The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9273 advisory.

  - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result     in data leakage. (CVE-2021-26341)

  - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
    (CVE-2021-26401)

  - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,     aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to     influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive     information. (CVE-2022-23960)

  - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the     hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session     or terminate that session. (CVE-2020-36516)

  - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to     obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)

  - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
    This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015) (CVE-2022-1016)

  - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through     crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected     versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)

  - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way     user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw     to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the     O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a     regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file     descriptor. (CVE-2022-24448)

  - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9273)

high Nessus Plugin ID 159642

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.6 Dec 13, 2023, 4:19 PM CVSSv3 score source (changed from "CVE-2022-1158" to "CVE-2022-22942") Plugin Feed: 202312131619
Version 1.5 Nov 2, 2023, 2:21 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202311021421
Version 1.4 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311
Version 1.3 Feb 1, 2023, 2:09 PM CVSSv3 score source (set to "CVE-2022-1158") Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202302011409