Detections
Analytics

Oracle Linux 10 : Unbreakable Enterprise kernel (ELSA-2026-50112)

high Nessus Plugin ID 299777

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50112 advisory.

 - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug:
 38649136] {CVE-2025-40149}
 - fuse: fix runtime warning on truncate_folio_batch_exceptionals() (Haiyue Wang) [Orabug: 38516705] {CVE-2025-38357}
 - PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (Breno Leitao) [Orabug: 38597009] {CVE-2025-40034}
 - bnxt_en: Shutdown FW DMA in bnxt_shutdown() (Michael Chan) [Orabug: 38747442] {CVE-2025-40330}
 - mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38750222,38773368] {CVE-2025-68209}
 - bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (Gautam R A) [Orabug: 38773315] {CVE-2025-68197}
 - iomap: allocate s_dio_done_wq for async reads as well (Christoph Hellwig) [Orabug: 38798795] {CVE-2025-68357}
 - usbnet: Fix using smp_processor_id() in preemptible code warnings (Zqiang) [Orabug: 38649205] {CVE-2025-40164}
 - net: use dst_dev_rcu() in sk_setup_caps() (Eric Dumazet) [Orabug: 38649240] {CVE-2025-40170}
 - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (Xiao Ni) [Orabug: 37855392] {CVE-2025-40325}
 - netfilter: nft_ct: add seqadj extension for natted connections (Andrii Melnychenko) [Orabug: 38773355] {CVE-2025-68206}
 - svcrdma: bound check rq_pages index in inline path (Joshua Rogers) [Orabug: 38847975] {CVE-2025-71068}
 - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (Niemiec, Krzysztof) [Orabug:
 38852366] {CVE-2025-71130}
 - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (Nikolay Kuratov) [Orabug: 38852395] {CVE-2025-71138}
 - drm/ttm: Avoid NULL pointer deref for evicted BOs (Simon Richter) [Orabug: 38848051] {CVE-2025-71083}
 - e1000: fix OOB in e1000_tbi_should_accept() (Guangshuo Li) [Orabug: 38848098] {CVE-2025-71093}
 - RDMA/cm: Fix leaking the multicast GID table reference (Jason Gunthorpe) [Orabug: 38848057] {CVE-2025-71084}
 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (Jason Gunthorpe) [Orabug: 38848116] {CVE-2025-71096}
 - clk: samsung: exynos-clkout: Assign .num before accessing .hws (Nathan Chancellor) [Orabug: 38852404] {CVE-2025-71143}
 - iommu: disable SVA when CONFIG_X86 is set (Lu Baolu) [Orabug: 38848082] {CVE-2025-71089}
 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (Tuo Li) [Orabug:
 38852384] {CVE-2025-71135}
 - RDMA/irdma: avoid invalid read in irdma_net_event (Michal Schmidt) [Orabug: 38852378] {CVE-2025-71133}
 - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (Jiayuan Chen) [Orabug: 38848033] {CVE-2025-71080}
 - ipv4: Fix reference count leak when using error routes with nexthop objects (Ido Schimmel) [Orabug:
 38848124] {CVE-2025-71097}
 - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (Will Rosenberg) [Orabug:
 38848060] {CVE-2025-71085}
 - net: stmmac: fix the crash issue for zero copy XDP_TX action (Wei Fang) [Orabug: 38848110] {CVE-2025-71095}
 - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (Junrui Luo) [Orabug:
 38848146] {CVE-2025-71101}
 - net: usb: asix: validate PHY address before use (Deepanshu Kartikey) [Orabug: 38848106] {CVE-2025-71094}
 - smc91x: fix broken irq-context in PREEMPT_RT (Levi Yun) [Orabug: 38852375] {CVE-2025-71132}
 - team: fix check for port enabled in team_queue_override_port_prio_changed() (Jiri Pirko) [Orabug:
 38848087] {CVE-2025-71091}
 - ip6_gre: make ip6gre_header() robust (Eric Dumazet) [Orabug: 38848130] {CVE-2025-71098}
 - Bluetooth: btusb: revert use of devm_kzalloc in btusb (Raphael Pinsonneault-Thibeault) [Orabug:
 38848042] {CVE-2025-71082}
 - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (Herbert Xu) [Orabug: 38852369] {CVE-2025-71131}
 - iavf: fix off-by-one issues in iavf_config_rss_reg() (Kohei Enju) [Orabug: 38848072] {CVE-2025-71087}
 - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (Morning Star) [Orabug: 38848143] {CVE-2025-71100}
 - fuse: fix readahead reclaim deadlock (Joanne Koong) [Orabug: 38847945] {CVE-2025-68821}
 - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (Gui-Dong Han) [Orabug: 38852299] {CVE-2025-71111}
 - crypto: af_alg - zero initialize memory allocated via sock_kmalloc (Shivani Agarwal) [Orabug: 38852311] {CVE-2025-71113}
 - sched/rt: Fix race in push_rt_task (Harshit Agarwal) [Orabug: 38158721] {CVE-2025-38234}
 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (Filipe Manana) [Orabug: 38847745] {CVE-2025-68778}
 - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852340] {CVE-2025-71120}
 - svcrdma: use rc_pageoff for memcpy byte offset (Joshua Rogers) [Orabug: 38847896] {CVE-2025-68811}
 - NFSD: NFSv4 file creation neglects setting ACL (Chuck Lever) [Orabug: 38847871] {CVE-2025-68803}
 - fsnotify: do not generate ACCESS/MODIFY events on child for special files (Amir Goldstein) [Orabug:
 38847799] {CVE-2025-68788}
 - tracing: Do not register unsupported perf events (Steven Rostedt) [Orabug: 38852354] {CVE-2025-71125}
 - xfs: fix a UAF problem in xattr repair (Darrick J. Wong) [Orabug: 38847781] {CVE-2025-68784}
 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (Fuqiang Wang) [Orabug:
 38852272] {CVE-2025-71104}
 - libceph: make decode_pool() more resilient against corrupted osdmaps (Ilya Dryomov) [Orabug: 38852324] {CVE-2025-71116}
 - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (Prithvi Tambewagh) [Orabug: 38847687] {CVE-2025-68771}
 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (Sean Christopherson) [Orabug:
 38847894] {CVE-2025-68810}
 - scsi: target: Reset t_task_cdb pointer in error case (Andrey Vatoropin) [Orabug: 38847769] {CVE-2025-68782}
 - scsi: aic94xx: fix use-after-free in device removal path (Junrui Luo) [Orabug: 38848008] {CVE-2025-71075}
 - scsi: Revert 'scsi: qla2xxx: Perform lockless command completion in abort path' (Tony Battersby) [Orabug: 38847928] {CVE-2025-68818}
 - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (Jeongjun Park) [Orabug: 38847936] {CVE-2025-68819}
 - mptcp: avoid deadlock on fallback while reinjecting (Paolo Abeni) [Orabug: 38852415] {CVE-2025-71126}
 - ext4: xattr: fix null pointer deref in ext4_raw_inode() (Karina Yankevich) [Orabug: 38848274] {CVE-2025-68820}
 - ext4: fix string copying in parse_apply_sb_mount_options() (Fedor Pchelkin) [Orabug: 38852413] {CVE-2025-71123}
 - tpm: Cap the number of PCR banks (Jarkko Sakkinen) [Orabug: 38848016] {CVE-2025-71077}
 - io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 38847904] {CVE-2025-68814}
 - usb: typec: ucsi: Handle incorrect num_connectors capability (Mark Pearson) [Orabug: 38852284] {CVE-2025-71108}
 - via_wdt: fix critical boot hang due to unnamed resource allocation (Li Qiang) [Orabug: 38852317] {CVE-2025-71114}
 - ALSA: usb-mixer: us16x08: validate meter packet indices (Shipei Qu) [Orabug: 38847774] {CVE-2025-68783}
 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (Shaurya Rane) [Orabug: 38847723] {CVE-2025-68776}
 - Input: alps - fix use-after-free bugs caused by dev3_register_work (Duoming Zhou) [Orabug: 38847948] {CVE-2025-68822}
 - hwmon: (ibmpex) fix use-after-free in high/low store (Junrui Luo) [Orabug: 38847806] {CVE-2025-68789}
 - net/handshake: duplicate handshake cancellations leak socket (Scott Mayhew) [Orabug: 38847719] {CVE-2025-68775}
 - net/mlx5: fw_tracer, Validate format string parameters (Shay Drory) [Orabug: 38847913] {CVE-2025-68816}
 - ethtool: Avoid overflowing userspace buffer on stats query (Gal Pressman) [Orabug: 38847825] {CVE-2025-68795}
 - net/sched: ets: Remove drr class from the active list if it changes to strict (Victor Nogueira) [Orabug:
 38847909] {CVE-2025-68815}
 - ipvs: fix ipv4 null-ptr-deref in route error path (Slavin Liu) [Orabug: 38847899] {CVE-2025-68813}
 - net: openvswitch: fix middle attribute validation in push_nsh() action (Ilya Maximets) [Orabug:
 38847783] {CVE-2025-68785}
 - bnxt_en: Fix XDP_TX path (Michael Chan) [Orabug: 38847683] {CVE-2025-68770}
 - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (Jamal Hadi Salim) [Orabug: 38847964] {CVE-2025-71066}
 - ACPICA: Avoid walking the Namespace if start_node is NULL (Cryolitia Pukngae) [Orabug: 38852332] {CVE-2025-71118}
 - sched/deadline: only set free_cpus for online runqueues (Doug Berger) [Orabug: 38847752] {CVE-2025-68780}
 - perf/x86/amd: Check event before enable to avoid GPF (George Kennedy) [Orabug: 38847848] {CVE-2025-68798}
 - iomap: adjust read range correctly for non-block-aligned positions (Joanne Koong) [Orabug: 38847819] {CVE-2025-68794}
 - shmem: fix recovery on rename failures (Al Viro) [Orabug: 38847988] {CVE-2025-71072}
 - tcp_metrics: use dst_dev_net_rcu() (Eric Dumazet) [Orabug: 38592188] {CVE-2025-40075}
 - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (Duoming Zhou) [Orabug: 38783113] {CVE-2025-68324}
 - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock (Mohamed Khalfella) [Orabug:
 38818209] {CVE-2025-68756}
 - block: fix memory leak in __blkdev_issue_zero_pages (Shaurya Rane) [Orabug: 38798772] {CVE-2025-68348}
 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (Trond Myklebust) [Orabug:
 38818236] {CVE-2025-68764}
 - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (Jonathan Curley) [Orabug:
 38798774] {CVE-2025-68349}
 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (Xiang Mei) [Orabug: 38783136] {CVE-2025-68325}
 - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (Sparkhuang) [Orabug:
 38798786] {CVE-2025-68354}
 - gfs2: Prevent recursive memory reclaim (Andreas Gruenbacher) [Orabug: 38798793] {CVE-2025-68356}
 - ima: Handle error code returned by ima_filter_rule_match() (Zhao Yipeng) [Orabug: 38798921] {CVE-2025-68740}
 - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (Seungjin Bae) [Orabug:
 38798814] {CVE-2025-68362}
 - scsi: qla2xxx: Fix improper freeing of purex item (Zilin Guan) [Orabug: 38798928] {CVE-2025-68741}
 - bpf: Fix invalid prog->stats access when update_effective_progs fails (Pu Lehui) [Orabug: 38798931] {CVE-2025-68742}
 - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (Abdun Nihaal) [Orabug: 38818221] {CVE-2025-68759}
 - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (Martin Kafai Lau) [Orabug: 38798820] {CVE-2025-68363}
 - bpf: Free special fields when update [lru_,]percpu_hash maps (Leon Hwang) [Orabug: 38798936] {CVE-2025-68744}
 - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() (Dmitry Antipov) [Orabug: 38798823] {CVE-2025-68364}
 - nbd: defer config unlock in nbd_genl_connect (Zheng Qixing) [Orabug: 38798832] {CVE-2025-68366}
 - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (Long Li) [Orabug: 38798837] {CVE-2025-68367}
 - scsi: smartpqi: Fix device resources accessed after device removal (Mike Mcgowen) [Orabug: 38798847] {CVE-2025-68371}
 - nbd: defer config put in recv_work (Zheng Qixing) [Orabug: 38798850] {CVE-2025-68372}
 - md: fix rcu protection in md_wakeup_thread (Yun Zhou) [Orabug: 38798857] {CVE-2025-68374}
 - spi: tegra210-quad: Fix timeout handling (Vishwaroop A) [Orabug: 38798943] {CVE-2025-68746}
 - bpf: Fix stackmap overflow check in __bpf_get_stackid() (Arnaud Lecomte) [Orabug: 38798864] {CVE-2025-68378}
 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (Zhu Yanjun) [Orabug: 38798867] {CVE-2025-68379}
 - wifi: ath11k: fix peer HE MCS assignment (Baochen Qiang) [Orabug: 38798872] {CVE-2025-68380}
 - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (Thorsten Blum) [Orabug:
 38798874] {CVE-2025-68724}
 - drm/vgem-fence: Fix potential deadlock on release (Janusz Krzysztofik) [Orabug: 38818211] {CVE-2025-68757}
 - gpu: host1x: Fix race in syncpt alloc/free (Mainak Sen) [Orabug: 38798898] {CVE-2025-68732}
 - nvme: fix admin request_queue lifetime (Keith Busch) [Orabug: 38773611] {CVE-2025-68265}
 - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (Omar Sandoval) [Orabug: 38773578] {CVE-2025-68259}
 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (Alexey Nepomnyashih) [Orabug:
 38773586] {CVE-2025-68261}
 - ext4: refresh inline data size before write operations (Deepanshu Kartikey) [Orabug: 38773602] {CVE-2025-68264}
 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (Ye Bin) [Orabug:
 38792632] {CVE-2025-68337}
 - xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730491,38854317] {CVE-2025-40215}
 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (Thomas Zimmermann) [Orabug: 38773709] {CVE-2025-68296}
 - mm/huge_memory: fix NULL pointer deference when splitting folio (Wei Yang) [Orabug: 38773700] {CVE-2025-68293}
 - usb: gadget: udc: fix use-after-free in usb_gadget_state_work (Jimmy Hu) [Orabug: 38773635] {CVE-2025-68282}
 - libceph: replace BUG_ON with bounds check for map->max_osd (Ziming Zhang) [Orabug: 38773641] {CVE-2025-68283}
 - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (Ziming Zhang) [Orabug:
 38773648] {CVE-2025-68284}
 - libceph: fix potential use-after-free in have_mon_and_osd_map() (Ilya Dryomov) [Orabug: 38773654] {CVE-2025-68285}
 - drm/amd/display: Check NULL before accessing (Alex Hung) [Orabug: 38773661] {CVE-2025-68286}
 - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (Owen Gu) [Orabug: 38792592] {CVE-2025-68331}
 - usb: storage: sddr55: Reject out-of-bound new_pba (Tianchu Chen) [Orabug: 38762728] {CVE-2025-40345}
 - usb: storage: Fix memory leak in USB bulk transport (Desnes Nunes) [Orabug: 38773676] {CVE-2018-1000204,CVE-2025-68288}
 - mm/memfd: fix information leak in hugetlb folios (Deepanshu Kartikey) [Orabug: 38773697] {CVE-2025-68292}
 - smb: client: fix memory leak in cifs_construct_tcon() (Paulo Alcantara) [Orabug: 38773703] {CVE-2025-68295}
 - ceph: fix crash in process_v2_sparse_read() for encrypted directories (Viacheslav Dubeyko) [Orabug:
 38773716] {CVE-2025-68297}
 - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref (Douglas Anderson) [Orabug:
 38773723] {CVE-2025-68298}
 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (Deepanshu Kartikey) [Orabug:
 38792583] {CVE-2025-68329}
 - iio: accel: bmc150: Fix irq assumption regression (Linus Walleij) [Orabug: 38792585] {CVE-2025-68330}
 - fs/namespace: fix reference leak in grab_requested_mnt_ns (Andrei Vagin) [Orabug: 38773950] {CVE-2025-68300}
 - net: atlantic: fix fragment overflow handling in RX path (Jiefeng Zhang) [Orabug: 38773728] {CVE-2025-68301}
 - team: Move team device type change at the end of team_port_add (Nikola Z. Ivanov) [Orabug: 38796270] {CVE-2025-68340}
 - veth: reduce XDP no_direct return section to fix race (Jesper Dangaard Brouer) [Orabug: 38796276] {CVE-2025-68341}
 - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (Edward Adam Davis) [Orabug:
 38773949] {CVE-2025-68305}
 - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface (Chris Lu) [Orabug:
 38773748] {CVE-2025-68306}
 - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data (Marc Kleine- Budde) [Orabug: 38796278] {CVE-2025-68342}
 - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header (Marc Kleine- Budde) [Orabug: 38796285] {CVE-2025-68343}
 - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (Marc Kleine-Budde) [Orabug: 38773751] {CVE-2025-68307}
 - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (Seungjin Bae) [Orabug: 38773759] {CVE-2025-68308}
 - xfs: fix out of bounds memory read error in symlink repair (Darrick J. Wong) [Orabug: 38730602] {CVE-2025-40246}
 - mptcp: fix a race in mptcp_pm_del_add_timer() (Eric Dumazet) [Orabug: 38730655] {CVE-2025-40257}
 - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (Samuel Zhang) [Orabug: 38773445] {CVE-2025-68230}
 - scsi: core: Fix a regression triggered by scsi_host_busy() (Bart Van Assche) [Orabug: 38773425] {CVE-2025-68224}
 - vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730610] {CVE-2025-40248}
 - cifs: fix memory leak in smb3_fs_context_parse_param error path (Shaurya Rane) [Orabug: 38773403] {CVE-2025-68219}
 - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (Shay Drory) [Orabug: 38730623] {CVE-2025-40251}
 - ice: fix PTP cleanup on driver removal in error path (Grzegorz Nitka) [Orabug: 38773389] {CVE-2025-68215}
 - idpf: fix possible vport_config NULL pointer deref in remove (Emil Tantilov) [Orabug: 38773956] {CVE-2025-68213}
 - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Pavel Zhigulin) [Orabug: 38730628] {CVE-2025-40252}
 - nvme-multipath: fix lockdep WARN due to partition scan work (Shin'Ichiro Kawasaki) [Orabug: 38773400] {CVE-2025-68218}
 - net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730647] {CVE-2025-40254}
 - drm/tegra: Add call to put_pid() (Prateek Agarwal) [Orabug: 38773463] {CVE-2025-68233}
 - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (Robert Mcclinton) [Orabug:
 38773418] {CVE-2025-68223}
 - mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38730658] {CVE-2025-40258}
 - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773439] {CVE-2025-68229}
 - scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730661] {CVE-2025-40259}
 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [Orabug:
 38730672] {CVE-2025-40261}
 - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (Nam Cao) [Orabug: 38773467] {CVE-2025-68235}
 - mm/mempool: fix poisoning order>0 pages with HIGHMEM (Vlastimil Babka) [Orabug: 38773453] {CVE-2025-68231}
 - Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730679] {CVE-2025-40263}
 - be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730688] {CVE-2025-40264}
 - mptcp: Fix proto fallback detection with BPF (Jiayuan Chen) [Orabug: 38773434] {CVE-2025-68227}
 - mtdchar: fix integer overflow in read/write ioctls (Dan Carpenter) [Orabug: 38773476] {CVE-2025-68237}
 - timers: Fix NULL function pointer race in timer_shutdown_sync() (Yipeng Zou) [Orabug: 38773387] {CVE-2025-68214}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-50112.html

Plugin Details

Severity: High

ID: 299777

File Name: oraclelinux_ELSA-2026-50112.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/23/2026

Updated: 2/23/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2018-1000204

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-38357

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek64k-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-core, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-core, p-cpe:/a:oracle:linux:kernel-uek64k, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek64k-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek64k-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, cpe:/o:oracle:linux:10, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek64k-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules-core, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-deprecated

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/20/2026

Vulnerability Publication Date: 6/8/2018

Reference Information

CVE: CVE-2018-1000204, CVE-2025-38234, CVE-2025-38276, CVE-2025-38357, CVE-2025-40034, CVE-2025-40075, CVE-2025-40149, CVE-2025-40164, CVE-2025-40170, CVE-2025-40215, CVE-2025-40246, CVE-2025-40248, CVE-2025-40251, CVE-2025-40252, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40263, CVE-2025-40264, CVE-2025-40266, CVE-2025-40325, CVE-2025-40330, CVE-2025-40345, CVE-2025-68197, CVE-2025-68206, CVE-2025-68209, CVE-2025-68213, CVE-2025-68214, CVE-2025-68215, CVE-2025-68218, CVE-2025-68219, CVE-2025-68223, CVE-2025-68227, CVE-2025-68229, CVE-2025-68230, CVE-2025-68231, CVE-2025-68233, CVE-2025-68235, CVE-2025-68237, CVE-2025-68259, CVE-2025-68261, CVE-2025-68264, CVE-2025-68265, CVE-2025-68282, CVE-2025-68283, CVE-2025-68284, CVE-2025-68285, CVE-2025-68286, CVE-2025-68288, CVE-2025-68292, CVE-2025-68293, CVE-2025-68295, CVE-2025-68296, CVE-2025-68297, CVE-2025-68298, CVE-2025-68300, CVE-2025-68301, CVE-2025-68305, CVE-2025-68306, CVE-2025-68307, CVE-2025-68308, CVE-2025-68324, CVE-2025-68325, CVE-2025-68329, CVE-2025-68330, CVE-2025-68331, CVE-2025-68337, CVE-2025-68340, CVE-2025-68341, CVE-2025-68342, CVE-2025-68343, CVE-2025-68348, CVE-2025-68349, CVE-2025-68354, CVE-2025-68356, CVE-2025-68357, CVE-2025-68362, CVE-2025-68363, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68371, CVE-2025-68372, CVE-2025-68374, CVE-2025-68378, CVE-2025-68379, CVE-2025-68380, CVE-2025-68724, CVE-2025-68732, CVE-2025-68740, CVE-2025-68741, CVE-2025-68742, CVE-2025-68744, CVE-2025-68746, CVE-2025-68756, CVE-2025-68757, CVE-2025-68759, CVE-2025-68764, CVE-2025-68770, CVE-2025-68771, CVE-2025-68775, CVE-2025-68776, CVE-2025-68778, CVE-2025-68780, CVE-2025-68782, CVE-2025-68783, CVE-2025-68784, CVE-2025-68785, CVE-2025-68788, CVE-2025-68794, CVE-2025-68795, CVE-2025-68798, CVE-2025-68803, CVE-2025-68810, CVE-2025-68811, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-68822, CVE-2025-71066, CVE-2025-71068, CVE-2025-71072, CVE-2025-71075, CVE-2025-71077, CVE-2025-71080, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71087, CVE-2025-71089, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71095, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71100, CVE-2025-71101, CVE-2025-71104, CVE-2025-71108, CVE-2025-71111, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118