Detections
Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20471)

medium Nessus Plugin ID 242165

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20471 advisory.

 - Add Zen34 clients (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - udmabuf: fix a buf size overflow issue during udmabuf creation (Xiaogang Chen) [Orabug: 37929939] {CVE-2025-37803}
 - qibfs: fix _another_ leak (Al Viro) [Orabug: 37977084] {CVE-2025-37983}
 - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (Chenyuan Yang) [Orabug: 37937504] {CVE-2025-37881}
 - crypto: null - Use spin lock instead of mutex (Herbert Xu) [Orabug: 37929974] {CVE-2025-37808}
 - usb: dwc3: gadget: check that event count does not exceed event buffer length (Frode Isaksen) [Orabug:
 37929982] {CVE-2025-37810}
 - usb: cdns3: Fix deadlock when using NCM gadget (Ralph Siemsen) [Orabug: 37929989] {CVE-2025-37812}
 - mcb: fix a double free bug in chameleon_parse_gdd() (Haoxiang Li) [Orabug: 37930001] {CVE-2025-37817}
 - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (Cong Wang) [Orabug: 37930029] {CVE-2025-37823}
 - net_sched: hfsc: Fix a UAF vulnerability in class handling (Cong Wang) [Orabug: 37908485] {CVE-2025-37797}
 - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (Tung Nguyen) [Orabug: 37930040] {CVE-2025-37824}
 - net: phy: leds: fix memory leak (Qingfang Deng) [Orabug: 37977113] {CVE-2025-37989}
 - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (Henry Martin) [Orabug: 37930052] {CVE-2025-37829}
 - drm/amd/pm: Prevent division by zero (Denis Arefev) [Orabug: 37901824,37901841,37901831] {CVE-2025-37766,CVE-2025-37768,CVE-2025-37770}
 - ext4: fix OOB read when checking dotdot dir (Jakub Acs) [Orabug: 37855335] {CVE-2025-37785}
 - virtio-net: Add validation for used length (Xie Yongji) [Orabug: 37079171] {CVE-2021-47352}
 - RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche) [Orabug: 36530711] {CVE-2024-26744}
 - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (Kunihiko Hayashi) [Orabug: 37901587] {CVE-2025-23140}
 - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264115] {CVE-2024-50154}
 - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (Chris Bainbridge) [Orabug: 37901818] {CVE-2025-37765}
 - virtiofs: add filesystem context source name check (Xiangsheng Hou) [Orabug: 37901855] {CVE-2025-37773}
 - isofs: Prevent the use of too small fid (Edward Adam Davis) [Orabug: 37901890] {CVE-2025-37780}
 - i2c: cros-ec-tunnel: defer probe if parent EC is not present (Thadeu Lima de Souza Cascardo) [Orabug:
 37901898] {CVE-2025-37781}
 - net: openvswitch: fix nested key length validation in the set() action (Ilya Maximets) [Orabug:
 37901923] {CVE-2025-37789}
 - Bluetooth: btrtl: Prevent potential NULL dereference (Dan Carpenter) [Orabug: 37901934] {CVE-2025-37792}
 - wifi: wl1251: fix memory leak in wl1251_tx_work (Abdun Nihaal) [Orabug: 37977076] {CVE-2025-37982}
 - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (Remi Pommarel) [Orabug: 37901940] {CVE-2025-37794}
 - wifi: at76c50x: fix use after free access in at76_disconnect (Abdun Nihaal) [Orabug: 37901953] {CVE-2025-37796}
 - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition (Kaixin Wang) [Orabug: 37855341] {CVE-2025-37838}
 - ftrace: Add cond_resched() to ftrace_graph_set_hash() (Zhoumin) [Orabug: 37976893] {CVE-2025-37940}
 - sctp: detect and prevent references to a freed transport in sendmsg (Ricardo Canuelo Navarro) [Orabug:
 37901597] {CVE-2025-23142}
 - mtd: inftlcore: Add error check for inftl_read_oob() (Xu Wang) [Orabug: 37976720] {CVE-2025-37892}
 - jbd2: remove wrong sb->s_sequence check (Jan Kara) [Orabug: 37937283] {CVE-2025-37839}
 - i3c: Add NULL pointer check in i3c_master_queue_ibi() (Manjunatha Venkatesh) [Orabug: 37901622] {CVE-2025-23147}
 - ext4: fix off-by-one error in do_split (Artem Sadovnikov) [Orabug: 37901631] {CVE-2025-23150}
 - media: venus: hfi_parser: add check to avoid out of bound access (Vikash Garodia) [Orabug: 37901653] {CVE-2025-23157}
 - mtd: rawnand: brcmnand: fix PM resume warning (Kamal Dasu) [Orabug: 37937292] {CVE-2025-37840}
 - media: venus: hfi: add check to handle incorrect queue size (Vikash Garodia) [Orabug: 37901657] {CVE-2025-23158}
 - media: venus: hfi: add a check to handle OOB in sfr region (Vikash Garodia) [Orabug: 37901662] {CVE-2025-23159}
 - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (Josh Poimboeuf) [Orabug: 37937329] {CVE-2025-37850}
 - net: vlan: don't propagate flags on open (Stanislav Fomichev) [Orabug: 37901684] {CVE-2025-23163}
 - scsi: st: Fix array overflow in st_setup() (Kai Makisara) [Orabug: 37937379] {CVE-2025-37857}
 - ext4: ignore xattrs past end (Bhupesh) [Orabug: 37901692] {CVE-2025-37738}
 - jfs: add sanity check for agwidth in dbMount (Edward Adam Davis) [Orabug: 37901707] {CVE-2025-37740}
 - jfs: Prevent copying of nlink with value 0 from disk inode (Edward Adam Davis) [Orabug: 37901716] {CVE-2025-37741}
 - fs/jfs: Prevent integer overflow in AG size calculation (Rand Deeb) [Orabug: 37937387] {CVE-2025-37858}
 - page_pool: avoid infinite loop to schedule delayed worker (Jason Xing) [Orabug: 37937395] {CVE-2025-37859}
 - HID: pidff: Fix null pointer dereference in pidff_find_fields (Tomasz Pakula) [Orabug: 37937410] {CVE-2025-37862}
 - pm: cpupower: bench: Prevent NULL dereference on malloc failure (Zhongqiu Han) [Orabug: 37937297] {CVE-2025-37841}
 - net: ppp: Add bound checking for skb data on ppp_sync_txmung (Arnaud Lecomte) [Orabug: 37901766] {CVE-2025-37749}
 - tipc: fix memory leak in tipc_link_xmit (Tung Nguyen) [Orabug: 37901790] {CVE-2025-37757}
 - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (Henry Martin) [Orabug:
 37901796] {CVE-2025-37758}
 - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Add 'vmexit' option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000}
 - net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001}
 - net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555}
 - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667}
 - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug:
 37844202] {CVE-2025-22035}
 - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045}
 - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054}
 - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637}
 - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063}
 - spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071}
 - spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073}
 - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937}
 - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079}
 - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086}
 - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug:
 37844108] {CVE-2024-58093}
 - thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136}
 - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020}
 - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021}
 - atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018}
 - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug:
 37828196] {CVE-2025-21996}
 - net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004}
 - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005}
 - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007}
 - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956}
 - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug:
 37828167] {CVE-2025-21991}
 - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992}
 - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957}
 - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug:
 37828181] {CVE-2025-21993}
 - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971}
 - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959}
 - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283,37846673] {CVE-2025-21638}
 - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug:
 37497303,37846668] {CVE-2025-21640}
 - jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) [Orabug: 37855411] {CVE-2025-39735}
 - slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) [Orabug:
 37827905] {CVE-2025-21914}
 - Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [Orabug: 36597911] {CVE-2024-26982}
 - usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) [Orabug: 37828336] {CVE-2025-21916}
 - usb: renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) [Orabug: 37827913] {CVE-2025-21917}
 - vlan: enforce underlying device type (Oscar Maes) [Orabug: 37827929] {CVE-2025-21920}
 - ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) [Orabug: 37827937] {CVE-2025-21922}
 - llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) [Orabug: 37827950] {CVE-2025-21925}
 - caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) [Orabug: 37827863] {CVE-2025-21904}
 - net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) [Orabug: 37827956] {CVE-2025-21926}
 - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) [Orabug: 37827964] {CVE-2025-21928}
 - wifi: iwlwifi: limit printed string from FW file (Johannes Berg) [Orabug: 37827870] {CVE-2025-21905}
 - rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) [Orabug: 37827984] {CVE-2025-21934}
 - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) [Orabug: 37827989] {CVE-2025-21935}
 - wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) [Orabug:
 37827880] {CVE-2025-21909}
 - wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) [Orabug: 37827887] {CVE-2025-21910}
 - HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) [Orabug: 37828025] {CVE-2025-21948}
 - acct: perform last write from workqueue (Christian Brauner) [Orabug: 37702044] {CVE-2025-21846}
 - drop_monitor: fix incorrect initialization order (Gavrilov Ilia) [Orabug: 37702107] {CVE-2025-21862}
 - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (Quang Le) [Orabug: 37611837] {CVE-2025-21702}
 - sched/core: Prevent rescheduling when interrupts are disabled (Thomas Gleixner) [Orabug: 37766213] {CVE-2024-58090}
 - usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) [Orabug: 37766256] {CVE-2025-21877}
 - ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) [Orabug: 37827849] {CVE-2025-21898}
 - batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) [Orabug: 37650307] {CVE-2025-21823}
 - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) [Orabug: 37702054] {CVE-2025-21848}
 - tee: optee: Fix supplicant wait loop (Sumit Garg) [Orabug: 37766233] {CVE-2025-21871}
 - geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) [Orabug: 37702088] {CVE-2025-21858}
 - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) [Orabug: 37702123] {CVE-2025-21866}
 - USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) [Orabug: 37702094] {CVE-2025-21859}
 - memcg: fix soft lockup in the OOM process (Chen Ridong) [Orabug: 37649599] {CVE-2024-57977}
 - driver core: bus: Fix double free in driver API bus_register() (Zijun Hu) [Orabug: 37206511] {CVE-2024-50055}
 - pps: Fix a use-after-free (Calvin Owens) [Orabug: 37649607] {CVE-2024-57979}
 - nilfs2: protect access to buffers with no active references (Ryusuke Konishi) [Orabug: 37650248] {CVE-2025-21811}
 - nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) [Orabug: 37649878] {CVE-2025-21722}
 - ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) [Orabug: 37650045] {CVE-2025-21760}
 - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) [Orabug: 37650052] {CVE-2025-21761}
 - arp: use RCU protection in arp_xmit() (Eric Dumazet) [Orabug: 37650059] {CVE-2025-21762}
 - neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) [Orabug: 37650066] {CVE-2025-21763}
 - ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) [Orabug: 37650072] {CVE-2025-21764}
 - ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) [Orabug: 37650078] {CVE-2025-21765}
 - partitions: mac: fix handling of bogus partition table (Jann Horn) [Orabug: 37650105] {CVE-2025-21772}
 - usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) [Orabug: 37634049] {CVE-2025-21704}
 - USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) [Orabug:
 37650120] {CVE-2025-21776}
 - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) [Orabug: 37685650] {CVE-2025-21835}
 - batman-adv: fix panic during interface removal (Andy Strohman) [Orabug: 37650144] {CVE-2025-21781}
 - orangefs: fix a oob in orangefs_debug_write (Mike Marshall) [Orabug: 37650149] {CVE-2025-21782}
 - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) [Orabug: 37650160] {CVE-2025-21785}
 - team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) [Orabug: 37650167] {CVE-2025-21787}
 - vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) [Orabug: 37650181] {CVE-2025-21791}
 - HID: multitouch: Add NULL check in mt_input_configured (Charles Han) [Orabug: 37649788] {CVE-2024-58020}
 - ptp: Ensure info->enable callback is always set (Thomas Weissschuh) [Orabug: 37650263] {CVE-2025-21814}
 - NFC: nci: Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) [Orabug: 37649936] {CVE-2025-21735}
 - nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) [Orabug: 37649942] {CVE-2025-21736}
 - ocfs2: handle a symlink read error correctly (Matthew Wilcox) [Orabug: 37649687] {CVE-2024-58001}
 - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
 - soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) [Orabug: 37649715] {CVE-2024-58007}
 - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) [Orabug: 37649971] {CVE-2025-21744}
 - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) [Orabug: 37678567] {CVE-2024-58083}
 - binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) [Orabug: 37649721] {CVE-2024-58010}
 - net: rose: lock the socket in rose_bind() (Eric Dumazet) [Orabug: 37649987] {CVE-2025-21749}
 - usb: xhci: Fix NULL pointer dereference on certain command aborts (Michal Pecio) [Orabug: 37649622] {CVE-2024-57981}
 - net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) [Orabug: 37649812] {CVE-2025-21708}
 - media: uvcvideo: Remove dangling pointers (Ricardo Ribalda) [Orabug: 37649696] {CVE-2024-58002}
 - nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) [Orabug: 37649870] {CVE-2025-21721}
 - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) [Orabug:
 37649750] {CVE-2024-58014}
 - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) [Orabug: 37649768] {CVE-2024-58017}
 - btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) [Orabug:
 37650014] {CVE-2025-21753}
 - usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) [Orabug: 37678479] {CVE-2024-58055}
 - media: uvcvideo: Fix double free in error path (Laurent Pinchart) [Orabug: 37649615] {CVE-2024-57980}
 - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) [Orabug: 37649644] {CVE-2024-57986}
 - net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) [Orabug: 37649846] {CVE-2025-21715}
 - net: rose: fix timer races against user threads (Eric Dumazet) [Orabug: 37649856] {CVE-2025-21718}
 - ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) [Orabug: 37649862] {CVE-2025-21719}
 - ubifs: skip dumping tnc tree when zroot is null (Pangliyuan) [Orabug: 37678491] {CVE-2024-58058}
 - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) [Orabug: 37678517] {CVE-2024-58069}
 - rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) [Orabug: 37649564] {CVE-2024-57973}
 - bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) [Orabug: 37649909] {CVE-2025-21728}
 - net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) [Orabug:
 37592533] {CVE-2025-21700}
 - net: let net.core.dev_weight always be non-zero (Liu Jian) [Orabug: 37650232] {CVE-2025-21806}
 - team: prevent adding a device which is already a team device lower (Octavian Purdila) [Orabug: 37678523] {CVE-2024-58071}
 - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) [Orabug: 37678504] {CVE-2024-58063}
 - wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) [Orabug: 37678530] {CVE-2024-58072}
 - ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) [Orabug: 37678457] {CVE-2024-58051}
 - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) [Orabug: 37678463] {CVE-2024-58052}
 - nbd: don't allow reconnect after disconnect (Yu Kuai) [Orabug: 37649918] {CVE-2025-21731}
 - net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36983924] {CVE-2023-52532}
 - net: core: reject skb_copy(_expand) for fraglist GSO skbs (Felix Fietkau) [Orabug: 36683418] {CVE-2024-36929}
 - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [Orabug: 36643088] {CVE-2024-35884}
 - udp: never accept GSO_FRAGLIST packets (Paolo Abeni) [Orabug: 36643088] {CVE-2024-35884}
 - udp: initialize is_flist with 0 in udp_gro_receive (Xin Long) [Orabug: 36643088] {CVE-2024-35884}
 - ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494}
 - sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Hoiland-Jorgensen) [Orabug:
 37497384] {CVE-2025-21647}
 - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37611855] {CVE-2025-21703}
 - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima) [Orabug: 37707676] {CVE-2025-21865}
 - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin) [Orabug: 37650394] {CVE-2024-58009}
 - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487] {CVE-2024-50046}
 - drm/v3d: Assign job pointer to NULL before signaling the fence (Maira Canal) [Orabug: 37707590] {CVE-2025-21688}
 - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz) [Orabug: 37592080] {CVE-2025-21689}
 - ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200960] {CVE-2024-49884}
 - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
 - net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206012] {CVE-2024-49936}
 - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [Orabug: 37592129] {CVE-2025-21699}
 - net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388796] {CVE-2024-53124}
 - scsi: sg: Fix slab-use-after-free read in sg_release() (Surajsonawane2415) [Orabug: 37434118] {CVE-2024-56631}
 - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200707] {CVE-2024-47707}
 - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) [Orabug: 37592153] {CVE-2025-21694}
 - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) [Orabug: 37555776] {CVE-2024-57948}
 - drm/v3d: Ensure job pointer is set to NULL after job completion (Maira Canal) [Orabug: 37592115] {CVE-2025-21697}
 - gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima) [Orabug: 37555832] {CVE-2025-21678}
 - sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497290] {CVE-2025-21639}
 - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) [Orabug: 37485004,37707634] {CVE-2024-57892}
 - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) [Orabug: 37497149] {CVE-2024-57904}
 - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497160] {CVE-2024-57906}
 - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497169] {CVE-2024-57908}
 - iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497179] {CVE-2024-57910}
 - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) [Orabug:
 37497183] {CVE-2024-57911}
 - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497189] {CVE-2024-57912}
 - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) [Orabug: 37497196] {CVE-2024-57913}
 - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) [Orabug: 37592120,37497205] {CVE-2024-57915,CVE-2025-21698}
 - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) [Orabug: 37497225] {CVE-2024-57922}
 - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283] {CVE-2025-21638}
 - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303] {CVE-2025-21640}
 - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) [Orabug: 37506783] {CVE-2025-21664}
 - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) [Orabug: 37497346] {CVE-2025-21653}
 - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) [Orabug:
 37497249] {CVE-2024-57929}
 - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938] {CVE-2023-52450}
 - io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug:
 36897354,37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37304721,37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - NFSD: Limit the number of concurrent async COPY operations (Chuck L ...

 Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-20471.html

Plugin Details

Severity: Medium

ID: 242165

File Name: oraclelinux_ELSA-2025-20471.nasl

Version: 1.4

Type: local

Agent: unix

Published: 7/16/2025

Updated: 9/11/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-37803

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.7

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-28956

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek, cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2025

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2021-47352, CVE-2024-26744, CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2024-50154, CVE-2025-23140, CVE-2025-23142, CVE-2025-23147, CVE-2025-23150, CVE-2025-23157, CVE-2025-23158, CVE-2025-23159, CVE-2025-23163, CVE-2025-37738, CVE-2025-37740, CVE-2025-37741, CVE-2025-37749, CVE-2025-37757, CVE-2025-37758, CVE-2025-37765, CVE-2025-37766, CVE-2025-37768, CVE-2025-37770, CVE-2025-37773, CVE-2025-37780, CVE-2025-37781, CVE-2025-37785, CVE-2025-37789, CVE-2025-37792, CVE-2025-37794, CVE-2025-37796, CVE-2025-37797, CVE-2025-37803, CVE-2025-37808, CVE-2025-37810, CVE-2025-37812, CVE-2025-37817, CVE-2025-37823, CVE-2025-37824, CVE-2025-37829, CVE-2025-37838, CVE-2025-37839, CVE-2025-37840, CVE-2025-37841, CVE-2025-37850, CVE-2025-37857, CVE-2025-37858, CVE-2025-37859, CVE-2025-37862, CVE-2025-37881, CVE-2025-37892, CVE-2025-37940, CVE-2025-37982, CVE-2025-37983, CVE-2025-37989