Detections
Analytics
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20520)
high Nessus Plugin ID 247834
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20520 advisory.- perf: Fix perf_event_validate_size() lockdep splat (Mark Rutland) [Orabug: 36261485] {CVE-2023-6931}
- perf: Fix perf_event_validate_size() (Peter Zijlstra) [Orabug: 36261485] {CVE-2023-6931}
- nvme: tcp: avoid race between queue_lock lock and destroy (Hannes Reinecke) [Orabug: 37331887] {CVE-2024-53100}
- sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (Jeff Layton) [Orabug: 38137450] {CVE-2025-38089}
- net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38160459] {CVE-2025-37752}
- Add Zen34 clients (Borislav Petkov (AMD)) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
- x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
- Add normal counters (Borislav Petkov (AMD)) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
- KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD)) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD)) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD)) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
- x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD)) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38167060] {CVE-2024-36350} {CVE-2024-36357}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 247834
File Name: oraclelinux_ELSA-2025-20520.nasl
Version: 1.2
Type: local
Agent: unix
Published: 8/11/2025
Updated: 8/12/2025
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.9
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 4.7
Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2023-6931
CVSS v3
Risk Factor: High
Base Score: 7
Temporal Score: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-devel, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-container-debug, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k, cpe:/o:oracle:linux:9:6:baseos_patch
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/10/2025
Vulnerability Publication Date: 6/13/2023
Reference Information
CVE: CVE-2023-6931, CVE-2024-36350, CVE-2024-36357, CVE-2024-53100, CVE-2024-57996, CVE-2025-37752, CVE-2025-38089