Detections
Analytics
Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20662)
high Nessus Plugin ID 270575
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20662 advisory.- tls: fix handling of zero-length records on the rx_list (Jakub Kicinski) [Orabug: 38401543,38453832] {CVE-2025-39682}
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (Yuichiro Tsuji) [Orabug:
38401777] {CVE-2025-38736}
- net: better track kernel sockets lifetime (Eric Dumazet) [Orabug: 37766278] {CVE-2025-21884}
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394814] {CVE-2025-38680}
- hv_netvsc: Fix panic during namespace deletion with VF (Haiyang Zhang) [Orabug: 38394829] {CVE-2025-38683}
- net/sched: ets: use old 'nbands' while purging unused classes (Davide Caratti) [Orabug: 38394835] {CVE-2025-38684}
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (Sravan Kumar Gundu) [Orabug: 38394842] {CVE-2025-38685}
- userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (Suren Baghdasaryan) [Orabug:
38394850] {CVE-2025-38686}
- btrfs: do not allow relocation of partially dropped subvolumes (Qu Wenruo) [Orabug: 38423270] {CVE-2025-39738}
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (Xinyu Liu) [Orabug: 38423419] {CVE-2025-39760}
- iommufd: Prevent ALIGN() overflow (Jason Gunthorpe) [Orabug: 38394859] {CVE-2025-38688}
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (Alexey Klimov) [Orabug: 38423279] {CVE-2025-39739}
- dm: Always split write BIOs to zoned device limits (Damien Le Moal) [Orabug: 38429172] {CVE-2025-39792}
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394864] {CVE-2025-38691}
- block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (John Garry) [Orabug:
38429189] {CVE-2025-39795}
- exfat: add cluster chain loop check for dir (Yuezhang Mo) [Orabug: 38394871] {CVE-2025-38692}
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394878] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394885] {CVE-2025-38694}
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug:
38394892] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423284] {CVE-2025-39742}
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394922] {CVE-2025-38699}
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug:
38394929] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394935] {CVE-2025-38701}
- fbdev: fix potential buffer overflow in do_register_framebuffer() (Yongzhen Zhang) [Orabug: 38394942] {CVE-2025-38702}
- rcu: Fix rcu_read_unlock() deadloop due to IRQ work (Joel Fernandes) [Orabug: 38423299] {CVE-2025-39744}
- wifi: ath10k: shutdown driver when hardware is unreliable (Kang Yang) [Orabug: 38423316] {CVE-2025-39746}
- xfrm: Duplicate SPI Handling (Aakash Kumar S) [Orabug: 38429199] {CVE-2025-39797}
- drm/msm: Add error handling for krealloc in metadata setup (Yuan Chen) [Orabug: 38423323] {CVE-2025-39747}
- rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access (Zqiang) [Orabug: 38394958] {CVE-2025-38704}
- bpf: Forget ranges when refining tnum after JSET (Paul Chaignon) [Orabug: 38423330] {CVE-2025-39748}
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423339] {CVE-2025-39749}
- drm/amd/pm: fix null pointer access (Umio Yasuno) [Orabug: 38394967] {CVE-2025-38705}
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun) [Orabug: 38423356] {CVE-2025-39751}
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (Peter Ujfalusi) [Orabug: 38394976] {CVE-2025-38706}
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (Shuai Xue) [Orabug:
38423437] {CVE-2025-39763}
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394993] {CVE-2025-38708}
- loop: Avoid updating block size under exclusive owner (Jan Kara) [Orabug: 38394999] {CVE-2025-38709}
- gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (Andrew Price) [Orabug: 38423379] {CVE-2025-39753}
- gfs2: Validate i_depth for exhash directories (Andrew Price) [Orabug: 38395006] {CVE-2025-38710}
- tls: handle data disappearing from under the TLS ULP (Jakub Kicinski) [Orabug: 38351758] {CVE-2025-38616}
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395056] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395065] {CVE-2025-38721}
- mm/smaps: fix race between smaps_hugetlb_range and migration (Tu Jinjiang) [Orabug: 38423389] {CVE-2025-39754}
- eventpoll: Fix semi-unbounded recursion (Jann Horn) [Orabug: 38335160] {CVE-2025-38614}
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423395] {CVE-2025-39756}
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug:
38429209] {CVE-2025-39798}
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395079] {CVE-2025-38724}
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (Xu Yang) [Orabug: 38395087] {CVE-2025-38725}
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38395123] {CVE-2025-38727}
- smb3: fix for slab out of bounds on mount to ksmbd (Steve French) [Orabug: 38395093] {CVE-2025-38728}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423405] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395099] {CVE-2025-38729}
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- HID: apple: validate feature-report field count to prevent NULL pointer dereference (Qasim Ijaz) [Orabug: 38334911] {CVE-2025-38557}
- mm: swap: fix potential buffer overflow in setup_clusters() (Kemeng Shi) [Orabug: 38401739] {CVE-2025-39727}
- platform/x86/intel/pmt: fix a crashlog NULL pointer access (Michael J. Ruhl) [Orabug: 38334915] {CVE-2025-38559}
- x86/sev: Evict cache lines during SNP memory validation (Tom Lendacky) [Orabug: 38334918,38453836] {CVE-2025-38560}
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351769,38453833] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351762] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334946] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334955] {CVE-2025-38565}
- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [Orabug: 38334966,38453835] {CVE-2025-38566}
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (Maher Azz) [Orabug: 38334972] {CVE-2025-38568}
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334974] {CVE-2025-38569}
- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [Orabug: 38334980,38453834] {CVE-2025-38571}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351784] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334986] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335002] {CVE-2025-38574}
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401743] {CVE-2025-39730}
- vfio/pds: Fix missing detach_ioas op (Brett Creeley) [Orabug: 38351809] {CVE-2025-38625}
- vdpa/mlx5: Fix release of uninitialized resources on error path (Dragos Tatulea) [Orabug: 38351825] {CVE-2025-38628}
- pinmux: fix race causing mux_owner NULL with active mux_usecount (Mukesh Ojha) [Orabug: 38351837] {CVE-2025-38632}
- proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (Zijie Wang) [Orabug:
38351898] {CVE-2025-38653}
- bpf, arm64: Fix fp initialization for exception boundary (Puranjay Mohan) [Orabug: 38335064] {CVE-2025-38586}
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (Eric Dumazet) [Orabug: 38335068] {CVE-2025-38587}
- ipv6: prevent infinite loop in rt6_nlmsg_size() (Eric Dumazet) [Orabug: 38335071] {CVE-2025-38588}
- net/mlx5e: Remove skb secpath if xfrm state is not found (Jianbo Liu) [Orabug: 38335076] {CVE-2025-38590}
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351852] {CVE-2025-38639}
- bpf: Disable migration in nf_hook_run_bpf(). (Kuniyuki Iwashima) [Orabug: 38351858] {CVE-2025-38640}
- Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' (Arseniy Krasnov) [Orabug:
38335086] {CVE-2025-38593}
- wifi: mac80211: reject TDLS operations when station is not associated (Moon Hee Lee) [Orabug: 38351870] {CVE-2025-38644}
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (Baochen Qiang) [Orabug:
38401750] {CVE-2025-39732}
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug:
38331464] {CVE-2025-38553}
- net/mlx5: Check device memory pointer before usage (Stav Aviram) [Orabug: 38351876] {CVE-2025-38645}
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (Sergey Senozhatsky) [Orabug: 38335104] {CVE-2025-38601}
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335108] {CVE-2025-38602}
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335117] {CVE-2025-38604}
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335129] {CVE-2025-38608}
- PM / devfreq: Check governor before using governor->name (Lifeng Zheng) [Orabug: 38335133] {CVE-2025-38609}
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- gfs2: No more self recovery (Andreas Gruenbacher) [Orabug: 38351907] {CVE-2025-38659}
- parse_longname(): strrchr() expects NUL-terminated string (Al Viro) [Orabug: 38351912] {CVE-2025-38660}
- KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (Manuel Andreas) [Orabug: 38217316] {CVE-2025-38351}
- ext4: fix out of bounds punch offset (Zhang Yi) [Orabug: 38369646] {CVE-2025-38221}
- mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list (Tu Jinjiang) [Orabug: 38401778] {CVE-2025-39725}
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351928] {CVE-2025-38664}
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (Ada Couprie Diaz) [Orabug: 38351989] {CVE-2025-38670}
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351992] {CVE-2025-38671}
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (Marc Kleine- Budde) [Orabug: 38351934] {CVE-2025-38665}
- xfrm: interface: fix use-after-free after changing collect_md xfrm interface (Eyal Birger) [Orabug:
38310014,38453837] {CVE-2025-38500}
- xfrm: state: initialize state_ptrs earlier in xfrm_state_find (Sabrina Dubroca) [Orabug: 38352014] {CVE-2025-38675}
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351976] {CVE-2025-38668}
- Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (Fabrice Gasnier) [Orabug: 38180691] {CVE-2025-38335}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 270575
File Name: oraclelinux_ELSA-2025-20662.nasl
Version: 1.1
Type: local
Agent: unix
Published: 10/15/2025
Updated: 10/15/2025
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-38572
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2025-38500
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek-debug-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek64k-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek64k-modules-core, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek64k-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek64k-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek64k-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-core, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek64k, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-usb, cpe:/o:oracle:linux:10, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek64k-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 10/14/2025
Vulnerability Publication Date: 9/4/2021
Reference Information
CVE: CVE-2025-21884, CVE-2025-38221, CVE-2025-38335, CVE-2025-38351, CVE-2025-38500, CVE-2025-38553, CVE-2025-38557, CVE-2025-38559, CVE-2025-38560, CVE-2025-38563, CVE-2025-38565, CVE-2025-38566, CVE-2025-38568, CVE-2025-38569, CVE-2025-38571, CVE-2025-38572, CVE-2025-38574, CVE-2025-38586, CVE-2025-38587, CVE-2025-38588, CVE-2025-38590, CVE-2025-38593, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38614, CVE-2025-38616, CVE-2025-38617, CVE-2025-38618, CVE-2025-38622, CVE-2025-38625, CVE-2025-38628, CVE-2025-38632, CVE-2025-38639, CVE-2025-38640, CVE-2025-38644, CVE-2025-38645, CVE-2025-38653, CVE-2025-38659, CVE-2025-38660, CVE-2025-38664, CVE-2025-38665, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38675, CVE-2025-38680, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38686, CVE-2025-38688, CVE-2025-38691, CVE-2025-38692, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38704, CVE-2025-38705, CVE-2025-38706, CVE-2025-38708, CVE-2025-38709, CVE-2025-38710, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38727, CVE-2025-38728, CVE-2025-38729, CVE-2025-38736, CVE-2025-39682, CVE-2025-39725, CVE-2025-39727, CVE-2025-39730, CVE-2025-39732, CVE-2025-39738, CVE-2025-39739, CVE-2025-39742, CVE-2025-39744, CVE-2025-39746, CVE-2025-39747, CVE-2025-39748, CVE-2025-39749, CVE-2025-39753, CVE-2025-39754, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39763, CVE-2025-39792, CVE-2025-39795, CVE-2025-39797, CVE-2025-39798