Detections
Analytics

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20716)

medium Nessus Plugin ID 270576

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20716 advisory.

 - af_unix: Don't leave consecutive consumed OOB skbs. (Kuniyuki Iwashima) [Orabug: 38528187] {CVE-2025-38236}
 - fs: writeback: fix use-after-free in __mark_inode_dirty() (Jiufei Xue) [Orabug: 38528183] {CVE-2025-39866}
 - nvme-tcp: sanitize request list handling (Hannes Reinecke) [Orabug: 38175126,38454661] {CVE-2025-38264}
 - llist: add interface to check if a node is on a list. (Neil Brown) [Orabug: 38175126] {CVE-2025-38264}
 - vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38454665,38351770] {CVE-2025-38618}
 - HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254347,38454662] {CVE-2025-38495}
 - HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254339,38454666] {CVE-2025-38494}
 - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug:
 38310006,38454664] {CVE-2025-38499}
 - benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334975] {CVE-2025-38569}
 - smb: client: fix use-after-free in crypt_message when using async crypto (Wang Zhaolong) [Orabug:
 38254323] {CVE-2025-38488}
 - netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38395124] {CVE-2025-38727}
 - bpf, sockmap: Fix panic when calling skb_linearize (Jiayuan Chen) [Orabug: 38394723] {CVE-2025-38165}
 - rseq: Fix segfault on registration when rseq_cs is non-zero (Michael Jeanson) [Orabug: 38095071] {CVE-2025-38067}
 - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324278] {CVE-2025-38540}
 - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254089] {CVE-2025-38439}
 - net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu) [Orabug: 38324289] {CVE-2025-38542}
 - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (Eric Dumazet) [Orabug:
 38254095] {CVE-2025-38441}
 - nbd: fix uaf in nbd_genl_connect() error path (Zheng Qixing) [Orabug: 38254101] {CVE-2025-38443}
 - raid10: cleanup memleak at raid10_make_request (Nigel Croxon) [Orabug: 38254105] {CVE-2025-38444}
 - md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254108] {CVE-2025-38445}
 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug:
 38324160] {CVE-2025-38513}
 - virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug:
 38253833] {CVE-2025-38375}
 - usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254117] {CVE-2025-38448}
 - drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324179] {CVE-2025-38515}
 - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324185] {CVE-2025-38516}
 - jfs: fix null ptr deref in dtInsertEntry (Edward Adam Davis) [Orabug: 36993160] {CVE-2024-44939}
 - aoe: avoid potential deadlock at set_capacity (Maksim Kiselev) [Orabug: 36530894] {CVE-2024-26775}
 - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (Lee, Chun-Yi) [Orabug:
 37283277] {CVE-2022-48703}
 - rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells) [Orabug: 38324169] {CVE-2025-38514}
 - net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254146] {CVE-2025-38457}
 - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254152] {CVE-2025-38458}
 - atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254160] {CVE-2025-38459}
 - atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324308] {CVE-2025-38546}
 - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254166] {CVE-2025-38460}
 - vsock: Fix transport_* TOCTOU (Michal Luczaj) [Orabug: 38254172] {CVE-2025-38461}
 - vsock: Fix transport_{g2h,h2g} TOCTOU (Michal Luczaj) [Orabug: 38254175] {CVE-2025-38462}
 - tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254180] {CVE-2025-38464}
 - netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254187] {CVE-2025-38465}
 - perf: Revert to requiring CAP_SYS_ADMIN for uprobes (Peter Zijlstra) [Orabug: 38254196] {CVE-2025-38466}
 - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug:
 38254202] {CVE-2025-38467}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-20716.html

Plugin Details

Severity: Medium

ID: 270576

File Name: oraclelinux_ELSA-2025-20716.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/15/2025

Updated: 10/15/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-26775

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-container, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek64k, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, cpe:/o:oracle:linux:9:6:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek-core

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/14/2025

Vulnerability Publication Date: 3/23/2024

Reference Information

CVE: CVE-2022-48703, CVE-2024-26775, CVE-2025-38067, CVE-2025-38165, CVE-2025-38236, CVE-2025-38264, CVE-2025-38375, CVE-2025-38439, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38448, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38494, CVE-2025-38495, CVE-2025-38499, CVE-2025-38513, CVE-2025-38515, CVE-2025-38516, CVE-2025-38540, CVE-2025-38546, CVE-2025-38569, CVE-2025-38618, CVE-2025-38727, CVE-2025-39866