The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0138-1 advisory.

    This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues.

    The following security issues were fixed:

    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233712).
    - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225429).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
    - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471).
    - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).
    - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
    - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
    - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349).
    - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0187-1 advisory.

    This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues.

    The following security issues were fixed:

    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233712).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
    - CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG (bsc#1231419).
    - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).
    - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0248-1 advisory.

    This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues.

    The following security issues were fixed:

    - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226324).
    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233712).
    - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
    - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
    - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471).
    - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311).
    - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309).
    - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).
    - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
    - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325).
    - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099).
    - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521).
    - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
    - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683).
    - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
    - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1220145).
    - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059).
    - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514).
    - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0239-1 advisory.

    This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.

    The following security issues were fixed:

    - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226324).
    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233712).
    - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
    - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309).
    - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312).
    - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651).
    - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0255-1 advisory.

    This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues.

    The following security issues were fixed:

    - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784).
    - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781).
    - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1227369).
    - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1229275).
    - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226324).
    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233712).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
    - CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG (bsc#1231419).
    - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).
    - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0252-1 advisory.

    This update for the Linux Kernel 5.14.21-150500_55_52 fixes several issues.

    The following security issues were fixed:

    - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1229275).
    - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226324).
    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233712).
    - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
    - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225429).
    - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).
    - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
    - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
    - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471).
    - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273).
    - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011).
    - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).
    - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311).
    - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
    - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309).
    - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353).
    - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).
    - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
    - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
    - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325).
    - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099).
    - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521).
    - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
    - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013).
    - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310).
    - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683).
    - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
    - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
    - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5     modules (bsc#1220145).
    - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059).
    - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
    - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514).
    - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832).
    - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that     could lead to local privilege escalation (bsc#1222685).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7088-1 advisory.

    Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer     overflow vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-36402)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - PowerPC architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - CPU frequency scaling framework;

    - Device frequency scaling framework;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - InfiniBand drivers;

    - Input Device core drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - EEPROM drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB subsystem;

    - BTRFS file system;

    - File systems infrastructure;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - BPF subsystem;

    - Core kernel;

    - DMA mapping infrastructure;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Simplified Mandatory Access Control Kernel framework;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2024-43894, CVE-2024-46737, CVE-2024-46828, CVE-2024-42244, CVE-2024-46723,     CVE-2024-41073, CVE-2024-46756, CVE-2024-42288, CVE-2024-46840, CVE-2024-46771, CVE-2024-46757,     CVE-2024-43860, CVE-2024-46747, CVE-2024-41017, CVE-2024-42246, CVE-2024-44988, CVE-2024-42281,     CVE-2024-36484, CVE-2024-43856, CVE-2024-47668, CVE-2024-46759, CVE-2024-46744, CVE-2024-42289,     CVE-2024-42131, CVE-2024-46679, CVE-2024-42304, CVE-2024-46818, CVE-2024-43858, CVE-2024-44960,     CVE-2024-45028, CVE-2024-26885, CVE-2024-46676, CVE-2024-46780, CVE-2024-42310, CVE-2024-44987,     CVE-2024-41090, CVE-2024-44954, CVE-2024-45026, CVE-2024-42285, CVE-2023-52614, CVE-2024-27051,     CVE-2024-43880, CVE-2024-43839, CVE-2024-43884, CVE-2024-42311, CVE-2024-43893, CVE-2024-41072,     CVE-2024-41091, CVE-2024-46758, CVE-2024-41022, CVE-2024-46745, CVE-2024-42305, CVE-2024-46673,     CVE-2024-42284, CVE-2024-46844, CVE-2024-46677, CVE-2024-45025, CVE-2024-43861, CVE-2024-43914,     CVE-2024-46783, CVE-2024-41012, CVE-2024-44999, CVE-2024-44946, CVE-2024-42276, CVE-2024-46740,     CVE-2024-42295, CVE-2024-44947, CVE-2024-41059, CVE-2024-26669, CVE-2024-38602, CVE-2024-42306,     CVE-2023-52918, CVE-2024-42297, CVE-2024-42229, CVE-2024-43853, CVE-2024-45006, CVE-2024-44998,     CVE-2024-42283, CVE-2024-44952, CVE-2024-46761, CVE-2024-43841, CVE-2024-44944, CVE-2024-42313,     CVE-2024-45008, CVE-2024-46714, CVE-2024-41065, CVE-2024-43883, CVE-2024-43867, CVE-2024-42286,     CVE-2024-43879, CVE-2024-43846, CVE-2024-42280, CVE-2024-43854, CVE-2021-47212, CVE-2024-35848,     CVE-2024-41020, CVE-2024-41068, CVE-2024-45021, CVE-2024-41098, CVE-2024-44965, CVE-2024-43890,     CVE-2024-45003, CVE-2024-44969, CVE-2024-41011, CVE-2024-46738, CVE-2024-41071, CVE-2024-26800,     CVE-2024-46721, CVE-2024-42292, CVE-2024-41081, CVE-2024-44948, CVE-2023-52531, CVE-2024-26891,     CVE-2024-26641, CVE-2024-42287, CVE-2024-46722, CVE-2024-41042, CVE-2024-46675, CVE-2024-46743,     CVE-2024-42259, CVE-2024-41015, CVE-2024-43908, CVE-2024-46719, CVE-2024-43871, CVE-2024-46739,     CVE-2024-42301, CVE-2024-47659, CVE-2024-42271, CVE-2024-26668, CVE-2024-43835, CVE-2024-46829,     CVE-2024-47667, CVE-2024-44995, CVE-2024-47669, CVE-2024-38611, CVE-2024-40929, CVE-2024-46815,     CVE-2024-43830, CVE-2024-42309, CVE-2024-41063, CVE-2024-46782, CVE-2024-46777, CVE-2024-42265,     CVE-2024-46781, CVE-2024-26607, CVE-2024-41064, CVE-2024-46685, CVE-2024-43882, CVE-2024-44935,     CVE-2024-46800, CVE-2024-46822, CVE-2024-46755, CVE-2024-46817, CVE-2024-43829, CVE-2024-46798,     CVE-2024-46689, CVE-2024-42290, CVE-2024-46750, CVE-2024-26640, CVE-2024-47663, CVE-2024-41070)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7088-2 advisory.

    Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer     overflow vulnerability. A local attacker could use this to cause a denial of service (system crash).
    (CVE-2022-36402)

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to     compromise the system. This update corrects flaws in the following subsystems:

    - ARM64 architecture;

    - PowerPC architecture;

    - User-Mode Linux (UML);

    - x86 architecture;

    - Block layer subsystem;

    - Cryptographic API;

    - Android drivers;

    - Serial ATA and Parallel ATA drivers;

    - ATM drivers;

    - Drivers core;

    - CPU frequency scaling framework;

    - Device frequency scaling framework;

    - GPU drivers;

    - HID subsystem;

    - Hardware monitoring drivers;

    - InfiniBand drivers;

    - Input Device core drivers;

    - Input Device (Miscellaneous) drivers;

    - IOMMU subsystem;

    - IRQ chip drivers;

    - ISDN/mISDN subsystem;

    - LED subsystem;

    - Multiple devices driver;

    - Media drivers;

    - EEPROM drivers;

    - VMware VMCI Driver;

    - MMC subsystem;

    - Network drivers;

    - Near Field Communication (NFC) drivers;

    - NVME drivers;

    - Device tree and open firmware driver;

    - Parport drivers;

    - PCI subsystem;

    - Pin controllers subsystem;

    - Remote Processor subsystem;

    - S/390 drivers;

    - SCSI drivers;

    - QCOM SoC drivers;

    - Direct Digital Synthesis drivers;

    - TTY drivers;

    - Userspace I/O drivers;

    - DesignWare USB3 driver;

    - USB Gadget drivers;

    - USB Serial drivers;

    - BTRFS file system;

    - File systems infrastructure;

    - Ext4 file system;

    - F2FS file system;

    - JFS file system;

    - NILFS2 file system;

    - BPF subsystem;

    - Core kernel;

    - DMA mapping infrastructure;

    - Tracing infrastructure;

    - Radix Tree data structure library;

    - Kernel userspace event delivery library;

    - Objagg library;

    - Memory management;

    - Amateur Radio drivers;

    - Bluetooth subsystem;

    - CAN network layer;

    - Networking core;

    - Ethtool driver;

    - IPv4 networking;

    - IPv6 networking;

    - IUCV driver;

    - KCM (Kernel Connection Multiplexor) sockets driver;

    - MAC80211 subsystem;

    - Netfilter;

    - Network traffic control;

    - SCTP protocol;

    - Sun RPC protocol;

    - TIPC protocol;

    - TLS protocol;

    - Wireless networking;

    - AppArmor security module;

    - Simplified Mandatory Access Control Kernel framework;

    - SoC audio core drivers;

    - USB sound devices; (CVE-2024-46714, CVE-2024-42288, CVE-2024-42290, CVE-2024-44987, CVE-2024-41090,     CVE-2024-42313, CVE-2024-46689, CVE-2024-46737, CVE-2024-44946, CVE-2024-44999, CVE-2024-44935,     CVE-2024-38602, CVE-2024-43883, CVE-2024-26607, CVE-2024-41091, CVE-2024-45025, CVE-2024-42305,     CVE-2024-26891, CVE-2024-41073, CVE-2024-44969, CVE-2024-26641, CVE-2024-46719, CVE-2024-40929,     CVE-2024-46721, CVE-2024-46740, CVE-2024-41012, CVE-2024-42280, CVE-2024-46738, CVE-2024-46722,     CVE-2024-42246, CVE-2024-41063, CVE-2024-41072, CVE-2024-41068, CVE-2024-43884, CVE-2024-46758,     CVE-2024-43861, CVE-2024-42306, CVE-2024-42285, CVE-2024-41065, CVE-2024-46818, CVE-2024-43894,     CVE-2024-44954, CVE-2024-42310, CVE-2024-46829, CVE-2023-52614, CVE-2024-47663, CVE-2024-42281,     CVE-2024-42297, CVE-2024-46800, CVE-2024-44960, CVE-2024-44952, CVE-2024-46747, CVE-2024-42286,     CVE-2024-41071, CVE-2024-43893, CVE-2023-52531, CVE-2024-43860, CVE-2024-46840, CVE-2024-41011,     CVE-2024-43890, CVE-2024-45026, CVE-2024-42292, CVE-2024-27051, CVE-2024-41015, CVE-2024-47668,     CVE-2024-46817, CVE-2024-43846, CVE-2024-44988, CVE-2024-44944, CVE-2024-43829, CVE-2024-45021,     CVE-2024-43914, CVE-2024-43856, CVE-2024-46673, CVE-2024-46771, CVE-2024-41081, CVE-2024-43830,     CVE-2024-43839, CVE-2024-43853, CVE-2024-47669, CVE-2024-42244, CVE-2021-47212, CVE-2024-46844,     CVE-2024-44965, CVE-2024-41059, CVE-2024-46783, CVE-2024-42295, CVE-2024-35848, CVE-2024-41017,     CVE-2024-47659, CVE-2024-42309, CVE-2024-26800, CVE-2024-41064, CVE-2024-43879, CVE-2024-46679,     CVE-2024-43854, CVE-2024-41022, CVE-2024-43858, CVE-2024-46739, CVE-2024-46685, CVE-2024-42289,     CVE-2024-44998, CVE-2024-46761, CVE-2024-46677, CVE-2024-42131, CVE-2024-46815, CVE-2024-46777,     CVE-2024-43880, CVE-2024-42276, CVE-2024-42265, CVE-2024-46723, CVE-2024-42259, CVE-2024-45028,     CVE-2024-42229, CVE-2024-42283, CVE-2024-44948, CVE-2024-44995, CVE-2024-46757, CVE-2024-46822,     CVE-2024-45006, CVE-2024-46780, CVE-2024-26668, CVE-2024-42284, CVE-2024-46782, CVE-2024-46781,     CVE-2024-43871, CVE-2024-42304, CVE-2024-42311, CVE-2024-45003, CVE-2024-46745, CVE-2024-41098,     CVE-2024-46750, CVE-2024-47667, CVE-2024-41020, CVE-2024-26640, CVE-2024-41070, CVE-2024-42301,     CVE-2024-43882, CVE-2024-45008, CVE-2024-26885, CVE-2024-42287, CVE-2024-46744, CVE-2024-43908,     CVE-2024-46798, CVE-2023-52918, CVE-2024-36484, CVE-2024-43841, CVE-2024-41042, CVE-2024-38611,     CVE-2024-43867, CVE-2024-26669, CVE-2024-42271, CVE-2024-46756, CVE-2024-44947, CVE-2024-43835,     CVE-2024-46676, CVE-2024-46743, CVE-2024-46759, CVE-2024-46675, CVE-2024-46828, CVE-2024-46755)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

net: usb: qmi_wwan: memory leak for not ip packets.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
214297	SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP5) (SUSE-SU-2025:0138-1)	Nessus	SuSE Local Security Checks	1/17/2025	1/17/2025	high
214427	SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP6) (SUSE-SU-2025:0187-1)	Nessus	SuSE Local Security Checks	1/21/2025	1/21/2025	high
214675	SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP4) (SUSE-SU-2025:0248-1)	Nessus	SuSE Local Security Checks	1/28/2025	1/28/2025	high
214683	SUSE SLES15 Security Update : kernel (Live Patch 45 for SLE 15 SP3) (SUSE-SU-2025:0239-1)	Nessus	SuSE Local Security Checks	1/28/2025	1/28/2025	high
214690	SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP6) (SUSE-SU-2025:0255-1)	Nessus	SuSE Local Security Checks	1/28/2025	1/28/2025	high
214691	SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP5) (SUSE-SU-2025:0252-1)	Nessus	SuSE Local Security Checks	1/28/2025	1/29/2025	high
210006	Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7088-1)	Nessus	Ubuntu Local Security Checks	10/31/2024	9/24/2025	high
210256	Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7088-2)	Nessus	Ubuntu Local Security Checks	11/5/2024	9/24/2025	high
504728	Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-43861)	Tenable OT Security	Tenable.ot	11/18/2025	11/18/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high