Detections
Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50134)

medium Nessus Plugin ID 300763

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50134 advisory.

 - xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 39016501] {CVE-2025-40215}
 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}
 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
 - fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
 - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug:
 38773510] {CVE-2025-68245}
 - vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
 - net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
 - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
 - scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
 - Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
 - be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
 - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
 - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
 - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug:
 38737052] {CVE-2025-40275}
 - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
 - tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
 - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug:
 38737091] {CVE-2025-40281}
 - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
 - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
 - sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug:
 38737182] {CVE-2025-40304}
 - Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
 - Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
 - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug:
 38773245] {CVE-2025-68185}
 - media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
 - net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
 - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug:
 38737292] {CVE-2025-40321}
 - usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
 - fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
 - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-50134.html

Plugin Details

Severity: Medium

ID: 300763

File Name: oraclelinux_ELSA-2026-50134.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/4/2026

Updated: 3/4/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-40215

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 3/2/2026

Vulnerability Publication Date: 12/4/2025

Reference Information

CVE: CVE-2025-40215, CVE-2025-40256