Detections
Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20663)

high Nessus Plugin ID 270144

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20663 advisory.

 - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug:
 38310007] {CVE-2025-38499}
 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug:
 38440228] {CVE-2025-39808}
 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
 - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
 - sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
 - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
 - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
 - scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
 - nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
 - cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) [Orabug: 36154626] {CVE-2023-1192}
 - Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
 - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
 - sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
 - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
 - NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug:
 38429211] {CVE-2025-39798}
 - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081] {CVE-2025-38724}
 - tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
 - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
 - ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
 - fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
 - media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
 - jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
 - serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
 - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
 - pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
 - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
 - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
 - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug:
 38394894] {CVE-2025-38695}
 - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
 - scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
 - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug:
 38394931] {CVE-2025-38700}
 - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
 - rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
 - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun) [Orabug: 38423359] {CVE-2025-39751}
 - drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
 - sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
 - netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
 - ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki) [Orabug: 38429229] {CVE-2025-39799}
 - fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
 - netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
 - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
 - usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
 - vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771] {CVE-2025-38618}
 - net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
 - perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
 - perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
 - benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
 - net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
 - ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
 - pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
 - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
 - netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
 - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug:
 38331466] {CVE-2025-38553}
 - iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
 - wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
 - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
 - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
 - i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
 - regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
 - net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
 - virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug:
 38253834] {CVE-2025-38375}
 - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
 - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug:
 38254225] {CVE-2025-38470}
 - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
 - usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
 - net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
 - HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340] {CVE-2025-38494}
 - HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348] {CVE-2025-38495}
 - usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
 - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
 - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
 - md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug:
 38324161] {CVE-2025-38513}
 - usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
 - drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
 - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
 - net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
 - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
 - atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
 - atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
 - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
 - tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
 - netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
 - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug:
 38254203] {CVE-2025-38467}
 - ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
 - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
 - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
 - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug:
 38253907] {CVE-2025-38395}
 - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
 - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
 - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug:
 38253923] {CVE-2025-38400}
 - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
 - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
 - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug:
 38253937] {CVE-2025-38403}
 - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug:
 36530119] {CVE-2024-26644}
 - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug:
 38175045] {CVE-2025-38245}
 - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug:
 38175065] {CVE-2025-38249}
 - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug:
 38158592] {CVE-2025-38211}
 - media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
 - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-20663.html

Plugin Details

Severity: High

ID: 270144

File Name: oraclelinux_ELSA-2025-20663.nasl

Version: 1.1

Type: local

Agent: unix

Published: 10/13/2025

Updated: 10/13/2025

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-53237

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 10/11/2025

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2024-26644, CVE-2024-26958, CVE-2024-49935, CVE-2024-53237, CVE-2025-37798, CVE-2025-38102, CVE-2025-38177, CVE-2025-38193, CVE-2025-38211, CVE-2025-38226, CVE-2025-38229, CVE-2025-38230, CVE-2025-38245, CVE-2025-38249, CVE-2025-38262, CVE-2025-38347, CVE-2025-38371, CVE-2025-38375, CVE-2025-38377, CVE-2025-38386, CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38395, CVE-2025-38400, CVE-2025-38401, CVE-2025-38403, CVE-2025-38404, CVE-2025-38406, CVE-2025-38439, CVE-2025-38445, CVE-2025-38448, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38464, CVE-2025-38465, CVE-2025-38467, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38477, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38499, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515, CVE-2025-38516, CVE-2025-38529, CVE-2025-38530, CVE-2025-38538, CVE-2025-38539, CVE-2025-38540, CVE-2025-38542, CVE-2025-38546, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38577, CVE-2025-38578, CVE-2025-38581, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38612, CVE-2025-38617, CVE-2025-38618, CVE-2025-38622, CVE-2025-38630, CVE-2025-38635, CVE-2025-38639, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38671, CVE-2025-38677, CVE-2025-38680, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38708, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38727, CVE-2025-38729, CVE-2025-39676, CVE-2025-39689, CVE-2025-39691, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39736, CVE-2025-39737, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39766, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39794, CVE-2025-39798, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39824, CVE-2025-39828