Detections
Analytics

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50144)

high Nessus Plugin ID 301875

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50144 advisory.

 - mm/page_alloc: prevent pcp corruption with SMP=n (Vlastimil Babka) [Orabug: 38914772] {CVE-2026-23025}
 - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (Xu Wang) [Orabug: 38914781] {CVE-2026-23030}
 - bpf: Reject narrower access to pointer ctx fields (Paul Chaignon) [Orabug: 38335080] {CVE-2025-38591}
 - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (Seongjae Park) [Orabug: 38970289] {CVE-2026-23142}
 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (Robbie Ko) [Orabug:
 38930778] {CVE-2025-71194}
 - dmaengine: bcm-sba-raid: fix device leak on probe (Johan Hovold) [Orabug: 38914727] {CVE-2025-71190}
 - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (Marek Vasut) [Orabug:
 38930828] {CVE-2026-23049}
 - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (Seongjae Park) [Orabug: 38970294] {CVE-2026-23144}
 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (Yangerkun) [Orabug: 38970600] {CVE-2026-23145}
 - lib/buildid: use __kernel_read() for sleepable context (Shakeel Butt) [Orabug: 38887735] {CVE-2026-23002}
 - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (Tetsuo Handa) [Orabug: 38887709] {CVE-2026-22997}
 - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38914785] {CVE-2026-23031}
 - null_blk: fix kmemleak by releasing references to fault configfs items (Nilay Shroff) [Orabug: 38914794] {CVE-2026-23032}
 - bridge: mcast: Fix use-after-free during router port configuration (Ido Schimmel) [Orabug: 38175058] {CVE-2025-38248}
 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (Eric Dumazet) [Orabug: 38887717] {CVE-2026-22999}
 - ipv6: Fix use-after-free in inet6_addr_del(). (Kuniyuki Iwashima) [Orabug: 38887755] {CVE-2026-23010}
 - net: hv_netvsc: reject RSS hash key programming without RX indirection table (Aditya Garg) [Orabug:
 38930846] {CVE-2026-23054}
 - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (Saeed Mahameed) [Orabug: 38914806] {CVE-2026-23035}
 - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (Saeed Mahameed) [Orabug: 38887705] {CVE-2026-22996}
 - net/mlx5e: Fix crash on profile change rollback failure (Saeed Mahameed) [Orabug: 38887724] {CVE-2026-23000}
 - ipv4: ip_gre: make ipgre_header() robust (Eric Dumazet) [Orabug: 38887757] {CVE-2026-23011}
 - macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887729] {CVE-2026-23001}
 - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (Eric Dumazet) [Orabug: 38887737] {CVE-2026-23003}
 - btrfs: send: check for inline extents in range_is_hole_in_parent() (Qu Wenruo) [Orabug: 38970283] {CVE-2026-23141}
 - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (Shivam Kumar) [Orabug: 38887713] {CVE-2026-22998}
 - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (Zilin Guan) [Orabug: 38914815] {CVE-2026-23038}
 - NFS: Fix a deadlock involving nfs_release_folio() (Trond Myklebust) [Orabug: 38930844] {CVE-2026-23053}
 - pNFS: Fix a deadlock when returning a delegation during open() (Trond Myklebust) [Orabug: 38930834] {CVE-2026-23050}
 - x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (Sean Christopherson) [Orabug:
 38887746] {CVE-2026-23005}
 - tpm2-sessions: Fix out of range indexing in name_size (Jarkko Sakkinen) [Orabug: 38847816] {CVE-2025-68792}
 - can: j1939: make j1939_session_activate() fail if device is no longer registered (Tetsuo Handa) [Orabug:
 38914674] {CVE-2025-71182}
 - netfilter: nf_tables: avoid chain re-validation if possible (Florian Westphal) [Orabug: 38887632] {CVE-2025-71160}
 - bpf: Fix reference count leak in bpf_prog_test_run_xdp() (Tetsuo Handa) [Orabug: 38887701] {CVE-2026-22994}
 - bpf, test_run: Subtract size of xdp_frame from allowed metadata size (Toke Hoiland-Jorgensen) [Orabug:
 38970281] {CVE-2026-23140}
 - arp: do not assume dev_hard_header() does not change skb->head (Eric Dumazet) [Orabug: 38887789] {CVE-2026-22988}
 - net: usb: pegasus: fix memory leak in update_eth_regs_async() (Petko Manolov) [Orabug: 38914760] {CVE-2026-23021}
 - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (Xiang Mei) [Orabug: 38872324] {CVE-2026-22976}
 - idpf: fix memory leak in idpf_vport_rel() (Emil Tantilov) [Orabug: 38914769] {CVE-2026-23023}
 - net: fix memory leak in skb_segment_list for GRO packets (Mohammad Heib) [Orabug: 38887655] {CVE-2026-22979}
 - net: sock: fix hardened usercopy panic in sock_recv_errqueue (Weiming Shi) [Orabug: 38877945] {CVE-2026-22977}
 - netfilter: nf_conncount: update last_gc only when GC has been performed (Fernando Fernandez Mancera) [Orabug: 38970277] {CVE-2026-23139}
 - btrfs: fix NULL dereference on root when tracing inode eviction (Miquel Sabate Sola) [Orabug: 38914692] {CVE-2025-71184}
 - libceph: make calc_target() set t->paused, not just clear it (Ilya Dryomov) [Orabug: 38930820] {CVE-2026-23047}
 - libceph: reset sparse-read state in osd_fault() (Sam Edwards) [Orabug: 38970263] {CVE-2026-23136}
 - libceph: return the handler error from mon_handle_auth_done() (Ilya Dryomov) [Orabug: 38887696] {CVE-2026-22992}
 - libceph: make free_choose_arg_map() resilient to partial allocation (Tuo Li) [Orabug: 38887690] {CVE-2026-22991}
 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (Ilya Dryomov) [Orabug: 38887684] {CVE-2026-22990}
 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (Ziming Zhang) [Orabug: 38887672] {CVE-2026-22984}
 - wifi: avoid kernel-infoleak from struct iw_point (Eric Dumazet) [Orabug: 38887649] {CVE-2026-22978}
 - btrfs: always detect conflicting inodes when logging inode refs (Filipe Manana) [Orabug: 38914680] {CVE-2025-71183}
 - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() (Thomas Fourier) [Orabug: 38914754] {CVE-2026-23020}
 - nfsd: check that server is running in unlock_filesystem (Olga Kornievskaia) [Orabug: 38887681] {CVE-2026-22989}
 - nfsd: provide locking for v4_end_grace (Neil Brown) [Orabug: 38887658] {CVE-2026-22980}
 - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. (Thadeu Lima de Souza Cascardo) [Orabug:
 37844499] {CVE-2025-22111}
 - wifi: mac80211: Discard Beacon frames to non-broadcast address (Jouni Malinen) [Orabug: 38852360] {CVE-2025-71127}
 - mptcp: ensure context reset on disconnect() (Paolo Abeni) [Orabug: 38852416] {CVE-2025-71144}
 - mm/page_alloc: change all pageblocks migrate type on coalescing (Alexander Gordeev) [Orabug: 38852382] {CVE-2025-71134}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-50144.html

Plugin Details

Severity: High

ID: 301875

File Name: oraclelinux_ELSA-2026-50144.nasl

Version: 1.2

Type: local

Agent: unix

Published: 3/11/2026

Updated: 3/11/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-22980

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek64k-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-core, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-core, p-cpe:/a:oracle:linux:kernel-uek64k, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek64k-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek64k-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, cpe:/o:oracle:linux:10, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek64k-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules-core, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-deprecated

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 3/10/2026

Vulnerability Publication Date: 4/16/2025

Reference Information

CVE: CVE-2025-22111, CVE-2025-38248, CVE-2025-38591, CVE-2025-68792, CVE-2025-71088, CVE-2025-71127, CVE-2025-71134, CVE-2025-71144, CVE-2025-71160, CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71190, CVE-2025-71194, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980, CVE-2026-22984, CVE-2026-22988, CVE-2026-22989, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001, CVE-2026-23002, CVE-2026-23003, CVE-2026-23005, CVE-2026-23010, CVE-2026-23011, CVE-2026-23020, CVE-2026-23021, CVE-2026-23023, CVE-2026-23025, CVE-2026-23030, CVE-2026-23031, CVE-2026-23032, CVE-2026-23035, CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050, CVE-2026-23053, CVE-2026-23054, CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141, CVE-2026-23142, CVE-2026-23144, CVE-2026-23145