net: dsa: netdev_priv() dereference before check on non-DSA netdevice events.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4102 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4102-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     March 31, 2025                                https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-6.1     Version        : 6.1.129-1~deb11u1     CVE ID         : CVE-2024-26596 CVE-2024-40945 CVE-2024-42069 CVE-2024-42122                      CVE-2024-45001 CVE-2024-47726 CVE-2024-49989 CVE-2024-50061                      CVE-2024-54458 CVE-2024-56549 CVE-2024-57834 CVE-2024-57973                      CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981                      CVE-2024-57986 CVE-2024-57993 CVE-2024-57996 CVE-2024-57997                      CVE-2024-57998 CVE-2024-58001 CVE-2024-58007 CVE-2024-58009                      CVE-2024-58010 CVE-2024-58011 CVE-2024-58013 CVE-2024-58014                      CVE-2024-58016 CVE-2024-58017 CVE-2024-58020 CVE-2024-58034                      CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055                      CVE-2024-58056 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063                      CVE-2024-58068 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072                      CVE-2024-58076 CVE-2024-58077 CVE-2024-58080 CVE-2024-58083                      CVE-2024-58085 CVE-2024-58086 CVE-2025-21684 CVE-2025-21700                      CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705                      CVE-2025-21706 CVE-2025-21707 CVE-2025-21708 CVE-2025-21711                      CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719                      CVE-2025-21722 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726                      CVE-2025-21727 CVE-2025-21728 CVE-2025-21731 CVE-2025-21734                      CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21744                      CVE-2025-21745 CVE-2025-21748 CVE-2025-21749 CVE-2025-21750                      CVE-2025-21753 CVE-2025-21758 CVE-2025-21760 CVE-2025-21761                      CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765                      CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21775                      CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781                      CVE-2025-21782 CVE-2025-21785 CVE-2025-21787 CVE-2025-21790                      CVE-2025-21791 CVE-2025-21792 CVE-2025-21794 CVE-2025-21795                      CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804                      CVE-2025-21806 CVE-2025-21811 CVE-2025-21812 CVE-2025-21814                      CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823                      CVE-2025-21826 CVE-2025-21829 CVE-2025-21830 CVE-2025-21832                      CVE-2025-21835     Debian Bug     : 1071562 1087807 1088159 1091517 1091858 1093371 1095435                      1095745 1095764 1098250 1098354 1099138

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    For Debian 11 bullseye, these problems have been fixed in version     6.1.129-1~deb11u1.  This additionally includes many more bug fixes     from stable update 6.1.129, and a fix for a regression affecting some     Rockchip SoCs.

    We recommend that you upgrade your linux-6.1 packages.

    For the detailed security status of linux-6.1 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-6.1

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4314-1 advisory.

    The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
    - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking     (bsc#1232823).
    - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events     (bsc#1220355).
    - CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished()     (bsc#1222587).
    - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
    - CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
    - CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
    - CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
    - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
    - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
    - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
    - CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
    - CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
    - CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
    - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
    - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
    - CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
    - CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
    - CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again'     (bsc#1233132).
    - CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
    - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
    - CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
    - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
    - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
    - CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
    - CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
    - CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
    - CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
    - CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion     (bsc#1232272).
    - CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
    - CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
    - CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation     (bsc#1232354).
    - CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation     (bsc#1232352).
    - CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
    - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
    - CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
    - CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func     (bsc#1232337).
    - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func     (bsc#1232366).
    - CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'     (bsc#1232367).
    - CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream     (bsc#1232307).
    - CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
    - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
    - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
    - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
    - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
    - CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
    - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
    - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
    - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
    - CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error     (bsc#1232149).
    - CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
    - CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
    - CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
    - CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
    - CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
    - CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35     (bsc#1232396).
    - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
    - CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
    - CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
    - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
    - CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing     (bsc#1232079).
    - CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
    - CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
    - CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
    - CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
    - CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
    - CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
    - CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
    - CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
    - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
    - CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
    - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
    - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
    - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
    - CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
    - CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
    - CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
    - CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx()     (bsc#1233044).
    - CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
    - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
    - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
    - CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
    - CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
    - CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
    - CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
    - CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
    - CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
    - CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
    - CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
    - CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
    - CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).
    - CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
    - CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
    - CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
    - CVE-2024-50248: ntfs3: add bounds checking to mi_enum_attr() (bsc#1233219).
    - CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
    - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
    - CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
    - CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233453).
    - CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
    - CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
    - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
    - CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
    - CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
    - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
    - CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
    - CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
    - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
    - CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
    - CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()     (bsc#1233540).
    - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
    - CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
    - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
    - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
    - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
    - CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
    - CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
    - CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
    - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
    - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
    - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
    - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26596 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv()     dereference before check on non-DSA netdevice events After the blamed commit, we started doing this     dereference for every NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system. static inline     struct dsa_port *dsa_user_to_port(const struct net_device *dev) { struct dsa_user_priv *p =     netdev_priv(dev); return p->dp; } Which is obviously bogus, because not all net_devices have a     netdev_priv() of type struct dsa_user_priv. But struct dsa_user_priv is fairly small, and p->dp means     dereferencing 8 bytes starting with offset 16. Most drivers allocate that much private memory anyway,     making our access not fault, and we discard the bogus data quickly afterwards, so this wasn't caught. But     the dummy interface is somewhat special in that it calls alloc_netdev() with a priv size of 0. So every     netdev_priv() dereference is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event with a     VLAN as its new upper: $ ip link add dummy1 type dummy $ ip link add link dummy1 name dummy1.100 type vlan     id 100 [ 43.309174] ================================================================== [ 43.316456] BUG:
    KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8 [ 43.323835] Read of size 8 at addr     ffff3f86481d2990 by task ip/374 [ 43.330058] [ 43.342436] Call trace: [ 43.366542]     dsa_user_prechangeupper+0x30/0xe8 [ 43.371024] dsa_user_netdevice_event+0xb38/0xee8 [ 43.375768]     notifier_call_chain+0xa4/0x210 [ 43.379985] raw_notifier_call_chain+0x24/0x38 [ 43.384464]
    __netdev_upper_dev_link+0x3ec/0x5d8 [ 43.389120] netdev_upper_dev_link+0x70/0xa8 [ 43.393424]     register_vlan_dev+0x1bc/0x310 [ 43.397554] vlan_newlink+0x210/0x248 [ 43.401247] rtnl_newlink+0x9fc/0xe30     [ 43.404942] rtnetlink_rcv_msg+0x378/0x580 Avoid the kernel oops by dereferencing after the type check, as     customary. (CVE-2024-26596)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4316-1 advisory.

    The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
    - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking     (bsc#1232823).
    - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events     (bsc#1220355).
    - CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished()     (bsc#1222587).
    - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
    - CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
    - CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
    - CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
    - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
    - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
    - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
    - CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
    - CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
    - CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
    - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
    - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
    - CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
    - CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
    - CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again'     (bsc#1233132).
    - CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
    - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
    - CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
    - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
    - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
    - CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
    - CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
    - CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
    - CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion     (bsc#1232272).
    - CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
    - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
    - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func     (bsc#1232366).
    - CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'     (bsc#1232367).
    - CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
    - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
    - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
    - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
    - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
    - CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
    - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
    - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
    - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
    - CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
    - CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
    - CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
    - CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
    - CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
    - CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35     (bsc#1232396).
    - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
    - CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
    - CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
    - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
    - CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
    - CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
    - CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
    - CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
    - CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
    - CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
    - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
    - CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
    - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
    - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
    - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
    - CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
    - CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
    - CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
    - CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx()     (bsc#1233044).
    - CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
    - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
    - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
    - CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
    - CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
    - CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
    - CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
    - CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
    - CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
    - CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
    - CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
    - CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
    - CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).
    - CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
    - CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
    - CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
    - CVE-2024-50248: ntfs3: add bounds checking to mi_enum_attr() (bsc#1233219).
    - CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
    - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
    - CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
    - CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
    - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans     (bsc#1233453).
    - CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
    - CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
    - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
    - CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
    - CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
    - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
    - CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
    - CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
    - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
    - CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
    - CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()     (bsc#1233540).
    - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
    - CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
    - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
    - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
    - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
    - CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
    - CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
    - CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
    - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
    - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
    - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
    - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0289-1 advisory.

    The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security     bugfixes.


    The following security bugs were fixed:

    - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events     (bsc#1220355).
    - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
    - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
    - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info     (bsc#1224726).
    - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
    - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
    - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
    - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205).
    - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705).
    - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
    - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
    - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
    - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
    - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727).
    - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
    - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158).
    - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
    - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087).
    - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
    - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909).
    - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
    - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
    - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
    - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
    - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
    - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
    - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
    - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error     (bsc#1233467 bsc#1233469).
    - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
    - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
    - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
    - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488).
    - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
    - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546).
    - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
    - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
    - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
    - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
    - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
    - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638).
    - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772).
    - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069).
    - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
    - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086).
    - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
    - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079).
    - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071).
    - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
    - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
    - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
    - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
    - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
    - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
    - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221)
    - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159).
    - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
    - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
    - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810).
    - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
    - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
    - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888).
    - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898).
    - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893).
    - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
    - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901).
    - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957).
    - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906).
    - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe()     (bsc#1234923).
    - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
    - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003).
    - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974).
    - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011).
    - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050).
    - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045).
    - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000).
    - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
    - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
    - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720).
    - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737).
    - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745).
    - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753).
    - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
    - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033).
    - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
    - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031).
    - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
    - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128).
    - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123).
    - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241).
    - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138).
    - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()     (bsc#1235521).
    - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415).
    - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()     (bsc#1235056).
    - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()     (bsc#1235061).
    - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM     (bsc#1235391).
    - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424).
    - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426).
    - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU     (bsc#1235429).
    - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227).
    - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251).
    - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
    - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519).
    - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520).
    - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523).
    - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526).
    - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132).
    - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
    - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449).
    - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444).
    - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439).
    - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437).
    - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
    - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555).
    - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412).
    - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
    - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564).
    - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565).
    - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587).
    - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503).
    - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934).
    - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627).
    - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
    - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
    - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653).
    - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657).
    - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
    - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768).
    - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906).
    - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940).
    - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779).
    - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793).
    - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798).
    - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946).
    - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964).
    - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount     (bsc#1235965).
    - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967).
    - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096).
    - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190).
    - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178).
    - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106).
    - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143).
    - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue     (bsc#1236144).
    - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145).
    - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv()     dereference before check on non-DSA netdevice events After the blamed commit, we started doing this     dereference for every NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system. static inline     struct dsa_port *dsa_user_to_port(const struct net_device *dev) { struct dsa_user_priv *p =     netdev_priv(dev); return p->dp; } Which is obviously bogus, because not all net_devices have a     netdev_priv() of type struct dsa_user_priv. But struct dsa_user_priv is fairly small, and p->dp means     dereferencing 8 bytes starting with offset 16. Most drivers allocate that much private memory anyway,     making our access not fault, and we discard the bogus data quickly afterwards, so this wasn't caught. But     the dummy interface is somewhat special in that it calls alloc_netdev() with a priv size of 0. So every     netdev_priv() dereference is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event with a     VLAN as its new upper: $ ip link add dummy1 type dummy $ ip link add link dummy1 name dummy1.100 type vlan     id 100 [ 43.309174] ================================================================== [ 43.316456] BUG:
    KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8 [ 43.323835] Read of size 8 at addr     ffff3f86481d2990 by task ip/374 [ 43.330058] [ 43.342436] Call trace: [ 43.366542]     dsa_user_prechangeupper+0x30/0xe8 [ 43.371024] dsa_user_netdevice_event+0xb38/0xee8 [ 43.375768]     notifier_call_chain+0xa4/0x210 [ 43.379985] raw_notifier_call_chain+0x24/0x38 [ 43.384464]
    __netdev_upper_dev_link+0x3ec/0x5d8 [ 43.389120] netdev_upper_dev_link+0x70/0xa8 [ 43.393424]     register_vlan_dev+0x1bc/0x310 [ 43.397554] vlan_newlink+0x210/0x248 [ 43.401247] rtnl_newlink+0x9fc/0xe30     [ 43.404942] rtnetlink_rcv_msg+0x378/0x580 Avoid the kernel oops by dereferencing after the type check, as     customary. (CVE-2024-26596)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Published	Updated	Severity
503958	Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-26596)	Tenable OT Security	Tenable.ot	11/13/2025	2/14/2026	medium
233595	Debian dla-4102 : linux-config-6.1 - security update	Nessus	Debian Local Security Checks	4/1/2025	4/1/2025	high
213018	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:4314-1)	Nessus	SuSE Local Security Checks	12/14/2024	9/24/2025	high
213016	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:4318-1)	Nessus	SuSE Local Security Checks	12/14/2024	1/6/2026	critical
295208	Azure Linux 3.0 Security Update: kernel (CVE-2024-26596)	Nessus	Azure Linux Local Security Checks	1/22/2026	1/22/2026	medium
213015	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:4316-1)	Nessus	SuSE Local Security Checks	12/14/2024	9/24/2025	high
214901	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:0289-1)	Nessus	SuSE Local Security Checks	2/3/2025	9/24/2025	high
227475	Linux Distros Unpatched Vulnerability : CVE-2024-26596	Nessus	Misc.	3/5/2025	9/5/2025	medium

Detections

Analytics

Plugins Search

medium

high

high

critical

medium

high

high

medium