivers;

    - RPMSG subsystem;

    - SCSI drivers;

    - QCOM SoC drivers;

    - SPMI drivers;

    - Thermal drivers;

    - TTY drivers;

    - VFIO drivers;

    - BTRFS file system;

    - Ceph distributed file system;

    - EFI Variable file system;

    - EROFS file system;

    - Ext4 file system;

    - F2FS file system;

    - GFS2 file system;

    - JFS file system;

    - Network file systems library;

    - Network file system server daemon;

    - File systems infrastructure;

    - Pstore file system;

    - ReiserFS file system;

    - SMB network file system;

    - BPF subsystem;

    - Memory management;

    - TLS protocol;

    - Ethernet bridge;

    - Networking core;

    - IPv4 networking;

    - IPv6 networking;

    - Logical Link layer;

    - MAC80211 subsystem;

    - Multipath TCP;

    - Netfilter;

    - NetLabel subsystem;

    - Network traffic control;

    - SMC sockets;

    - Sun RPC protocol;

    - AppArmor security module;

    - Intel ASoC drivers;

    - MediaTek ASoC drivers;

    - USB sound devices; (CVE-2023-52598, CVE-2023-52676, CVE-2023-52609, CVE-2024-26620, CVE-2023-52487,     CVE-2023-52465, CVE-2023-52473, CVE-2023-52467, CVE-2024-26583, CVE-2023-52669, CVE-2023-52664,     CVE-2023-52449, CVE-2023-52614, CVE-2024-26595, CVE-2023-52611, CVE-2023-52696, CVE-2023-52591,     CVE-2023-52491, CVE-2024-35839, CVE-2023-52679, CVE-2024-26607, CVE-2023-52587, CVE-2023-52469,     CVE-2023-52608, CVE-2023-52617, CVE-2023-52698, CVE-2024-26673, CVE-2024-35835, CVE-2024-26808,     CVE-2024-26668, CVE-2023-52626, CVE-2023-52621, CVE-2024-35837, CVE-2023-52489, CVE-2023-52597,     CVE-2024-26649, CVE-2024-26615, CVE-2024-35838, CVE-2023-52693, CVE-2023-52497, CVE-2024-35842,     CVE-2024-26618, CVE-2024-26610, CVE-2024-26631, CVE-2024-26644, CVE-2024-26627, CVE-2023-52677,     CVE-2023-52472, CVE-2023-52627, CVE-2023-52486, CVE-2023-52632, CVE-2023-52494, CVE-2023-52468,     CVE-2024-26634, CVE-2023-52588, CVE-2024-26646, CVE-2024-26584, CVE-2023-52443, CVE-2023-52691,     CVE-2024-26612, CVE-2023-52595, CVE-2024-26592, CVE-2024-26623, CVE-2023-52492, CVE-2024-26670,     CVE-2023-52583, CVE-2023-52681, CVE-2023-52635, CVE-2023-52457, CVE-2023-52445, CVE-2024-26629,     CVE-2024-26594, CVE-2023-52675, CVE-2023-52488, CVE-2023-52446, CVE-2024-26625, CVE-2023-52697,     CVE-2023-52453, CVE-2023-52498, CVE-2023-52686, CVE-2023-52593, CVE-2023-52612, CVE-2023-52687,     CVE-2023-52470, CVE-2023-52455, CVE-2023-52444, CVE-2024-26608, CVE-2024-26633, CVE-2024-26645,     CVE-2023-52451, CVE-2023-52456, CVE-2024-26640, CVE-2023-52670, CVE-2023-52589, CVE-2024-26598,     CVE-2024-35841, CVE-2024-26647, CVE-2024-26636, CVE-2023-52680, CVE-2023-52616, CVE-2023-52685,     CVE-2024-26582, CVE-2024-26638, CVE-2023-52694, CVE-2024-35840, CVE-2023-52448, CVE-2023-52623,     CVE-2023-52462, CVE-2023-52452, CVE-2024-26641, CVE-2023-52683, CVE-2023-52682, CVE-2023-52594,     CVE-2023-52490, CVE-2023-52493, CVE-2023-52633, CVE-2023-52606, CVE-2024-26669, CVE-2023-52584,     CVE-2024-26585, CVE-2023-52610, CVE-2023-52672, CVE-2023-52450, CVE-2023-52666, CVE-2023-52458,     CVE-2023-52622, CVE-2023-52674, CVE-2023-52619, CVE-2024-26586, CVE-2023-52667, CVE-2024-26616,     CVE-2023-52463, CVE-2024-26632, CVE-2023-52447, CVE-2023-52692, CVE-2023-52678, CVE-2023-52607,     CVE-2023-52618, CVE-2023-52464, CVE-2024-26671, CVE-2023-52599, CVE-2023-52454, CVE-2023-52495,     CVE-2023-52690)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0900-1 advisory.

    The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
    - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
    - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
    - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
    - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
    - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
    - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
    - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach  (bsc#1220254).
    - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
    - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
    - CVE-2024-26585: Fixed race between tx work scheduling and socket close  (bsc#1220187).
    - CVE-2023-52340: Fixed ICMPv6 Packet Too Big packets force a DoS of the Linux kernel by forcing     100% CPU (bsc#1219295).
    - CVE-2024-0607: Fixed 64-bit load issue in  nft_byteorder_eval() (bsc#1218915).
    - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
    - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
    - CVE-2024-23850: Fixed double free of anonymous device after snapshot  creation failure (bsc#1219126).
    - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
    - CVE-2023-52457: Fixed skipped resource freeing if  pm_runtime_resume_and_get() failed (bsc#1220350).
    - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
    - CVE-2023-52451: Fixed access beyond end of drmem array  (bsc#1220250).
    - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier  (bsc#1220238).
    - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
    - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround  (bsc#1220251).
    - CVE-2024-26598: Fixed potential UAF in LPI translation  cache (bsc#1220326).
    - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
    - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
    - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
    - CVE-2023-52443: Fixed crash when parsed profile name is empty  (bsc#1220240).
    - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
    - CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
    - CVE-2024-26586: Fixed stack corruption (bsc#1220243).
    - CVE-2024-26595: Fixed NULL pointer dereference in  error path (bsc#1220344).
    - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
    - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump  (bsc#1220253).
    - CVE-2024-1151: Fixed unlimited number of recursions from action  sets (bsc#1219835).
    - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the     same transaction (bsc#1218216).
    - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv  (bsc#1219127).
    - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
    - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0975-1 advisory.

    The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-26600: Fixed NULL pointer dereference for SRP (bsc#1220340).
    - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
    - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
    - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
    - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
    - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
    - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
    - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
    - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
    - CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
    - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
    - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
    - CVE-2021-33200: Fixed a leakage of uninitialized bpf stack under speculation. (bsc#1186484)
    - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
    - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
    - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
    - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
    - CVE-2023-52340: Fixed ICMPv6 Packet Too Big packets force a DoS of the Linux kernel by forcing     100% CPU (bsc#1219295).
    - CVE-2024-0607: Fixed 64-bit load issue in  nft_byteorder_eval() (bsc#1218915).
    - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
    - CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
    - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
    - CVE-2023-52451: Fixed access beyond end of drmem array  (bsc#1220250).
    - CVE-2021-46953: Fixed a corruption in interrupt mappings on watchdow probe failure (bsc#1220599).
    - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier  (bsc#1220238).
    - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
    - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
    - CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
    - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
    - CVE-2021-47054: Fixed a bug to put child node before return (bsc#1220767).
    - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
    - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
    - CVE-2021-46906: Fixed an info leak in hid_submit_ctrl (bsc#1220421).
    - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
    - CVE-2020-36777: Fixed a memory leak in dvb_media_device_free (bsc#1220526).
    - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
    - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
    - CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
    - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
    - CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
    - CVE-2024-26595: Fixed NULL pointer dereference in  error path (bsc#1220344).
    - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
    - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
    - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-1 advisory.

    Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate     certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability.
    A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive     information. (CVE-2023-1194)

    Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel,     leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service     (system crash) or possibly execute arbitrary code. (CVE-2023-32254)

    It was discovered that a race condition existed in the KSMBD implementation in the Linux kernel when     handling session connections, leading to a use- after-free vulnerability. A remote attacker could use this     to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32258)

    It was discovered that the KSMBD implementation in the Linux kernel did not properly validate buffer sizes     in certain operations, leading to an integer underflow and out-of-bounds read vulnerability. A remote     attacker could use this to cause a denial of service (system crash) or possibly expose sensitive     information. (CVE-2023-38427)

    Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate SMB     request protocol IDs, leading to a out-of- bounds read vulnerability. A remote attacker could possibly use     this to cause a denial of service (system crash). (CVE-2023-38430)

    Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate     packet header sizes in certain situations, leading to an out-of-bounds read vulnerability. A remote     attacker could use this to cause a denial of service (system crash) or possibly expose sensitive     information. (CVE-2023-38431)

    It was discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup     requests, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose     sensitive information. (CVE-2023-3867)

    Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly     handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a     guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838)

    It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache     memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion).
    (CVE-2023-52340)

    It was discovered that the device mapper driver in the Linux kernel did not properly validate target size     during certain memory allocations. A local attacker could use this to cause a denial of service (system     crash). (CVE-2023-52429, CVE-2024-23851)

    Yang Chaoming discovered that the KSMBD implementation in the Linux kernel did not properly validate     request buffer sizes, leading to an out-of-bounds read vulnerability. An attacker could use this to cause     a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-22705)

    Chenyuan Yang discovered that the btrfs file system in the Linux kernel did not properly handle read     operations on newly created subvolumes in certain conditions. A local attacker could use this to cause a     denial of service (system crash). (CVE-2024-23850)

    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to     a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a     denial of service (system crash). (CVE-2024-24860)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - Architecture specifics;

    - Block layer;

    - Cryptographic API;

    - Android drivers;

    - EDAC drivers;

    - GPU drivers;

    - Media drivers;

    - Multifunction device drivers;

    - MTD block device drivers;

    - Network drivers;

    - NVME drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - EFI Variable file system;

    - F2FS file system;

    - GFS2 file system;

    - SMB network file system;

    - BPF subsystem;

    - IPv6 Networking;

    - Network Traffic Control;

    - AppArmor security module; (CVE-2023-52463, CVE-2023-52445, CVE-2023-52462, CVE-2023-52609,     CVE-2023-52448, CVE-2023-52457, CVE-2023-52464, CVE-2023-52456, CVE-2023-52454, CVE-2023-52438,     CVE-2023-52480, CVE-2023-52443, CVE-2023-52442, CVE-2024-26631, CVE-2023-52439, CVE-2023-52612,     CVE-2024-26598, CVE-2024-26586, CVE-2024-26589, CVE-2023-52444, CVE-2023-52436, CVE-2024-26633,     CVE-2024-26597, CVE-2023-52458, CVE-2024-26591, CVE-2023-52449, CVE-2023-52467, CVE-2023-52441,     CVE-2023-52610, CVE-2023-52451, CVE-2023-52469, CVE-2023-52470)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3841 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3841-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     June 25, 2024                                 https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-5.10     Version        : 5.10.209-2~deb10u1     CVE ID         : CVE-2023-6040 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536                      CVE-2023-6606 CVE-2023-6915 CVE-2023-39198 CVE-2023-46838                      CVE-2023-51779 CVE-2023-52340 CVE-2023-52436 CVE-2023-52438                      CVE-2023-52439 CVE-2023-52443 CVE-2023-52444 CVE-2023-52445                      CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454                      CVE-2023-52456 CVE-2023-52457 CVE-2023-52462 CVE-2023-52463                      CVE-2023-52464 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470                      CVE-2023-52609 CVE-2023-52612 CVE-2023-52675 CVE-2023-52679                      CVE-2023-52683 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691                      CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698                      CVE-2024-0646 CVE-2024-1086 CVE-2024-24860 CVE-2024-26586                      CVE-2024-26597 CVE-2024-26598 CVE-2024-26633

    Several vulnerabilities were discovered in the Linux kernel that may     lead to a privilege escalation, denial of service or information     leaks.

    For Debian 10 buster, these problems were fixed earlier in version     5.10.209-2~deb10u1.  This update additionally included many more bug     fixes from stable updates 5.10.206-5.10.209 inclusive.

    For the detailed security status of linux-5.10 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-5.10

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
192006	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0855-1)	Nessus	SuSE Local Security Checks	3/13/2024	12/16/2024	high
204220	Photon OS 5.0: Linux PHSA-2024-5.0-0198	Nessus	PhotonOS Local Security Checks	7/24/2024	11/8/2024	high
200276	Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)	Nessus	Ubuntu Local Security Checks	6/10/2024	1/8/2025	high
192141	SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0900-1)	Nessus	SuSE Local Security Checks	3/15/2024	12/16/2024	high
192503	SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0975-1)	Nessus	SuSE Local Security Checks	3/23/2024	12/13/2024	high
193084	Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6725-1)	Nessus	Ubuntu Local Security Checks	4/9/2024	8/27/2024	critical
201106	Debian dla-3841 : linux-config-5.10 - security update	Nessus	Debian Local Security Checks	6/27/2024	6/28/2024	high

Detections

Analytics

Plugins Search

high

high

high

high

high

critical

high