Detections
Analytics

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28040)

medium Nessus Plugin ID 278154

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28040 advisory.

 - netfilter: nf_tables: reject duplicate device on updates (Pablo Neira Ayuso) [Orabug: 38712798] {CVE-2025-38678}
 - ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() (Mateusz Polchlopek) [Orabug:
 37844696] {CVE-2025-22117}
 - mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs) [Orabug: 38592024] {CVE-2025-40040}
 - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601817] {CVE-2025-40087}
 - ixgbevf: fix mailbox API compatibility by negotiating supported features (Jedrzej Jagielski) [Orabug:
 38601914] {CVE-2025-40104}
 - vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601921] {CVE-2025-40105}
 - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (Jiaming Zhang) [Orabug: 38597092] {CVE-2025-40085}
 - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (Tvrtko Ursulin) [Orabug:
 38601869] {CVE-2025-40096}
 - cifs: parse_dfs_referrals: prevent oob on malformed input (Eugene Korenevsky) [Orabug: 38601876] {CVE-2025-40099}
 - btrfs: do not assert we found block group item when creating free space tree (Filipe Manana) [Orabug:
 38601884] {CVE-2025-40100}
 - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (Miquel Sabate Sola) [Orabug: 38601892] {CVE-2025-40101}
 - smb: client: Fix refcount leak for cifs_sb_tlink (Shuhao Fu) [Orabug: 38601903] {CVE-2025-40103}
 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592031] {CVE-2025-40042}
 - crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581453] {CVE-2025-40019}
 - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557652] {CVE-2025-40001}
 - pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug:
 38591979] {CVE-2025-40030}
 - tee: fix register_shm_helper() (Jens Wiklander) [Orabug: 38591986] {CVE-2025-40031}
 - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38591999] {CVE-2025-40035}
 - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (Janne Grunau) [Orabug: 38592013] {CVE-2025-40037}
 - KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (Sean Christopherson) [Orabug:
 38592015] {CVE-2025-40038}
 - fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592045] {CVE-2025-40044}
 - io_uring/waitid: always prune wait queue entry in io_waitid_wait() (Jens Axboe) [Orabug: 38592063] {CVE-2025-40047}
 - uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592065] {CVE-2025-40048}
 - Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592075] {CVE-2025-40049}
 - vhost: vringh: Modify the return value check (Zhang Jiao) [Orabug: 38592084] {CVE-2025-40051}
 - smb: client: fix crypto buffers in non-linear memory (Enzo Matsumiya) [Orabug: 38592090] {CVE-2025-40052}
 - net: dlink: handle copy_thresh allocation failure (Moon Yeounsu) [Orabug: 38592094] {CVE-2025-40053}
 - ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592108] {CVE-2025-40055}
 - vhost: vringh: Fix copy_to_iter return value check (Michael S. Tsirkin) [Orabug: 38592116] {CVE-2025-40056}
 - ptp: Add a upper bound on max_vclocks (I Viswanath) [Orabug: 38592122] {CVE-2025-40057}
 - iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 38592128] {CVE-2025-40058}
 - ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581443] {CVE-2025-40018}
 - RDMA/rxe: Fix race in do_task() when draining (Gui-Dong Han) [Orabug: 38592139] {CVE-2025-40061}
 - pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592168] {CVE-2025-40070}
 - tty: n_gsm: Don't block input queue by waiting MSC (Seppo Takalo) [Orabug: 38592173] {CVE-2025-40071}
 - bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592203] {CVE-2025-40078}
 - nbd: restrict sockets to TCP and UDP (Eric Dumazet) [Orabug: 38592211] {CVE-2025-40080}
 - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592219] {CVE-2025-40081}
 - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug:
 38591957] {CVE-2025-40026}
 - net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591963] {CVE-2025-40027}
 - ALSA: usb-audio: Kill timer properly at removal (Takashi Iwai) [Orabug: 38152882] {CVE-2025-38105}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-28040.html

Plugin Details

Severity: Medium

ID: 278154

File Name: oraclelinux_ELSA-2025-28040.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/10/2025

Updated: 12/10/2025

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-38678

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-debug-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek64k-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek64k-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek64k-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek64k-modules-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-core, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-usb, cpe:/o:oracle:linux:10, p-cpe:/a:oracle:linux:kernel-uek64k, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek64k-devel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/10/2025

Vulnerability Publication Date: 4/16/2025

Reference Information

CVE: CVE-2025-22117, CVE-2025-38105, CVE-2025-38678, CVE-2025-40001, CVE-2025-40018, CVE-2025-40019, CVE-2025-40026, CVE-2025-40027, CVE-2025-40030, CVE-2025-40031, CVE-2025-40035, CVE-2025-40037, CVE-2025-40038, CVE-2025-40040, CVE-2025-40042, CVE-2025-40044, CVE-2025-40047, CVE-2025-40048, CVE-2025-40049, CVE-2025-40051, CVE-2025-40052, CVE-2025-40053, CVE-2025-40055, CVE-2025-40056, CVE-2025-40057, CVE-2025-40058, CVE-2025-40061, CVE-2025-40070, CVE-2025-40071, CVE-2025-40078, CVE-2025-40080, CVE-2025-40081, CVE-2025-40085, CVE-2025-40087, CVE-2025-40096, CVE-2025-40099, CVE-2025-40100, CVE-2025-40101, CVE-2025-40103, CVE-2025-40104, CVE-2025-40105