Detections
Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20553)

medium Nessus Plugin ID 264318

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20553 advisory.

 - net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926] {CVE-2025-37752}
 - net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996}
 - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180596] {CVE-2025-38320}
 - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254030] {CVE-2025-38424}
 - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug:
 38180707] {CVE-2025-38337}
 - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976985] {CVE-2025-37958}
 - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (Dan Aloni) [Orabug: 37101886] {CVE-2022-48773}
 - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223087] {CVE-2025-38352}
 - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158407] {CVE-2025-38180}
 - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180612] {CVE-2025-38323}
 - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158413] {CVE-2025-38181}
 - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158425] {CVE-2025-38184}
 - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158434] {CVE-2025-38185}
 - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180618] {CVE-2025-38324}
 - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254011] {CVE-2025-38420}
 - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180629] {CVE-2025-38326}
 - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152878] {CVE-2025-38103}
 - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158458] {CVE-2025-38190}
 - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug:
 38180636] {CVE-2025-38328}
 - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug:
 38158484] {CVE-2025-38194}
 - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137454] {CVE-2025-38090}
 - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158518] {CVE-2025-38200}
 - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180668] {CVE-2025-38332}
 - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug:
 38175014] {CVE-2025-38237}
 - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158546] {CVE-2025-38203}
 - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158553] {CVE-2025-38204}
 - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180748] {CVE-2025-38344}
 - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180756] {CVE-2025-38345}
 - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132189] {CVE-2025-38086}
 - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180768] {CVE-2025-38346}
 - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158598] {CVE-2025-38212}
 - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug:
 38158615] {CVE-2025-38214}
 - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253992] {CVE-2025-38416}
 - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug:
 38158649] {CVE-2025-38219}
 - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254054] {CVE-2025-38428}
 - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug:
 38158662] {CVE-2025-38222}
 - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180697] {CVE-2025-38336}
 - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254062] {CVE-2025-38430}
 - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180783] {CVE-2025-38348}
 - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152899] {CVE-2025-38108}
 - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105335] {CVE-2025-38083}
 - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152923] {CVE-2025-38115}
 - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (Chuck Lever) [Orabug: 36954169] {CVE-2022-48829}
 - NFSD: Fix ia_size underflow (Chuck Lever) [Orabug: 36954164] {CVE-2022-48828}
 - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256450] {CVE-2025-38498}
 - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153012] {CVE-2025-38135}
 - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug:
 38153017] {CVE-2025-38136}
 - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312}
 - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145}
 - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313}
 - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415}
 - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147}
 - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153}
 - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke Hoiland-Jorgensen) [Orabug: 38153110] {CVE-2025-38157}
 - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285}
 - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286}
 - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163}
 - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298}
 - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173}
 - netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855}
 - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-20553.html

Plugin Details

Severity: Medium

ID: 264318

File Name: oraclelinux_ELSA-2025-20553.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/10/2025

Updated: 9/10/2025

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-57996

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2025

Vulnerability Publication Date: 3/7/2022

CISA Known Exploited Vulnerability Due Dates: 9/25/2025

Reference Information

CVE: CVE-2022-48773, CVE-2022-48828, CVE-2022-48829, CVE-2024-57996, CVE-2025-37752, CVE-2025-37958, CVE-2025-38083, CVE-2025-38086, CVE-2025-38103, CVE-2025-38108, CVE-2025-38115, CVE-2025-38135, CVE-2025-38136, CVE-2025-38147, CVE-2025-38157, CVE-2025-38174, CVE-2025-38180, CVE-2025-38181, CVE-2025-38184, CVE-2025-38185, CVE-2025-38190, CVE-2025-38194, CVE-2025-38200, CVE-2025-38212, CVE-2025-38214, CVE-2025-38222, CVE-2025-38285, CVE-2025-38298, CVE-2025-38312, CVE-2025-38320, CVE-2025-38323, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328, CVE-2025-38332, CVE-2025-38336, CVE-2025-38337, CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38348, CVE-2025-38352, CVE-2025-38415, CVE-2025-38420, CVE-2025-38424, CVE-2025-38430, CVE-2025-38498