Detections
Analytics

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20470)

high Nessus Plugin ID 242164

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20470 advisory.

 - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (Jeff Layton) {CVE-2025-38089}
 - net_sched: sch_sfq: move the limit validation (Octavian Purdila) {CVE-2025-37752}
 - Add Zen34 clients (Borislav Petkov (AMD)) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - Add normal counters (Borislav Petkov (AMD)) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD)) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD)) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD)) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD)) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38023240] {CVE-2024-36350} {CVE-2024-36357}
 - padata: do not leak refcount in reorder_work (Dominik Grzegorzek) [Orabug: 38094844] {CVE-2025-38031}
 - netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [Orabug: 38071844] {CVE-2024-56655}
 - btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (Filipe Manana) [Orabug:
 37074536] {CVE-2024-46751}
 - sctp: add mutual exclusion in proc_sctp_do_udp_port() (Eric Dumazet) [Orabug: 37844338] {CVE-2025-22062}
 - usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (Dan Carpenter) [Orabug: 37433551] {CVE-2024-53203}
 - usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (Rd Babiera) [Orabug: 36642199] {CVE-2024-35790}
 - usb: typec: ucsi: displayport: Fix deadlock (Andrei Kuchynski) [Orabug: 37977019] {CVE-2025-37967}
 - dmaengine: ti: k3-udma: Add missing locking (Ronald Wahl) [Orabug: 38094757] {CVE-2025-38005}
 - wifi: mt76: disable napi on driver removal (Fedor Pchelkin) [Orabug: 38094771] {CVE-2025-38009}
 - net_sched: Flush gso_skb list too during ->change() (Cong Wang) [Orabug: 37998129] {CVE-2025-37992}
 - nfs: handle failure of nfs_get_lock_context in unlock path (Li Lingfeng) [Orabug: 38094819] {CVE-2025-38023}
 - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (Zhu Yanjun) [Orabug: 38094828] {CVE-2025-38024}
 - usb: typec: ucsi: displayport: Fix NULL pointer access (Andrei Kuchynski) [Orabug: 38015127] {CVE-2025-37994}
 - module: ensure that kobject_put() is safe for module type kobjects (Dmitry Antipov) [Orabug: 38015132] {CVE-2025-37995}
 - xenbus: Use kref to track req lifetime (Jason Andryuk) [Orabug: 37976935] {CVE-2025-37949}
 - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (Silvano Seva) [Orabug:
 37977032] {CVE-2025-37969}
 - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (Silvano Seva) [Orabug: 37977038] {CVE-2025-37970}
 - netfilter: ipset: fix region locking in hash types (Jozsef Kadlecsik) [Orabug: 38015142] {CVE-2025-37997}
 - openvswitch: Fix unsafe attribute parsing in output_userspace() (Eelco Chaudron) [Orabug: 38015149] {CVE-2025-37998}
 - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (Suzuki K Poulose) [Orabug: 37930013] {CVE-2025-37819}
 - firmware: arm_scmi: Balance device refcount when destroying devices (Cristian Marussi) [Orabug:
 37976753] {CVE-2025-37905}
 - of: module: add buffer overflow check in of_modalias() (Sergey Shtylyov) [Orabug: 36753381] {CVE-2024-38541}
 - net: lan743x: Fix memleak issue when GSO enabled (Thangaraj Samynathan) [Orabug: 37976766] {CVE-2025-37909}
 - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (Shruti Parab) [Orabug: 37976774] {CVE-2025-37911}
 - net_sched: qfq: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug:
 37976784] {CVE-2025-37913}
 - net_sched: ets: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug:
 37976789] {CVE-2025-37914}
 - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Victor Nogueira) [Orabug:
 37967411] {CVE-2025-37890}
 - net_sched: drr: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug:
 37976793] {CVE-2025-37915}
 - net/sched: act_mirred: don't override retval if we already lost the skb (Jakub Kicinski) [Orabug:
 36530679] {CVE-2024-26739}
 - KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (Sean Christopherson) [Orabug:
 37685666] {CVE-2025-21839}
 - tracing: Fix oob write in trace_seq_to_buffer() (Jeongjun Park) [Orabug: 37976822] {CVE-2025-37923}
 - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (Pavel Paklov) [Orabug: 37976837] {CVE-2025-37927}
 - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (Xu Wang) [Orabug: 37977120] {CVE-2025-37990}
 - parisc: Fix double SIGFPE crash (Helge Deller) [Orabug: 37977128] {CVE-2025-37991}
 - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Will Deacon) [Orabug: 38071958] {CVE-2025-37929}
 - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (Philipp Stanner) [Orabug: 37976851] {CVE-2025-37930}
 - drm/amd/display: fix double free issue during amdgpu module unload (Tim Huang) [Orabug: 37206238] {CVE-2024-49989}
 - udmabuf: fix a buf size overflow issue during udmabuf creation (Xiaogang Chen) [Orabug: 37929938] {CVE-2025-37803}
 - qibfs: fix _another_ leak (Al Viro) [Orabug: 37977083] {CVE-2025-37983}
 - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (Chenyuan Yang) [Orabug: 37937503] {CVE-2025-37881}
 - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (John Stultz) [Orabug: 37929953] {CVE-2025-37805}
 - s390/sclp: Add check for get_zeroed_page() (Haoxiang Li) [Orabug: 37937517] {CVE-2025-37883}
 - crypto: null - Use spin lock instead of mutex (Herbert Xu) [Orabug: 37929973] {CVE-2025-37808}
 - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (Oliver Neukum) [Orabug: 37977098] {CVE-2025-37985}
 - usb: dwc3: gadget: check that event count does not exceed event buffer length (Frode Isaksen) [Orabug:
 37929981] {CVE-2025-37810}
 - usb: cdns3: Fix deadlock when using NCM gadget (Ralph Siemsen) [Orabug: 37929988] {CVE-2025-37812}
 - KVM: x86: Reset IRTE to host control if *new* route isn't postable (Sean Christopherson) [Orabug:
 37937535] {CVE-2025-37885}
 - mcb: fix a double free bug in chameleon_parse_gdd() (Haoxiang Li) [Orabug: 37930000] {CVE-2025-37817}
 - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (Cong Wang) [Orabug: 37930028] {CVE-2025-37823}
 - net_sched: hfsc: Fix a UAF vulnerability in class handling (Cong Wang) [Orabug: 37908484] {CVE-2025-37797}
 - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (Tung Nguyen) [Orabug: 37930039] {CVE-2025-37824}
 - net: phy: leds: fix memory leak (Qingfang Deng) [Orabug: 37977112] {CVE-2025-37989}
 - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (Henry Martin) [Orabug: 37930051] {CVE-2025-37829}
 - cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (Henry Martin) [Orabug: 37930056] {CVE-2025-37830}
 - PCI: Fix reference leak in pci_register_host_bridge() (Ma Ke) [Orabug: 37937272] {CVE-2025-37836}
 - cifs: avoid NULL pointer dereference in dbg call (Alexandra Diupina) [Orabug: 37937310] {CVE-2025-37844}
 - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (Herve Codina) [Orabug:
 37901610] {CVE-2025-23144}
 - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (Chenyuan Yang) [Orabug:
 37901625] {CVE-2025-23148}
 - media: streamzap: fix race between device disconnection and urb callback (Murad Masimov) [Orabug:
 37844171] {CVE-2025-22027}
 - Bluetooth: SCO: Fix UAF on sco_sock_timeout (Luiz Augusto von Dentz) [Orabug: 37252400] {CVE-2024-50125}
 - pmdomain: ti: Add a null pointer check to the omap_prm_domain_init (Kunwu Chan) [Orabug: 36643315] {CVE-2024-35943}
 - f2fs: check validation of fault attrs in f2fs_build_fault_attr() (Chao Yu) [Orabug: 36897956] {CVE-2024-42160}
 - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (Oleg Nesterov) [Orabug:
 36530401] {CVE-2024-26686}
 - dm cache: fix flushing uninitialized delayed_work on cache_ctr error (Ming-Hung Tsai) [Orabug: 37298744] {CVE-2024-50280}
 - jfs: Fix shift-out-of-bounds in dbDiscardAG (Pei Li) [Orabug: 36993154] {CVE-2024-44938}
 - net: defer final 'struct net' free in netns dismantle (Eric Dumazet) [Orabug: 37434229] {CVE-2024-56658}
 - scsi: ufs: bsg: Set bsg_queue to NULL after removal (Guixin Liu) [Orabug: 37649536] {CVE-2024-54458}
 - openvswitch: fix lockup on tx to unregistering netdev with carrier (Ilya Maximets) [Orabug: 38071902] {CVE-2025-21681}
 - ipvs: properly dereference pe in ip_vs_add_service (Chen Hanxiao) [Orabug: 36964418] {CVE-2024-42322}
 - ext4: fix timer use-after-free on failed mount (Xiaxi Shen) [Orabug: 37206114] {CVE-2024-49960}
 - blk-iocost: do not WARN if iocg was already offlined (Li Nan) [Orabug: 36683303] {CVE-2024-36908}
 - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (Hou Tao) [Orabug: 37283326] {CVE-2023-52621}
 - bpf: avoid holding freeze_mutex during mmap operation (Andrii Nakryiko) [Orabug: 37702062] {CVE-2025-21853}
 - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers (Qun-Wei Lin) [Orabug: 37388807] {CVE-2024-53128}
 - smb: client: fix potential UAF in cifs_stats_proc_show() (Paulo Alcantara) [Orabug: 36642549] {CVE-2024-35867}
 - smb: client: fix potential deadlock when releasing mids (Paulo Alcantara) [Orabug: 37283429] {CVE-2023-52757}
 - smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() (Chenxiaosong) [Orabug:
 37074481] {CVE-2024-46742}
 - smb: client: fix NULL ptr deref in crypto_aead_setkey() (Paulo Alcantara) [Orabug: 38071970] {CVE-2024-53185}
 - smb: client: fix UAF in async decryption (Enzo Matsumiya) [Orabug: 37206489] {CVE-2024-50047}
 - cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) [Orabug: 36983926] {CVE-2023-52572}
 - ksmbd: fix potencial out-of-bounds when buffer offset is invalid (Namjae Jeon) [Orabug: 36596770] {CVE-2024-26952}
 - smb: client: fix potential UAF in cifs_dump_full_key() (Paulo Alcantara) [Orabug: 36642544] {CVE-2024-35866}
 - drm/amdgpu: fix usage slab after free (Vitaly Prosyak) [Orabug: 37433728] {CVE-2024-56551}
 - drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (Hersen Wu) [Orabug:
 37116370] {CVE-2024-46816}
 - wifi: ath10k: avoid NULL pointer error during sdio remove (Kang Yang) [Orabug: 37433947] {CVE-2024-56599}
 - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (Nathan Lynch) [Orabug: 37074647] {CVE-2024-46774}
 - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (Souradeep Chakrabarti) [Orabug:
 37074695] {CVE-2024-46784}
 - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Michal Schmidt) [Orabug: 36753377] {CVE-2024-38540}
 - phonet/pep: fix racy skb_queue_empty() use (Remi Denis-Courmont) [Orabug: 36642006] {CVE-2024-27402}
 - filemap: Fix bounds checking in filemap_read() (Trond Myklebust) [Orabug: 37298710] {CVE-2024-50272}
 - net: fix crash when config small gso_max_size/gso_ipv4_max_size (Wang Liang) [Orabug: 37268692] {CVE-2024-50258}
 - ipv6: release nexthop on device removal (Paolo Abeni) [Orabug: 37434497] {CVE-2024-56751}
 - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (Kunihiko Hayashi) [Orabug: 37901585] {CVE-2025-23140}
 - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (Chris Bainbridge) [Orabug: 37901817] {CVE-2025-37765}
 - drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero (Denis Arefev) [Orabug:
 37901823,37901827,37901830,37901840,37901847] {CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37770,CVE-2025-37771}
 - drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero (Denis Arefev) [Orabug:
 37901823,37901827,37901830,37901840,37901847] {CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37770,CVE-2025-37771}
 - drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero (Denis Arefev) [Orabug:
 37901823,37901827,37901830,37901840,37901847] {CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37770,CVE-2025-37771}
 - drm/amd/pm/powerplay: Prevent division by zero (Denis Arefev) [Orabug:
 37901823,37901827,37901830,37901840,37901847] {CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37770,CVE-2025-37771}
 - drm/amd/pm: Prevent division by zero (Denis Arefev) [Orabug:
 37901823,37901827,37901830,37901840,37901847] {CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37770,CVE-2025-37771}
 - virtiofs: add filesystem context source name check (Xiangsheng Hou) [Orabug: 37901854] {CVE-2025-37773}
 - isofs: Prevent the use of too small fid (Edward Adam Davis) [Orabug: 37901889] {CVE-2025-37780}
 - i2c: cros-ec-tunnel: defer probe if parent EC is not present (Thadeu Lima de Souza Cascardo) [Orabug:
 37901896] {CVE-2025-37781}
 - net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (Vladimir Oltean) [Orabug: 37901916] {CVE-2025-37787}
 - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (Abdun Nihaal) [Orabug: 37901919] {CVE-2025-37788}
 - net: openvswitch: fix nested key length validation in the set() action (Ilya Maximets) [Orabug:
 37901922] {CVE-2025-37789}
 - net: mctp: Set SOCK_RCU_FREE (Matt Johnston) [Orabug: 37901929] {CVE-2025-37790}
 - igc: fix PTM cycle trigger logic (Christopher S Hall) [Orabug: 37937458] {CVE-2025-37875}
 - Bluetooth: btrtl: Prevent potential NULL dereference (Dan Carpenter) [Orabug: 37901933] {CVE-2025-37792}
 - RDMA/core: Silence oversized kvmalloc() warning (Shay Drory) [Orabug: 37937427] {CVE-2025-37867}
 - wifi: wl1251: fix memory leak in wl1251_tx_work (Abdun Nihaal) [Orabug: 37977075] {CVE-2025-37982}
 - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (Remi Pommarel) [Orabug: 37901939] {CVE-2025-37794}
 - wifi: at76c50x: fix use after free access in at76_disconnect (Abdun Nihaal) [Orabug: 37901952] {CVE-2025-37796}
 - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition (Kaixin Wang) [Orabug: 37855340] {CVE-2025-37838}
 - ftrace: Add cond_resched() to ftrace_graph_set_hash() (Zhoumin) [Orabug: 37976892] {CVE-2025-37940}
 - sctp: detect and prevent references to a freed transport in sendmsg (Ricardo Canuelo Navarro) [Orabug:
 37901596] {CVE-2025-23142}
 - mtd: inftlcore: Add error check for inftl_read_oob() (Xu Wang) [Orabug: 37976719] {CVE-2025-37892}
 - mptcp: fix NULL pointer in can_accept_new_subflow (Gang Yan) [Orabug: 37901614] {CVE-2025-23145}
 - mfd: ene-kb3930: Fix a potential NULL pointer dereference (Chenyuan Yang) [Orabug: 37901617] {CVE-2025-23146}
 - jbd2: remove wrong sb->s_sequence check (Jan Kara) [Orabug: 37937282] {CVE-2025-37839}
 - i3c: Add NULL pointer check in i3c_master_queue_ibi() (Manjunatha Venkatesh) [Orabug: 37901621] {CVE-2025-23147}
 - ext4: fix off-by-one error in do_split (Artem Sadovnikov) [Orabug: 37901630] {CVE-2025-23150}
 - bus: mhi: host: Fix race between unprepare and queue_buf (Jeffrey Hugo) [Orabug: 37901637] {CVE-2025-23151}
 - media: venus: hfi_parser: refactor hfi packet parsing logic (Vikash Garodia) [Orabug: 37901647] {CVE-2025-23156}
 - media: venus: hfi_parser: add check to avoid out of bound access (Vikash Garodia) [Orabug: 37901652] {CVE-2025-23157}
 - mtd: rawnand: brcmnand: fix PM resume warning (Kamal Dasu) [Orabug: 37937291] {CVE-2025-37840}
 - media: venus: hfi: add check to handle incorrect queue size (Vikash Garodia) [Orabug: 37901656] {CVE-2025-23158}
 - media: venus: hfi: add a check to handle OOB in sfr region (Vikash Garodia) [Orabug: 37901661] {CVE-2025-23159}
 - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (Josh Poimboeuf) [Orabug: 37937328] {CVE-2025-37850}
 - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (Ryo Takakura) [Orabug: 37901667] {CVE-2025-23161}
 - net: vlan: don't propagate flags on open (Stanislav Fomichev) [Orabug: 37901683] {CVE-2025-23163}
 - scsi: st: Fix array overflow in st_setup() (Kai Makisara) [Orabug: 37937378] {CVE-2025-37857}
 - ext4: ignore xattrs past end (Bhupesh) [Orabug: 37901690] {CVE-2025-37738}
 - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() (Chao Yu) [Orabug: 37901700] {CVE-2025-37739}
 - jfs: add sanity check for agwidth in dbMount (Edward Adam Davis) [Orabug: 37901706] {CVE-2025-37740}
 - jfs: Prevent copying of nlink with value 0 from disk inode (Edward Adam Davis) [Orabug: 37901715] {CVE-2025-37741}
 - fs/jfs: Prevent integer overflow in AG size calculation (Rand Deeb) [Orabug: 37937386] {CVE-2025-37858}
 - jfs: Fix uninit-value access of imap allocated in the diMount() function (Zhongqiu Han) [Orabug:
 37901723] {CVE-2025-37742}
 - page_pool: avoid infinite loop to schedule delayed worker (Jason Xing) [Orabug: 37937394] {CVE-2025-37859}
 - HID: pidff: Fix null pointer dereference in pidff_find_fields (Tomasz Pakula) [Orabug: 37937409] {CVE-2025-37862}
 - pm: cpupower: bench: Prevent NULL dereference on malloc failure (Zhongqiu Han) [Orabug: 37937296] {CVE-2025-37841}
 - net: ppp: Add bound checking for skb data on ppp_sync_txmung (Arnaud Lecomte) [Orabug: 37901765] {CVE-2025-37749}
 - net: tls: explicitly disallow disconnect (Jakub Kicinski) [Orabug: 37901782] {CVE-2025-37756}
 - tipc: fix memory leak in tipc_link_xmit (Tung Nguyen) [Orabug: 37901789] {CVE-2025-37757}
 - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (Henry Martin) [Orabug:
 37901795] {CVE-2025-37758}
 - nfsd: decrease sc_count directly if fail to queue dl_recall (Li Lingfeng) [Orabug: 37938121] {CVE-2025-37871}
 - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (Luoxuanqiang) [Orabug: 37976780] {CVE-2025-37912}
 - usb: chipidea: ci_hdrc_imx: fix usbmisc handling (Fedor Pchelkin) [Orabug: 37938106] {CVE-2025-37811}
 - mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() (David Thompson) [Orabug:
 37955981,37989158] {CVE-2025-37866}
 - vhost-scsi: protect vq->log_used with vq->mutex (Dongli Zhang) [Orabug: 37840544,38095126] {CVE-2025-38074}
 - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - x86/its: Add 'vmexit' option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
 - x86/alternatives: Remove faulty optimization (Josh Poimboeuf) [Orabug: 37945842] {CVE-2024-28956}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-20470.html

Plugin Details

Severity: High

ID: 242164

File Name: oraclelinux_ELSA-2025-20470.nasl

Version: 1.1

Type: local

Agent: unix

Published: 7/16/2025

Updated: 7/16/2025

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-37803

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-container, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek64k, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, cpe:/o:oracle:linux:9:6:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek-core

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/14/2025

Vulnerability Publication Date: 12/14/2023

Reference Information

CVE: CVE-2023-52572, CVE-2023-52621, CVE-2023-52757, CVE-2024-26686, CVE-2024-26739, CVE-2024-26952, CVE-2024-27402, CVE-2024-35790, CVE-2024-35866, CVE-2024-35867, CVE-2024-35943, CVE-2024-36350, CVE-2024-36357, CVE-2024-36908, CVE-2024-38540, CVE-2024-38541, CVE-2024-42160, CVE-2024-42322, CVE-2024-44938, CVE-2024-46742, CVE-2024-46751, CVE-2024-46774, CVE-2024-46784, CVE-2024-46816, CVE-2024-49960, CVE-2024-49989, CVE-2024-50047, CVE-2024-50125, CVE-2024-50258, CVE-2024-50272, CVE-2024-50280, CVE-2024-53128, CVE-2024-53185, CVE-2024-53203, CVE-2024-54458, CVE-2024-56551, CVE-2024-56599, CVE-2024-56655, CVE-2024-56658, CVE-2024-56751, CVE-2025-21681, CVE-2025-21839, CVE-2025-21853, CVE-2025-22027, CVE-2025-22062, CVE-2025-23140, CVE-2025-23142, CVE-2025-23144, CVE-2025-23145, CVE-2025-23146, CVE-2025-23147, CVE-2025-23148, CVE-2025-23150, CVE-2025-23151, CVE-2025-23156, CVE-2025-23157, CVE-2025-23158, CVE-2025-23159, CVE-2025-23161, CVE-2025-23163, CVE-2025-37738, CVE-2025-37739, CVE-2025-37740, CVE-2025-37741, CVE-2025-37742, CVE-2025-37749, CVE-2025-37752, CVE-2025-37756, CVE-2025-37757, CVE-2025-37758, CVE-2025-37765, CVE-2025-37766, CVE-2025-37767, CVE-2025-37768, CVE-2025-37770, CVE-2025-37771, CVE-2025-37773, CVE-2025-37780, CVE-2025-37781, CVE-2025-37787, CVE-2025-37788, CVE-2025-37789, CVE-2025-37790, CVE-2025-37792, CVE-2025-37794, CVE-2025-37796, CVE-2025-37797, CVE-2025-37803, CVE-2025-37805, CVE-2025-37808, CVE-2025-37810, CVE-2025-37812, CVE-2025-37817, CVE-2025-37819, CVE-2025-37823, CVE-2025-37824, CVE-2025-37829, CVE-2025-37830, CVE-2025-37836, CVE-2025-37838, CVE-2025-37839, CVE-2025-37840, CVE-2025-37841, CVE-2025-37844, CVE-2025-37850, CVE-2025-37857, CVE-2025-37858, CVE-2025-37859, CVE-2025-37862, CVE-2025-37867, CVE-2025-37875, CVE-2025-37881, CVE-2025-37883, CVE-2025-37885, CVE-2025-37890, CVE-2025-37892, CVE-2025-37905, CVE-2025-37909, CVE-2025-37911, CVE-2025-37913, CVE-2025-37914, CVE-2025-37915, CVE-2025-37923, CVE-2025-37927, CVE-2025-37929, CVE-2025-37930, CVE-2025-37940, CVE-2025-37949, CVE-2025-37967, CVE-2025-37969, CVE-2025-37970, CVE-2025-37982, CVE-2025-37983, CVE-2025-37985, CVE-2025-37989, CVE-2025-37990, CVE-2025-37991, CVE-2025-37992, CVE-2025-37994, CVE-2025-37995, CVE-2025-37997, CVE-2025-37998, CVE-2025-38005, CVE-2025-38009, CVE-2025-38023, CVE-2025-38024, CVE-2025-38031, CVE-2025-38089