The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9363 advisory.

  - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel     privilege escalation from the context of a network service or an unprivileged process. If     sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the     auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network     service privileges to escalate to root or from the context of an unprivileged user directly if a     BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)

  - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an     hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)

  - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI     controller. (CVE-2021-32399)

  - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because     the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads     to writing an arbitrary value. (CVE-2021-33033)

  - User application could potentially make RPC call to the fastrpc driver and the driver will allow the     message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon     Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607,     MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD     429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD     845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 (CVE-2019-2308)

  - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-     free which might lead to privilege escalations. (CVE-2020-25671)

  - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free     which might lead to privilege escalations. (CVE-2020-25670)

  - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)

  - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable     out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre     mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer     arithmetic operations, the pointer modification performed by the first operation is not correctly     accounted for when restricting subsequent operations. (CVE-2021-29155)

  - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading     to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not     protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized     data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9363)

high Nessus Plugin ID 151689

Version 1.5

Version 1.4

Version 1.4

Version 1.3

Version 1.5 Jan 16, 2024, 8:55 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401162055
Version 1.4 Jan 16, 2024, 5:39 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401161739
Version 1.4 Dec 8, 2023, 3:54 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-33034") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202312081554
Version 1.3 Dec 8, 2023, 1:53 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-33034") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202312081353