Detections
Analytics

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28048)

high Nessus Plugin ID 278563

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28048 advisory.

 - netfilter: nf_tables: reject duplicate device on updates (Pablo Neira Ayuso) [Orabug: 38744086] {CVE-2025-38678}
 - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (Marek Vasut) [Orabug:
 38641258] {CVE-2024-43876}
 - usb: gadget: f_acm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601854] {CVE-2025-40094}
 - usb: gadget: f_ncm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601837] {CVE-2025-40092}
 - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601818] {CVE-2025-40087}
 - vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601923] {CVE-2025-40105}
 - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (Jiaming Zhang) [Orabug: 38597093] {CVE-2025-40085}
 - net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649259] {CVE-2025-40173}
 - ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649222] {CVE-2025-40167}
 - media: pci: ivtv: Add check for DMA map result (Mikhail Kobuk) [Orabug: 38641260] {CVE-2024-43877}
 - pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649275] {CVE-2025-40178}
 - dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649056] {CVE-2025-40134}
 - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592032] {CVE-2025-40042}
 - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (Oleksij Rempel) [Orabug: 38649002] {CVE-2025-40120}
 - media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649397] {CVE-2025-40197}
 - Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649424] {CVE-2025-40200}
 - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug:
 38591958] {CVE-2025-40026}
 - ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649329] {CVE-2025-40190}
 - ext4: verify orphan file size is not too big (Jan Kara) [Orabug: 38649284] {CVE-2025-40179}
 - sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649450] {CVE-2025-40204}
 - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug:
 38649365] {CVE-2025-40194}
 - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649461] {CVE-2025-40205}
 - crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581454] {CVE-2025-40019}
 - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (Daniel Borkmann) [Orabug: 38649299] {CVE-2025-40183}
 - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649578] {CVE-2025-40186}
 - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649311] {CVE-2025-40187}
 - drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643545] {CVE-2025-40111}
 - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557653] {CVE-2025-40001}
 - pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug:
 38591980] {CVE-2025-40030}
 - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592000] {CVE-2025-40035}
 - mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649149] {CVE-2025-40153}
 - fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592047] {CVE-2025-40044}
 - uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592066] {CVE-2025-40048}
 - Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592076] {CVE-2025-40049}
 - net: dlink: handle copy_thresh allocation failure (Moon Yeounsu) [Orabug: 38592097] {CVE-2025-40053}
 - ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592109] {CVE-2025-40055}
 - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649095] {CVE-2025-40140}
 - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648980] {CVE-2025-40115}
 - ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581444] {CVE-2025-40018}
 - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649006] {CVE-2025-40121}
 - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649156] {CVE-2025-40154}
 - pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592169] {CVE-2025-40070}
 - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649566] {CVE-2025-40118}
 - bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592204] {CVE-2025-40078}
 - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (Daniel Wagner) [Orabug: 38649248] {CVE-2025-40171}
 - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug:
 38649025] {CVE-2025-40125}
 - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592220] {CVE-2025-40081}
 - net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591964] {CVE-2025-40027}
 - crypto: rng - Ensure set_ent is always present (Herbert Xu) [Orabug: 38643530] {CVE-2025-40109}
 - media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548036] {CVE-2025-39994}
 - udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844324] {CVE-2025-22058}
 - media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548026] {CVE-2025-39993}
 - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug:
 38548050] {CVE-2025-39996}
 - scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug:
 38548058] {CVE-2025-39998}
 - i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547951,38603025,38607608] {CVE-2025-39973}
 - i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547937] {CVE-2025-39971}
 - i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547928] {CVE-2025-39969}
 - mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560480] {CVE-2025-40006}
 - fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547912] {CVE-2025-39967}
 - tracing: dynevent: Add a missing lockdown check on dynevent (Masami Hiramatsu) [Orabug: 38581470] {CVE-2025-40021}
 - i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547922] {CVE-2025-39968}
 - i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547932] {CVE-2025-39970}
 - i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547945] {CVE-2025-39972}
 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38641289] {CVE-2025-40022}
 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug:
 38537468,38575792,38575804] {CVE-2025-39964}
 - drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560495] {CVE-2025-40011}
 - nexthop: Forbid FDB status change while nexthop is in a group (Ido Schimmel) [Orabug: 38547971] {CVE-2025-39980}
 - can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581461] {CVE-2025-40020}
 - cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503848] {CVE-2025-39945}
 - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526387] {CVE-2025-39955}
 - qed: Don't collect too many protection override GRC elements (Jamie Bainbridge) [Orabug: 38503869] {CVE-2025-39949}
 - cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503891] {CVE-2025-39953}
 - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug:
 38461847] {CVE-2025-39883}
 - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug:
 38494821] {CVE-2025-39923}
 - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494786] {CVE-2025-39911}
 - libceph: fix invalid accesses to ceph_connection_v1_info (Ilya Dryomov) [Orabug: 38461836] {CVE-2025-39880}
 - ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461858] {CVE-2025-39885}
 - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494796] {CVE-2025-39913}
 - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug:
 37901603] {CVE-2025-23143}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-28048.html

Plugin Details

Severity: High

ID: 278563

File Name: oraclelinux_ELSA-2025-28048.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/12/2025

Updated: 12/12/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:C

CVSS Score Source: CVE-2024-43877

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-container, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek64k, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, cpe:/o:oracle:linux:9:7:baseos_patch, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek-core

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/11/2025

Vulnerability Publication Date: 8/21/2024

Reference Information

CVE: CVE-2024-43876, CVE-2024-43877, CVE-2025-22058, CVE-2025-23143, CVE-2025-38678, CVE-2025-39880, CVE-2025-39883, CVE-2025-39885, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39945, CVE-2025-39949, CVE-2025-39953, CVE-2025-39955, CVE-2025-39964, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39993, CVE-2025-39994, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40018, CVE-2025-40019, CVE-2025-40020, CVE-2025-40021, CVE-2025-40022, CVE-2025-40026, CVE-2025-40027, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40085, CVE-2025-40087, CVE-2025-40092, CVE-2025-40094, CVE-2025-40105, CVE-2025-40109, CVE-2025-40111, CVE-2025-40115, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40125, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40171, CVE-2025-40173, CVE-2025-40178, CVE-2025-40179, CVE-2025-40183, CVE-2025-40186, CVE-2025-40187, CVE-2025-40190, CVE-2025-40194, CVE-2025-40197, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205