Detections
Analytics
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20521)
high Nessus Plugin ID 247835
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20521 advisory.- perf: Fix perf_event_validate_size() lockdep splat (Mark Rutland) [Orabug: 36261486] {CVE-2023-6931}
- perf: Fix perf_event_validate_size() (Peter Zijlstra) [Orabug: 36261486] {CVE-2023-6931}
- Add Zen34 clients (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Pedro Tammela) [Orabug:
38049365] {CVE-2025-38001}
- smb: client: Fix use-after-free in cifs_fill_dirent (Zhaolong Wang) [Orabug: 38094972] {CVE-2025-38051}
- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [Orabug: 38186911] {CVE-2024-56655}
- ALSA: pcm: Fix race of buffer access at PCM OSS layer (Takashi Iwai) [Orabug: 38095147] {CVE-2025-38078}
- can: bcm: add missing rcu read protection for procfs content (Oliver Hartkopp) [Orabug: 38049371] {CVE-2025-38003}
- can: bcm: add locking for bcm_op runtime updates (Oliver Hartkopp) [Orabug: 38049376] {CVE-2025-38004}
- crypto: algif_hash - fix double free in hash_accept (Ivan Pravdin) [Orabug: 38095156] {CVE-2025-38079}
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Cong Wang) [Orabug: 38049359] {CVE-2025-38000}
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (Al Viro) [Orabug: 38095002] {CVE-2025-38058}
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (Goldwyn Rodrigues) [Orabug:
38094858] {CVE-2025-38034}
- nvmet-tcp: don't restore null sk_state_change (Alistair Francis) [Orabug: 38094865] {CVE-2025-38035}
- vxlan: Annotate FDB data races (Ido Schimmel) [Orabug: 38094881] {CVE-2025-38037}
- net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (Peter Seiderer) [Orabug:
38095027] {CVE-2025-38061}
- media: cx231xx: set device_caps for 417 (Hans Verkuil) [Orabug: 38094937] {CVE-2025-38044}
- orangefs: Do not truncate file size (Matthew Wilcox) [Orabug: 38095058] {CVE-2025-38065}
- dm cache: prevent BUG_ON by blocking retries on failed device resumes (Ming-Hung Tsai) [Orabug:
38095065] {CVE-2025-38066}
- libnvdimm/labels: Fix divide error in nd_label_data_init() (Robert Richter) [Orabug: 38095111] {CVE-2025-38072}
- scsi: target: iscsi: Fix timeout on deleted connection (Dmitry Bogdanov) [Orabug: 38095136] {CVE-2025-38075}
- openvswitch: Fix unsafe attribute parsing in output_userspace() (Eelco Chaudron) [Orabug: 38015150] {CVE-2025-37998}
- nfs: handle failure of nfs_get_lock_context in unlock path (Li Lingfeng) [Orabug: 38094820] {CVE-2025-38023}
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (Zhu Yanjun) [Orabug: 38094829] {CVE-2025-38024}
- usb: typec: ucsi: displayport: Fix NULL pointer access (Andrei Kuchynski) [Orabug: 38015128] {CVE-2025-37994}
- module: ensure that kobject_put() is safe for module type kobjects (Dmitry Antipov) [Orabug: 38015133] {CVE-2025-37995}
- xenbus: Use kref to track req lifetime (Jason Andryuk) [Orabug: 37976936] {CVE-2025-37949}
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (Silvano Seva) [Orabug:
37977033] {CVE-2025-37969}
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (Silvano Seva) [Orabug: 37977039] {CVE-2025-37970}
- netfilter: ipset: fix region locking in hash types (Jozsef Kadlecsik) [Orabug: 38015143] {CVE-2025-37997}
- sch_htb: make htb_deactivate() idempotent (Cong Wang) [Orabug: 38186817] {CVE-2025-37953}
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (Pavel Paklov) [Orabug: 37976839] {CVE-2025-37927}
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (Suzuki K Poulose) [Orabug: 37930014] {CVE-2025-37819}
- sch_htb: make htb_qlen_notify() idempotent (Cong Wang) [Orabug: 37976860] {CVE-2025-37932}
- of: module: add buffer overflow check in of_modalias() (Sergey Shtylyov) [Orabug: 36753382] {CVE-2024-38541}
- net: lan743x: Fix memleak issue when GSO enabled (Thangaraj Samynathan) [Orabug: 37976767] {CVE-2025-37909}
- net_sched: qfq: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug:
37976785] {CVE-2025-37913}
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Victor Nogueira) [Orabug:
37967412] {CVE-2025-37890}
- net_sched: drr: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug:
37976794] {CVE-2025-37915}
- tracing: Fix oob write in trace_seq_to_buffer() (Jeongjun Park) [Orabug: 37976823] {CVE-2025-37923}
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (Xu Wang) [Orabug: 37977121] {CVE-2025-37990}
- parisc: Fix double SIGFPE crash (Helge Deller) [Orabug: 37977129] {CVE-2025-37991}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 247835
File Name: oraclelinux_ELSA-2025-20521.nasl
Version: 1.1
Type: local
Agent: unix
Published: 8/11/2025
Updated: 8/11/2025
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 4.7
Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2023-6931
CVSS v3
Risk Factor: High
Base Score: 7
Temporal Score: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, cpe:/o:oracle:linux:7, cpe:/a:oracle:linux:7:9:uekr6_els, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/10/2025
Vulnerability Publication Date: 6/13/2023
Reference Information
CVE: CVE-2023-6931, CVE-2024-36350, CVE-2024-36357, CVE-2024-38541, CVE-2024-56655, CVE-2025-37819, CVE-2025-37890, CVE-2025-37909, CVE-2025-37913, CVE-2025-37915, CVE-2025-37923, CVE-2025-37927, CVE-2025-37932, CVE-2025-37949, CVE-2025-37953, CVE-2025-37969, CVE-2025-37970, CVE-2025-37990, CVE-2025-37991, CVE-2025-37994, CVE-2025-37995, CVE-2025-37997, CVE-2025-37998, CVE-2025-38000, CVE-2025-38001, CVE-2025-38003, CVE-2025-38004, CVE-2025-38023, CVE-2025-38024, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38044, CVE-2025-38051, CVE-2025-38058, CVE-2025-38061, CVE-2025-38065, CVE-2025-38066, CVE-2025-38072, CVE-2025-38075, CVE-2025-38078, CVE-2025-38079