Detections
Analytics
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-25757)
high Nessus Plugin ID 275178
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-25757 advisory.- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38607608] {CVE-2025-39973}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38575804] {CVE-2025-39964}
- i2c: tegra: check msg length in SMBUS block read (Akhil R) [Orabug: 38254038,38471683] {CVE-2025-38425}
- device-dax: correct pgoff align in dax_set_mapping() (Kun(Llfl)) [Orabug: 37206403] {CVE-2024-50022}
- vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (Yishai Hadas) [Orabug: 37434467] {CVE-2024-56742}
- af_unix: Don't leave consecutive consumed OOB skbs. (Kuniyuki Iwashima) [Orabug: 38528187] {CVE-2025-38236}
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494760] {CVE-2025-39902}
- dma-buf: insert memory barrier before updating num_fences (Hyejeong Choi) [Orabug: 38152833] {CVE-2025-38095}
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977027] {CVE-2025-37968}
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits) [Orabug: 38494739] {CVE-2025-39898}
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456753] {CVE-2025-39841}
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494722] {CVE-2025-39891}
- mm: move page table sync declarations to linux/pgtable.h (Harry Yoo) [Orabug: 38456763] {CVE-2025-39844}
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (Harry Yoo) [Orabug:
38456766] {CVE-2025-39845}
- net: phy: mscc: Fix memory leak when using one step timestamping (Horatiu Vultur) [Orabug: 38153076] {CVE-2025-38148}
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456780] {CVE-2025-39847}
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456813] {CVE-2025-39853}
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456833] {CVE-2025-39860}
- netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm (Wang Liang) [Orabug: 38494730] {CVE-2025-39894}
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456858] {CVE-2025-39864}
- tee: fix NULL pointer dereference in tee_shm_put (Pei Xiao) [Orabug: 38456865] {CVE-2025-39865}
- fs: writeback: fix use-after-free in __mark_inode_dirty() (Jiufei Xue) [Orabug: 38456870,38528183] {CVE-2025-39866}
- bpf: Fix oob access in cgroup local storage (Daniel Borkmann) [Orabug: 38324117] {CVE-2025-38502}
- xfs: do not propagate ENODATA disk errors into xattr code (Eric Sandeen) [Orabug: 38440385] {CVE-2025-39835}
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug:
38440227] {CVE-2025-39808}
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (Qasim Ijaz) [Orabug: 38440223] {CVE-2025-39806}
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440309] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440276] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440249] {CVE-2025-39812}
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440345] {CVE-2025-39828}
- NFS: Fix a race when updating an existing write (Trond Myklebust) [Orabug: 38401609] {CVE-2025-39697}
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440258] {CVE-2025-39813}
- netfilter: nf_reject: don't leak dst refcount for loopback packets (Florian Westphal) [Orabug: 38401481] {CVE-2025-38732}
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu) [Orabug: 38423456] {CVE-2025-39766}
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (Yuichiro Tsuji) [Orabug:
38516727] {CVE-2025-38736}
- ppp: fix race conditions in ppp_fill_forward_path (Qingfang Deng) [Orabug: 38401500] {CVE-2025-39673}
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (Baihan Li) [Orabug: 38423473] {CVE-2025-39772}
- iommu/amd: Avoid stack buffer overflow from kernel cmdline (Kees Cook) [Orabug: 38360925] {CVE-2025-38676}
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401513] {CVE-2025-39676}
- net: bridge: fix soft lockup in br_multicast_query_expired() (Wang Liang) [Orabug: 38423478] {CVE-2025-39773}
- x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (Tianxiang Peng) [Orabug: 38401541] {CVE-2025-39681}
- tracing: Limit access to parser->buffer when trace_get_user failed (Pu Lehui) [Orabug: 38401546] {CVE-2025-39683}
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson) [Orabug: 38423523] {CVE-2025-39787}
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (Selvarasu Ganesan) [Orabug: 38435009] {CVE-2025-39801}
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401580] {CVE-2025-39689}
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401586] {CVE-2025-39691}
- drm/amd/display: Avoid a NULL pointer dereference (Mario Limonciello) [Orabug: 38401596] {CVE-2025-39693}
- sch_htb: make htb_deactivate() idempotent (Cong Wang) [Orabug: 38516621] {CVE-2025-37953}
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908491] {CVE-2025-37798}
- net/sched: ets: use old 'nbands' while purging unused classes (Davide Caratti) [Orabug: 38394836] {CVE-2025-38684}
- bus: mhi: host: Detect events pointing to unexpected TREs (Youssef Samir) [Orabug: 38423539] {CVE-2025-39790}
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug:
38429210] {CVE-2025-39798}
- hv_netvsc: Fix panic during namespace deletion with VF (Haiyang Zhang) [Orabug: 38394830] {CVE-2025-38683}
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (Ada Couprie Diaz) [Orabug: 38351990] {CVE-2025-38670}
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351929] {CVE-2025-38664}
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158395] {CVE-2025-38177}
- sch_htb: make htb_qlen_notify() idempotent (Cong Wang) [Orabug: 37976859] {CVE-2025-37932}
- net, hsr: reject HSR frame if skb can't hold tag (Jakub Acs) [Orabug: 38401632] {CVE-2025-39703}
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401676] {CVE-2025-39713}
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401683] {CVE-2025-39714}
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423508] {CVE-2025-39782}
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401728] {CVE-2025-39724}
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394815] {CVE-2025-38680}
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (Sravan Kumar Gundu) [Orabug: 38394843] {CVE-2025-38685}
- btrfs: do not allow relocation of partially dropped subvolumes (Qu Wenruo) [Orabug: 38423271] {CVE-2025-39738}
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (Xinyu Liu) [Orabug: 38423420] {CVE-2025-39760}
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394865] {CVE-2025-38691}
- block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (John Garry) [Orabug:
38429192] {CVE-2025-39795}
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394879] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394886] {CVE-2025-38694}
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug:
38394893] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423285] {CVE-2025-39742}
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394923] {CVE-2025-38699}
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug:
38394930] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394936] {CVE-2025-38701}
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423340] {CVE-2025-39749}
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (Peter Ujfalusi) [Orabug: 38394977] {CVE-2025-38706}
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394994] {CVE-2025-38708}
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395058] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395066] {CVE-2025-38721}
- eventpoll: Fix semi-unbounded recursion (Jann Horn) [Orabug: 38335161] {CVE-2025-38614}
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423396] {CVE-2025-39756}
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395080] {CVE-2025-38724}
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (Xu Yang) [Orabug: 38395088] {CVE-2025-38725}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423406] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395100] {CVE-2025-38729}
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334897] {CVE-2025-38555}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351763] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334947] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334957] {CVE-2025-38565}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351785] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334987] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335003] {CVE-2025-38574}
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401744] {CVE-2025-39730}
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351853] {CVE-2025-38639}
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug:
38331465] {CVE-2025-38553}
- net/mlx5: Check device memory pointer before usage (Stav Aviram) [Orabug: 38351877] {CVE-2025-38645}
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (Sergey Senozhatsky) [Orabug: 38335105] {CVE-2025-38601}
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335109] {CVE-2025-38602}
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335118] {CVE-2025-38604}
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335130] {CVE-2025-38608}
- PM / devfreq: Check governor before using governor->name (Lifeng Zheng) [Orabug: 38335134] {CVE-2025-38609}
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351993] {CVE-2025-38671}
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351977] {CVE-2025-38668}
- Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (Fabrice Gasnier) [Orabug: 38180692] {CVE-2025-38335}
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254213] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug:
38254224] {CVE-2025-38470}
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (Yue Haibing) [Orabug: 38324326] {CVE-2025-38550}
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254240] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254248] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254265] {CVE-2025-38477}
- bpf: Reject %p% format string in bprintf-like helpers (Paul Chaignon) [Orabug: 38324226] {CVE-2025-38528}
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324269] {CVE-2025-38539}
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254357] {CVE-2025-38497}
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (Wayne Chang) [Orabug: 38324257] {CVE-2025-38535}
- pds_core: remove write-after-free of client_id (Shannon Nelson) [Orabug: 37976798,38467344] {CVE-2025-37916}
- pds_core: make wait_context part of q_info (Shannon Nelson) [Orabug: 37937540,38467344] {CVE-2025-37886}
- pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (Brett Creeley) [Orabug: 37937543,38467344] {CVE-2025-37887}
- pds_core: Prevent possible adminq overflow/stuck condition (Brett Creeley) [Orabug: 37977106,38467344] {CVE-2025-37987}
- pds_core: Fix pdsc_check_pci_health function to use work thread (Brett Creeley) [Orabug:
38467344,38498854] {CVE-2024-35968}
- net: pds_core: Fix possible double free in error handling path (Yongzhi Liu) [Orabug: 36530186] {CVE-2024-26652}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 275178
File Name: oraclelinux_ELSA-2025-25757.nasl
Version: 1.1
Type: local
Agent: unix
Published: 11/12/2025
Updated: 11/12/2025
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-37798
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-modules, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek64k-modules, cpe:/o:oracle:linux:9:6:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek64k, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/10/2025
Vulnerability Publication Date: 3/27/2024
Reference Information
CVE: CVE-2024-26652, CVE-2024-35968, CVE-2024-50022, CVE-2024-56742, CVE-2025-37798, CVE-2025-37886, CVE-2025-37887, CVE-2025-37916, CVE-2025-37932, CVE-2025-37953, CVE-2025-37968, CVE-2025-37987, CVE-2025-38095, CVE-2025-38148, CVE-2025-38177, CVE-2025-38236, CVE-2025-38335, CVE-2025-38425, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38477, CVE-2025-38497, CVE-2025-38502, CVE-2025-38528, CVE-2025-38535, CVE-2025-38539, CVE-2025-38550, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38572, CVE-2025-38574, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38609, CVE-2025-38614, CVE-2025-38617, CVE-2025-38622, CVE-2025-38639, CVE-2025-38645, CVE-2025-38664, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38676, CVE-2025-38680, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38708, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38725, CVE-2025-38729, CVE-2025-38732, CVE-2025-38736, CVE-2025-39673, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39689, CVE-2025-39691, CVE-2025-39693, CVE-2025-39697, CVE-2025-39703, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39738, CVE-2025-39742, CVE-2025-39749, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39772, CVE-2025-39773, CVE-2025-39782, CVE-2025-39787, CVE-2025-39790, CVE-2025-39795, CVE-2025-39798, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39841, CVE-2025-39844, CVE-2025-39845, CVE-2025-39847, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39891, CVE-2025-39894, CVE-2025-39902, CVE-2025-39964, CVE-2025-39973