Detections
Analytics
Oracle Linux 9 : Unbreakable Enterprise kernel (ELSA-2026-50113)
high Nessus Plugin ID 299303
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50113 advisory.- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [Orabug: 38334981] {CVE-2025-38571}
- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [Orabug: 38334968] {CVE-2025-38566}
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730492] {CVE-2025-40215}
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (Xiang Mei) [Orabug: 38783137] {CVE-2025-68325}
- fuse: fix readahead reclaim deadlock (Joanne Koong) [Orabug: 38847946] {CVE-2025-68821}
- PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (Breno Leitao) [Orabug: 38597010] {CVE-2025-40034}
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38420735,38773370] {CVE-2025-68209}
- scsi: megaraid_sas: Fix invalid node index (Chen Yu) [Orabug: 38175026] {CVE-2025-38239}
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (Yishai Hadas) [Orabug: 37766291,38463999] {CVE-2025-21888}
- scsi: pm80xx: Set phy->enable_completion only when we (Igor Pylypiv) [Orabug: 37159744] {CVE-2024-47666}
- usb: renesas_usbhs: Fix synchronous external abort on unbind (Claudiu Beznea) [Orabug: 38792571] {CVE-2025-68327}
- smb: client: fix memory leak in cifs_construct_tcon() (Paulo Alcantara) [Orabug: 38773704] {CVE-2025-68295}
- mptcp: Fix proto fallback detection with BPF (Jiayuan Chen) [Orabug: 38773435] {CVE-2025-68227}
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (Ziming Zhang) [Orabug:
38773649] {CVE-2025-68284}
- libceph: fix potential use-after-free in have_mon_and_osd_map() (Ilya Dryomov) [Orabug: 38773655] {CVE-2025-68285}
- drm/amd/display: Check NULL before accessing (Alex Hung) [Orabug: 38773664] {CVE-2025-68286}
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (Manish Nagar) [Orabug: 38773671] {CVE-2025-68287}
- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (Owen Gu) [Orabug: 38792593] {CVE-2025-68331}
- usb: storage: sddr55: Reject out-of-bound new_pba (Tianchu Chen) [Orabug: 38762730] {CVE-2025-40345}
- usb: storage: Fix memory leak in USB bulk transport (Desnes Nunes) [Orabug: 38773677] {CVE-2018-1000204,CVE-2025-68288}
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (Kuen-Han Tsai) [Orabug: 38773687] {CVE-2025-68289}
- iio: accel: bmc150: Fix irq assumption regression (Linus Walleij) [Orabug: 38792587] {CVE-2025-68330}
- net: atlantic: fix fragment overflow handling in RX path (Jiefeng Zhang) [Orabug: 38773729] {CVE-2025-68301}
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (Seungjin Bae) [Orabug: 38773760] {CVE-2025-68308}
- mptcp: fix a race in mptcp_pm_del_add_timer() (Eric Dumazet) [Orabug: 38730656] {CVE-2025-40257}
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug:
38773509] {CVE-2025-68245}
- btrfs: fix crash on racing fsync and size-extending write into prealloc (Omar Sandoval) [Orabug:
36774582] {CVE-2024-37354}
- mm/secretmem: fix use-after-free race in fault handler (Lance Yang) [Orabug: 38737039] {CVE-2025-40272}
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug:
38730611,38786193,38788594] {CVE-2025-40248}
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Pavel Zhigulin) [Orabug: 38730629] {CVE-2025-40252}
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730648] {CVE-2025-40254}
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38730659] {CVE-2025-40258}
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773440] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730663] {CVE-2025-40259}
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [Orabug:
38730673] {CVE-2025-40261}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730680] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730689] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798907] {CVE-2025-68734}
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (Takashi Iwai) [Orabug: 38737023] {CVE-2025-40269}
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737033,38786194,38788587] {CVE-2025-40271}
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773495] {CVE-2025-68241}
- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (Olga Kornievskaia) [Orabug: 38737042] {CVE-2025-40273}
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs) [Orabug: 38592026] {CVE-2025-40040}
- bpf: Add bpf_prog_run_data_pointers() (Eric Dumazet) [Orabug: 38773327] {CVE-2025-68200}
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug:
38737051] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737060] {CVE-2025-40277}
- net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (Ranganath V N) [Orabug: 38737072] {CVE-2025-40279}
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug:
38737082,38786195,38788585] {CVE-2025-40280}
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug:
38737090] {CVE-2025-40281}
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737103] {CVE-2025-40283}
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (Janusz Krzysztofik) [Orabug:
38773506] {CVE-2025-68244}
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773282] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747446] {CVE-2025-40331}
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug:
38737181] {CVE-2025-40304}
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737212] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737223] {CVE-2025-40309}
- fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock (Chuguangqing) [Orabug: 38773127] {CVE-2025-40361}
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug:
38773244] {CVE-2025-68185}
- page_pool: always add GFP_NOWARN for ATOMIC allocations (Jakub Kicinski) [Orabug: 38773835] {CVE-2025-68321}
- udp_tunnel: use netdev_warn() instead of netdev_WARN() (Alok Tiwari) [Orabug: 38773275] {CVE-2025-68191}
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773297] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773140] {CVE-2025-40363}
- nvme-fc: use lock accessing port_state and rport state (Daniel Wagner) [Orabug: 38747531] {CVE-2025-40342}
- nvmet-fc: avoid scheduling association deletion twice (Daniel Wagner) [Orabug: 38747538] {CVE-2025-40343}
- drm/sysfb: Do not dereference NULL pointer in plane reset (Thomas Zimmermann) [Orabug: 38773123] {CVE-2025-40360}
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773783] {CVE-2025-68312}
- bpf: Sync pending IRQ work before freeing ring buffer (Noorain Eqbal) [Orabug: 38737284] {CVE-2025-40319}
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug:
38737291] {CVE-2025-40321}
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737300] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687004] {CVE-2025-40211}
- NFSD: Fix crash in nfsd4_read_release() (Chuck Lever) [Orabug: 38737315] {CVE-2025-40324}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 299303
File Name: oraclelinux_ELSA-2026-50113.nasl
Version: 1.1
Type: local
Agent: unix
Published: 2/17/2026
Updated: 2/17/2026
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N
CVSS Score Source: CVE-2018-1000204
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2025-38239
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek-modules, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Ease: No known exploits are available
Patch Publication Date: 2/15/2026
Vulnerability Publication Date: 6/8/2018
Reference Information
CVE: CVE-2018-1000204, CVE-2024-37354, CVE-2024-47666, CVE-2025-21888, CVE-2025-38239, CVE-2025-38566, CVE-2025-38571