Detections
Analytics

Oracle Linux 9 : kernel (ELSA-2025-19930)

medium Nessus Plugin ID 274744

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19930 advisory.

 - x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114270] {CVE-2025-40300}
 - x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114270] {CVE-2025-40300}
 - x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114270] {CVE-2025-40300}
 - x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114270] {CVE-2025-40300}
 - x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114270] {CVE-2025-40300}
 - x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114270] {CVE-2025-40300}
 - Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114270] {CVE-2025-40300}
 - x86/process: Move the buffer clearing before MONITOR (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
 - x86/microcode/AMD: Add TSA microcode SHAs (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
 - KVM: SVM: Advertise TSA CPUID bits to guests (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
 - x86/bugs: Add a Transient Scheduler Attacks mitigation (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350}
 - x86/bugs: Rename MDS machinery to something more generic (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-36357 CVE-2024-36350} (Waiman Long) [RHEL-83896 RHEL-83905]
 - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2025-22047}
 - x86/CPU/AMD: Terminate the erratum_1386_microcode array (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-56721}
 - x86/bugs: Use code segment selector for VERW operand (Waiman Long) [RHEL-83896 RHEL-83905] {CVE-2024-50072}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-19930.html

Plugin Details

Severity: Medium

ID: 274744

File Name: oraclelinux_ELSA-2025-19930.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/11/2025

Updated: 11/11/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2025-40300

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2024-36357

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel-debug-devel-matched, p-cpe:/a:oracle:linux:kernel-uki-virt-addons, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-devel, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel, p-cpe:/a:oracle:linux:rv, p-cpe:/a:oracle:linux:kernel-debug-modules-core, p-cpe:/a:oracle:linux:kernel-modules-extra, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:libperf, p-cpe:/a:oracle:linux:rtla, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-uki-virt, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-devel-matched, p-cpe:/a:oracle:linux:kernel-abi-stablelists, p-cpe:/a:oracle:linux:kernel-debug-core, cpe:/o:oracle:linux:9:6:baseos_patch, p-cpe:/a:oracle:linux:kernel-debug-uki-virt, p-cpe:/a:oracle:linux:kernel-modules-core, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-debug-modules

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 11/10/2025

Vulnerability Publication Date: 7/8/2025

Reference Information

CVE: CVE-2024-36350, CVE-2024-36357, CVE-2025-40300