Detections
Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-28049)

medium Nessus Plugin ID 278560

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28049 advisory.

 - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087}
 - vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105}
 - ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167}
 - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug:
 38649412] {CVE-2025-40198}
 - ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233}
 - sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240}
 - net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173}
 - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205}
 - pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178}
 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042}
 - dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134}
 - Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200}
 - media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197}
 - fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044}
 - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug:
 38591959] {CVE-2025-40026}
 - net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027}
 - ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190}
 - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug:
 38730513] {CVE-2025-40219}
 - sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204}
 - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug:
 38649367] {CVE-2025-40194}
 - crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug:
 38581456,38705546] {CVE-2025-40019}
 - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186}
 - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187}
 - drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111}
 - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001}
 - pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug:
 38591981] {CVE-2025-40030}
 - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035}
 - mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153}
 - uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048}
 - Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049}
 - ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055}
 - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140}
 - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115}
 - ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581446] {CVE-2025-40018}
 - pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070}
 - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118}
 - bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078}
 - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug:
 38649026] {CVE-2025-40125}
 - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081}
 - media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993}
 - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug:
 38548044] {CVE-2025-39995}
 - media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994}
 - udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058}
 - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug:
 38548051] {CVE-2025-39996}
 - scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug:
 38548059] {CVE-2025-39998}
 - mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006}
 - i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969}
 - i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971}
 - i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973}
 - fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967}
 - i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968}
 - i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970}
 - i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972}
 - drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011}
 - can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020}
 - cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945}
 - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955}
 - cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953}
 - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug:
 38461848] {CVE-2025-39883}
 - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug:
 38494822] {CVE-2025-39923}
 - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911}
 - ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885}
 - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913}
 - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug:
 37901604] {CVE-2025-23143}
 - device-dax: correct pgoff align in dax_set_mapping() (Kun(Llfl)) [Orabug: 37206404] {CVE-2024-50022}
 - scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
 - iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
 - mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
 - wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
 - ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
 - i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
 - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
 - wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
 - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug:
 38310007,38453918] {CVE-2025-38499}
 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug:
 38440228] {CVE-2025-39808}
 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
 - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
 - sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
 - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
 - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
 - scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
 - nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
 - Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
 - act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [Orabug: 34882838] {CVE:
 CVE-2022-4269}
 - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
 - sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
 - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
 - soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson) [Orabug: 38423524] {CVE-2025-39787}
 - NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug:
 38429211] {CVE-2025-39798}
 - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug:
 38395081,38501612] {CVE-2025-38724}
 - tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
 - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
 - ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
 - fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
 - media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
 - jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
 - serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
 - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
 - pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
 - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
 - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
 - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug:
 38394894] {CVE-2025-38695}
 - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
 - scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
 - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug:
 38394931] {CVE-2025-38700}
 - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
 - rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
 - drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
 - sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
 - netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
 - fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
 - netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
 - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
 - usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
 - vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771,38453914] {CVE-2025-38618}
 - net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
 - perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
 - perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
 - benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
 - net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
 - ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
 - pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
 - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
 - netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
 - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug:
 38331466] {CVE-2025-38553}
 - iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
 - wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
 - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
 - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
 - i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
 - regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
 - net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
 - virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug:
 38253834] {CVE-2025-38375}
 - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
 - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug:
 38254225] {CVE-2025-38470}
 - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
 - usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
 - net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
 - HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340,38453904] {CVE-2025-38494}
 - HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348,38453908] {CVE-2025-38495}
 - usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
 - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
 - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
 - md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug:
 38324161] {CVE-2025-38513}
 - usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
 - drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
 - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
 - net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
 - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
 - atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
 - atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
 - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
 - tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
 - netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
 - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug:
 38254203] {CVE-2025-38467}
 - ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
 - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
 - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
 - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug:
 38253907] {CVE-2025-38395}
 - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
 - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
 - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug:
 38253923] {CVE-2025-38400}
 - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
 - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
 - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug:
 38253937] {CVE-2025-38403}
 - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug:
 36530119] {CVE-2024-26644}
 - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug:
 38175045] {CVE-2025-38245}
 - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug:
 38175065] {CVE-2025-38249}
 - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug:
 38158592] {CVE-2025-38211}
 - media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
 - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-28049.html

Plugin Details

Severity: Medium

ID: 278560

File Name: oraclelinux_ELSA-2025-28049.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/12/2025

Updated: 12/13/2025

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-23143

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/12/2025

Vulnerability Publication Date: 10/21/2024

Reference Information

CVE: CVE-2024-50022, CVE-2025-22058, CVE-2025-23143, CVE-2025-39883, CVE-2025-39885, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39945, CVE-2025-39953, CVE-2025-39955, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39993, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40018, CVE-2025-40019, CVE-2025-40020, CVE-2025-40026, CVE-2025-40027, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40055, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40087, CVE-2025-40105, CVE-2025-40111, CVE-2025-40115, CVE-2025-40118, CVE-2025-40125, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40167, CVE-2025-40173, CVE-2025-40178, CVE-2025-40186, CVE-2025-40187, CVE-2025-40190, CVE-2025-40194, CVE-2025-40197, CVE-2025-40198, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40219, CVE-2025-40233, CVE-2025-40240