Detections
Analytics
Oracle Linux 8 : kernel (ELSA-2026-2720)
high Nessus Plugin ID 299335
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2720 advisory.- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_conn: Consolidate code for aborting connections (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: Fix printing errors if LE Connection times out (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: Move hci_abort_conn to hci_conn.c (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: mgmt: Fix using hci_conn_abort (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_conn: Fix hci_connect_le_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_sync: Cleanup hci_conn if it cannot be aborted (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_event: Fix checking for invalid handle on error status (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_sync: fix undefined return of hci_disconnect_all_sync() (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_event: Ignore multiple conn complete events (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (David Marlin) [RHEL-137111] {CVE-2023-53762}
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137678] {CVE-2025-40304}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 299335
File Name: oraclelinux_ELSA-2026-2720.nasl
Version: 1.1
Type: local
Agent: unix
Published: 2/17/2026
Updated: 2/17/2026
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:P/A:C
CVSS Score Source: CVE-2025-40304
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-modules, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-abi-stablelists, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-debug-core, cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-modules-extra, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 2/16/2026
Vulnerability Publication Date: 11/12/2025