Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20552)

medium Nessus Plugin ID 261791

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20552 advisory.

- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38309912] {CVE-2025-38404}
- i2c/designware: Fix an initialization issue (Michael J. Ruhl) [Orabug: 38253850] {CVE-2025-38380}
- drm/v3d: Disable interrupts before resetting the GPU (Maira Canal) [Orabug: 38253820] {CVE-2025-38371}
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug:
38253906] {CVE-2025-38395}
- mtd: spinand: fix memory leak of ECC engine conf (Pablo Martin-Gomez) [Orabug: 38253863] {CVE-2025-38384}
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253874] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253945] {CVE-2025-38406}
- scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (Maurizio Lombardi) [Orabug: 38253914] {CVE-2025-38399}
- drm/msm: Fix a fence leak in submit error path (Rob Clark) [Orabug: 38253967] {CVE-2025-38410}
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju) [Orabug: 38253841] {CVE-2025-38377}
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253886] {CVE-2025-38389}
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (Kurt Borja) [Orabug:
38253976] {CVE-2025-38412}
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [Orabug: 38253900] {CVE-2025-38393}
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug:
38253922] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253880] {CVE-2025-38387}
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu) [Orabug: 38253927] {CVE-2025-38401}
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253893] {CVE-2025-38391}
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug:
38253936] {CVE-2025-38403}
- btrfs: don't drop extent_map for free space inode on write error (Josef Bacik) [Orabug: 36530624] {CVE-2024-26726}
- drm/amd/display: Add null pointer check for get_first_active_display() (Xu Wang) [Orabug: 38253794] {CVE-2025-38362}
- drm/tegra: Fix a possible null pointer dereference (Qiu-Ji Chen) [Orabug: 38253800] {CVE-2025-38363}
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug:
38175043] {CVE-2025-38245}
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug:
38175063] {CVE-2025-38249}
- atm: clip: prevent NULL deref in clip_push() (Eric Dumazet) [Orabug: 38175077] {CVE-2025-38251}
- s390/pkey: Prevent overflow in size calculation for memdup_user() (Fedor Pchelkin) [Orabug: 38175091] {CVE-2025-38257}
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev) [Orabug: 38158700] {CVE-2025-38230}
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski) [Orabug: 38175113] {CVE-2025-38262}
- bcache: fix NULL pointer in cache_set_flush() (Linggang Zeng) [Orabug: 38175119] {CVE-2025-38263}
- arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180595] {CVE-2025-38320}
- perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254029] {CVE-2025-38424}
- mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976983] {CVE-2025-37958}
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158476] {CVE-2025-38193}
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (James Morse) [Orabug: 37977005] {CVE-2025-37963}
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (James Morse) [Orabug: 37976929] {CVE-2025-37948}
- net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158405] {CVE-2025-38180}
- net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180611] {CVE-2025-38323}
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158412] {CVE-2025-38181}
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158424] {CVE-2025-38184}
- atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158433] {CVE-2025-38185}
- mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180617] {CVE-2025-38324}
- wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254010] {CVE-2025-38420}
- aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180627] {CVE-2025-38326}
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Jann Horn) [Orabug: 38132180] {CVE-2025-38085}
- mm: hugetlb: independent PMD page table shared count (Liu Shixin) [Orabug: 37484959] {CVE-2024-57883}
- mm/hugetlb: unshare page tables during VMA split, not before (Jann Horn) [Orabug: 38132171] {CVE-2025-38084}
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152876] {CVE-2025-38103}
- atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158457] {CVE-2025-38190}
- jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug:
38180635] {CVE-2025-38328}
- jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug:
38158483] {CVE-2025-38194}
- drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137453] {CVE-2025-38090}
- platform/x86: dell_rbu: Fix list usage (Stuart Hayes) [Orabug: 38158494] {CVE-2025-38197}
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158517] {CVE-2025-38200}
- scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180667] {CVE-2025-38332}
- software node: Correct a OOB check in software_node_get_reference_args() (Zijun Hu) [Orabug: 38180730] {CVE-2025-38342}
- media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug:
38175013] {CVE-2025-38237}
- jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158545] {CVE-2025-38203}
- jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158552] {CVE-2025-38204}
- exfat: fix double free in delayed_free (Namjae Jeon) [Orabug: 38158566] {CVE-2025-38206}
- ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180747] {CVE-2025-38344}
- ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180755] {CVE-2025-38345}
- remoteproc: core: Release rproc->clean_table after rproc_attach() fails (Xiaolei Wang) [Orabug:
38254002] {CVE-2025-38418}
- remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (Xiaolei Wang) [Orabug: 38254006] {CVE-2025-38419}
- net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132188] {CVE-2025-38086}
- ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180767] {CVE-2025-38346}
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug:
38158591] {CVE-2025-38211}
- ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158597] {CVE-2025-38212}
- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug:
38158614] {CVE-2025-38214}
- NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253991] {CVE-2025-38416}
- f2fs: fix to do sanity check on sit_bitmap_size (Chao Yu) [Orabug: 38158639] {CVE-2025-38218}
- f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug:
38158647] {CVE-2025-38219}
- Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254053] {CVE-2025-38428}
- ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug:
38158661] {CVE-2025-38222}
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180696] {CVE-2025-38336}
- media: vivid: Change the siize of the composing (Denis Arefev) [Orabug: 38158680] {CVE-2025-38226}
- media: vidtv: Terminating the subsequent process of initialization failure (Edward Adam Davis) [Orabug:
38158685] {CVE-2025-38227}
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158691] {CVE-2025-38229}
- jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug:
38180706] {CVE-2025-38337}
- nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (Li Lingfeng) [Orabug: 38158706] {CVE-2025-38231}
- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254061] {CVE-2025-38430}
- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180782] {CVE-2025-38348}
- x86/iopl: Cure TIF_IO_BITMAP inconsistencies (Thomas Gleixner) [Orabug: 38152863] {CVE-2025-38100}
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152868] {CVE-2025-38102}
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223086] {CVE-2025-38352}
- net_sched: ets: fix a race in ets_qdisc_change() (Eric Dumazet) [Orabug: 38152893] {CVE-2025-38107}
- net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152898] {CVE-2025-38108}
- net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105333] {CVE-2025-38083}
- net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) [Orabug: 38152911] {CVE-2025-38111}
- net: Fix TOCTOU issue in sk_is_readable() (Michal Luczaj) [Orabug: 38152915] {CVE-2025-38112}
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (Ritesh Harjani) [Orabug: 38137444] {CVE-2025-38088}
- net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152922] {CVE-2025-38115}
- ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (Jeongjun Park) [Orabug: 38180545] {CVE-2025-38305}
- scsi: core: ufs: Fix a hang in the error handler (Sanjeev Yadav) [Orabug: 38152945] {CVE-2025-38119}
- do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256449] {CVE-2025-38498}
- seg6: Fix validation of nexthop addresses (Ido Schimmel) [Orabug: 38180555] {CVE-2025-38310}
- netfilter: nf_set_pipapo_avx2: fix initial map fill (Florian Westphal) [Orabug: 38152957] {CVE-2025-38120}
- gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (Alok Tiwari) [Orabug: 38152965] {CVE-2025-38122}
- serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153011] {CVE-2025-38135}
- usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug:
38153016] {CVE-2025-38136}
- dmaengine: ti: Add NULL check in udma_probe() (Henry Martin) [Orabug: 38153029] {CVE-2025-38138}
- backlight: pm8941: Add NULL check in wled_configure() (Henry Martin) [Orabug: 38153050] {CVE-2025-38143}
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180565] {CVE-2025-38312}
- soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153059] {CVE-2025-38145}
- bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180572] {CVE-2025-38313}
- Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253984] {CVE-2025-38415}
- net: openvswitch: Fix the dead loop of MPLS parse (Faicker Mo) [Orabug: 38153064] {CVE-2025-38146}
- calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153069] {CVE-2025-38147}
- bpf: Avoid __bpf_prog_ret0_warn when jit fails (Kafai Wan) [Orabug: 38180470] {CVE-2025-38280}
- net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153088] {CVE-2025-38153}
- bpf, sockmap: Avoid using sk_socket after free when sending (Jiayuan Chen) [Orabug: 38153094] {CVE-2025-38154}
- wifi: ath9k_htc: Abort software beacon handling if disabled (Toke Hoiland-Jorgensen) [Orabug: 38153109] {CVE-2025-38157}
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (Alexey Kodanev) [Orabug:
38153121] {CVE-2025-38159}
- bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180488] {CVE-2025-38285}
- pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180494] {CVE-2025-38286}
- clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (Henry Martin) [Orabug: 38153131] {CVE-2025-38160}
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (Patrisious Haddad) [Orabug:
38153138] {CVE-2025-38161}
- f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153149] {CVE-2025-38163}
- wifi: ath11k: fix node corruption in ar->arvifs list (Stone Zhang) [Orabug: 38180515] {CVE-2025-38293}
- fs/ntfs3: handle hdr_first_de() return value (Andrey Vatoropin) [Orabug: 38153172] {CVE-2025-38167}
- drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (Charles Han) [Orabug: 38180589] {CVE-2025-38319}
- EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180524] {CVE-2025-38298}
- crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153188] {CVE-2025-38173}
- thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158383] {CVE-2025-38174}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-20552.html

Plugin Details

Severity: Medium

ID: 261791

File Name: oraclelinux_ELSA-2025-20552.nasl

Version: 1.1

Type: local

Agent: unix

Published: 9/9/2025

Updated: 9/9/2025

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-26726

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-container, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek64k, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, cpe:/o:oracle:linux:9:6:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek-core

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/8/2025

Vulnerability Publication Date: 4/3/2024

CISA Known Exploited Vulnerability Due Dates: 9/25/2025

Reference Information

CVE: CVE-2024-26726, CVE-2024-57883, CVE-2025-37948, CVE-2025-37958, CVE-2025-37963, CVE-2025-38000, CVE-2025-38001, CVE-2025-38003, CVE-2025-38004, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38043, CVE-2025-38044, CVE-2025-38048, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38065, CVE-2025-38066, CVE-2025-38068, CVE-2025-38072, CVE-2025-38075, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38083, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38088, CVE-2025-38090, CVE-2025-38094, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103, CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112, CVE-2025-38115, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122, CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38153, CVE-2025-38154, CVE-2025-38157, CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38163, CVE-2025-38167, CVE-2025-38173, CVE-2025-38174, CVE-2025-38180, CVE-2025-38181, CVE-2025-38184, CVE-2025-38185, CVE-2025-38190, CVE-2025-38193, CVE-2025-38194, CVE-2025-38197, CVE-2025-38200, CVE-2025-38203, CVE-2025-38204, CVE-2025-38206, CVE-2025-38211, CVE-2025-38212, CVE-2025-38214, CVE-2025-38218, CVE-2025-38219, CVE-2025-38222, CVE-2025-38226, CVE-2025-38227, CVE-2025-38229, CVE-2025-38230, CVE-2025-38231, CVE-2025-38237, CVE-2025-38245, CVE-2025-38249, CVE-2025-38251, CVE-2025-38257, CVE-2025-38262, CVE-2025-38263, CVE-2025-38273, CVE-2025-38280, CVE-2025-38285, CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38305, CVE-2025-38310, CVE-2025-38312, CVE-2025-38313, CVE-2025-38319, CVE-2025-38320, CVE-2025-38323, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328, CVE-2025-38332, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342, CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38348, CVE-2025-38350, CVE-2025-38352, CVE-2025-38362, CVE-2025-38363, CVE-2025-38371, CVE-2025-38377, CVE-2025-38380, CVE-2025-38384, CVE-2025-38386, CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393, CVE-2025-38395, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401, CVE-2025-38403, CVE-2025-38404, CVE-2025-38406, CVE-2025-38410, CVE-2025-38412, CVE-2025-38415, CVE-2025-38416, CVE-2025-38418, CVE-2025-38419, CVE-2025-38420, CVE-2025-38424, CVE-2025-38428, CVE-2025-38430, CVE-2025-38498