This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Oracle Linux host is missing one or more security updates.
From Red Hat Security Advisory 2017:0892 :
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux
Security Fix(es) :
* A race condition flaw was found in the N_HLDC Linux kernel driver
when accessing n_hdlc.tbuf list that can lead to double free. A local,
unprivileged user able to set the HDLC line discipline on the tty
device could use this flaw to increase their privileges on the system.
* A flaw was found in the Linux kernel's implementation of seq_file
where a local attacker could manipulate memory in the put() function
pointer. This could lead to memory corruption and possible privileged
escalation. (CVE-2016-7910, Moderate)
Red Hat would like to thank Alexander Popov for reporting
Bug Fix(es) :
* Previously, Chelsio firmware included an incorrectly-formatted
firmware bin file. As a consequence, the firmware could not be
flashed. This update provides a firmware bin file that is formatted
correctly. As a result, Chelsio firmware can now be flashed
* When multiple simultaneous processes attempted to read from the
/proc/stat file, spinlock overhead was generated on Non-Uniform Memory
Access (NUMA) systems. Consequently, a large amount of CPU was
consumed. With this update, the underlying source code has been fixed
to avoid taking spinlock when the interrupt line does not exist. As a
result, the spinlock overhead is now generated less often, and
multiple simultaneous processes can now read /proc/stat without
consuming a large amount of CPU. (BZ#1428106)
See also :
Update the affected kernel packages.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false