Detections
Analytics

Oracle Linux 9 : Unbreakable Enterprise kernel (ELSA-2026-50145)

high Nessus Plugin ID 301901

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50145 advisory.

 - macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 39057366] {CVE-2026-23209}
 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (Andrew Fasano) [Orabug: 39057346] {CVE-2026-23111}
 - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (Breno Leitao) [Orabug: 38970594] {CVE-2026-23202}
 - sfc: fix NULL dereferences in ef100_process_design_param() (Edward Cree) [Orabug: 37855346] {CVE-2025-37860}
 - wifi: cfg80211: init wiphy_work before allocating rfkill fails (Edward Adam Davis) [Orabug: 39004275] {CVE-2025-22119}
 - wifi: cfg80211: cancel wiphy_work before freeing wiphy (Miri Korenblit) [Orabug: 39004414] {CVE-2025-21979}
 - HID: uclogic: Add NULL check in uclogic_input_configured() (Henry Martin) [Orabug: 39004242] {CVE-2025-38007}
 - usbnet: Fix using smp_processor_id() in preemptible code warnings (Zqiang) [Orabug: 38649206] {CVE-2025-40164}
 - NFSD: fix race between nfsd registration and exports_proc (Maninder Singh) [Orabug: 38158712] {CVE-2025-38232}
 - espintcp: fix skb leaks (Sabrina Dubroca) [Orabug: 38094997] {CVE-2025-38057}
 - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (Pedro Demarchi Gomes) [Orabug: 38773375] {CVE-2025-68211}
 - w1: therm: Fix off-by-one buffer overflow in alarms_store (Thorsten Blum) [Orabug: 38930799] {CVE-2025-71197}
 - scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() (Abdun Nihaal) [Orabug: 38931015] {CVE-2026-23087}
 - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug:
 38649138] {CVE-2025-40149}
 - rocker: fix memory leak in rocker_world_port_post_fini() (Kery Qi) [Orabug: 38970353] {CVE-2026-23164}
 - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (Jia-Hong Su) [Orabug: 38970605] {CVE-2026-23146}
 - bpf: Reject narrower access to pointer ctx fields (Paul Chaignon) [Orabug: 38335081] {CVE-2025-38591}
 - bpf: Do not let BPF test infra emit invalid GSO types to stack (Daniel Borkmann) [Orabug: 38798882] {CVE-2025-68725}
 - migrate: correct lock ordering for hugetlb file folios (Matthew Wilcox) [Orabug: 38931067] {CVE-2026-23097}
 - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38931121] {CVE-2026-23108}
 - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug:
 38930883] {CVE-2026-23061}
 - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38930860] {CVE-2026-23058}
 - irqchip/gic-v3-its: Avoid truncating memory addresses (Arnd Bergmann) [Orabug: 38931002] {CVE-2026-23085}
 - intel_th: fix device leak on output open() (Johan Hovold) [Orabug: 38931041] {CVE-2026-23091}
 - wifi: rsi: Fix memory corruption due to not set vif driver data size (Marek Vasut) [Orabug: 38930941] {CVE-2026-23073}
 - wifi: ath10k: fix dma_free_coherent() pointer (Thomas Fourier) [Orabug: 38970255] {CVE-2026-23133}
 - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (Berk Cem Goksel) [Orabug: 38931030] {CVE-2026-23089}
 - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (Takashi Iwai) [Orabug: 38930967] {CVE-2026-23076}
 - leds: led-class: Only Add LED to leds_list when it is fully ready (Hans de Goede) [Orabug: 38931092] {CVE-2026-23101}
 - bonding: provide a net pointer to __skb_flow_dissect() (Eric Dumazet) [Orabug: 38970200] {CVE-2026-23119}
 - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (Andrey Vatoropin) [Orabug: 38930993] {CVE-2026-23084}
 - ipv6: annotate data-race in ndisc_router_discovery() (Eric Dumazet) [Orabug: 38970223] {CVE-2026-23124}
 - mISDN: annotate data-race around dev->work (Eric Dumazet) [Orabug: 38970211] {CVE-2026-23121}
 - regmap: Fix race condition in hwspinlock irqsave routine (Cheng-Yu Lee) [Orabug: 38930931] {CVE-2026-23071}
 - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Taeyang Lee) [Orabug:
 38930875] {CVE-2026-23060}
 - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (Jamal Hadi Salim) [Orabug: 38931111] {CVE-2026-23105}
 - net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930949] {CVE-2026-23074}
 - ipvlan: Make the addrs_lock be per port (Dmitry Skorodumov) [Orabug: 38931103] {CVE-2026-23103}
 - l2tp: avoid one data-race in l2tp_tunnel_del_work() (Eric Dumazet) [Orabug: 38970203] {CVE-2026-23120}
 - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (Xin Long) [Orabug: 38970226] {CVE-2026-23125}
 - bonding: limit BOND_MODE_8023AD to Ethernet devices (Eric Dumazet) [Orabug: 38931080] {CVE-2026-23099}
 - Fix memory leak in posix_clock_open() (Linus Torvalds) [Orabug: 39004188] {CVE-2024-26655}
 - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (Robbie Ko) [Orabug:
 38930779] {CVE-2025-71194}
 - dmaengine: bcm-sba-raid: fix device leak on probe (Johan Hovold) [Orabug: 38914728] {CVE-2025-71190}
 - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (Marek Vasut) [Orabug:
 38930830] {CVE-2026-23049}
 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (Yangerkun) [Orabug: 38970601] {CVE-2026-23145}
 - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (Tetsuo Handa) [Orabug: 38887710] {CVE-2026-22997}
 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (Eric Dumazet) [Orabug: 38887718] {CVE-2026-22999}
 - ipv4: ip_gre: make ipgre_header() robust (Eric Dumazet) [Orabug: 38887758] {CVE-2026-23011}
 - macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887730] {CVE-2026-23001}
 - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (Eric Dumazet) [Orabug: 38887738] {CVE-2026-23003}
 - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (Shivam Kumar) [Orabug: 38887714] {CVE-2026-22998}
 - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (Zilin Guan) [Orabug: 38914816] {CVE-2026-23038}
 - can: j1939: make j1939_session_activate() fail if device is no longer registered (Tetsuo Handa) [Orabug:
 38914675] {CVE-2025-71182}
 - nfsd: provide locking for v4_end_grace (Neil Brown) [Orabug: 38887659] {CVE-2026-22980}
 - arp: do not assume dev_hard_header() does not change skb->head (Eric Dumazet) [Orabug: 39004363] {CVE-2026-22988}
 - net: usb: pegasus: fix memory leak in update_eth_regs_async() (Petko Manolov) [Orabug: 38914761] {CVE-2026-23021}
 - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (Xiang Mei) [Orabug: 38872325] {CVE-2026-22976}
 - net: sock: fix hardened usercopy panic in sock_recv_errqueue (Weiming Shi) [Orabug: 38877947] {CVE-2026-22977}
 - netfilter: nf_conncount: update last_gc only when GC has been performed (Fernando Fernandez Mancera) [Orabug: 38970278] {CVE-2026-23139}
 - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (Ye Bin) [Orabug: 37844521] {CVE-2025-22121}
 - libceph: make calc_target() set t->paused, not just clear it (Ilya Dryomov) [Orabug: 38930821] {CVE-2026-23047}
 - libceph: return the handler error from mon_handle_auth_done() (Ilya Dryomov) [Orabug: 38887697] {CVE-2026-22992}
 - libceph: make free_choose_arg_map() resilient to partial allocation (Tuo Li) [Orabug: 38887691] {CVE-2026-22991}
 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (Ilya Dryomov) [Orabug: 38887685] {CVE-2026-22990}
 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (Ziming Zhang) [Orabug: 38887673] {CVE-2026-22984}
 - wifi: avoid kernel-infoleak from struct iw_point (Eric Dumazet) [Orabug: 38887650] {CVE-2026-22978}
 - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() (Thomas Fourier) [Orabug: 38914755] {CVE-2026-23020}
 - net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (Su Hui) [Orabug: 39004163] {CVE-2024-40928}
 - ext4: filesystems without casefold feature cannot be mounted with siphash (Lizhi Xu) [Orabug: 37206152] {CVE-2024-49968}
 - ipv4: Fix uninit-value access in __ip_make_skb() (Shigeru Yoshida) [Orabug: 36683410] {CVE-2024-36927}
 - ipv6: Fix potential uninit-value access in __ip6_make_skb() (Shigeru Yoshida) [Orabug: 36683284] {CVE-2024-36903}
 - HID: core: Harden s32ton() against conversion to 0 bits (Alan Stern) [Orabug: 38334903] {CVE-2025-38556}
 - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (Sean Christopherson) [Orabug: 37116451] {CVE-2024-46830}
 - page_pool: Fix use-after-free in page_pool_recycle_in_ring (Dong Chenchen) [Orabug: 38152994] {CVE-2025-38129}
 - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. (Thadeu Lima de Souza Cascardo) [Orabug:
 37844500] {CVE-2025-22111}
 - wifi: mac80211: Discard Beacon frames to non-broadcast address (Jouni Malinen) [Orabug: 38852361] {CVE-2025-71127}
 - NFSD: NFSv4 file creation neglects setting ACL (Chuck Lever) [Orabug: 38847872] {CVE-2025-68803}
 - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852341] {CVE-2025-71120}
 - crypto: af_alg - zero initialize memory allocated via sock_kmalloc (Shivani Agarwal) [Orabug: 38852312] {CVE-2025-71113}
 - svcrdma: bound check rq_pages index in inline path (Joshua Rogers) [Orabug: 38847976] {CVE-2025-71068}
 - tpm: Cap the number of PCR banks (Jarkko Sakkinen) [Orabug: 38848017] {CVE-2025-71077}
 - usb: gadget: udc: fix use-after-free in usb_gadget_state_work (Jimmy Hu) [Orabug: 38773636] {CVE-2025-68282}
 - usb: xhci: Apply the link chain quirk on NEC isoc endpoints (Michal Pecio) [Orabug: 37844150] {CVE-2025-22022}
 - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (Zack Rusin) [Orabug: 38643537] {CVE-2025-40110}
 - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (Zhu Yanjun) [Orabug:
 38094814] {CVE-2025-38022}
 - drm/ttm: Avoid NULL pointer deref for evicted BOs (Simon Richter) [Orabug: 38848052] {CVE-2025-71083}
 - e1000: fix OOB in e1000_tbi_should_accept() (Guangshuo Li) [Orabug: 38848099] {CVE-2025-71093}
 - RDMA/cm: Fix leaking the multicast GID table reference (Jason Gunthorpe) [Orabug: 38848058] {CVE-2025-71084}
 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (Jason Gunthorpe) [Orabug: 38848117] {CVE-2025-71096}
 - RDMA/irdma: avoid invalid read in irdma_net_event (Michal Schmidt) [Orabug: 38852379] {CVE-2025-71133}
 - ipv4: Fix reference count leak when using error routes with nexthop objects (Ido Schimmel) [Orabug:
 38848125] {CVE-2025-71097}
 - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (Will Rosenberg) [Orabug:
 38848061] {CVE-2025-71085}
 - net: usb: asix: validate PHY address before use (Deepanshu Kartikey) [Orabug: 38848107] {CVE-2025-71094}
 - smc91x: fix broken irq-context in PREEMPT_RT (Levi Yun) [Orabug: 38852376] {CVE-2025-71132}
 - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (Deepakkumar Karn) [Orabug: 38887620] {CVE-2025-71154}
 - team: fix check for port enabled in team_queue_override_port_prio_changed() (Jiri Pirko) [Orabug:
 38848088] {CVE-2025-71091}
 - ip6_gre: make ip6gre_header() robust (Eric Dumazet) [Orabug: 38848131] {CVE-2025-71098}
 - Bluetooth: btusb: revert use of devm_kzalloc in btusb (Raphael Pinsonneault-Thibeault) [Orabug:
 38848044] {CVE-2025-71082}
 - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (Herbert Xu) [Orabug: 38852370] {CVE-2025-71131}
 - iavf: fix off-by-one issues in iavf_config_rss_reg() (Kohei Enju) [Orabug: 38848073] {CVE-2025-71087}
 - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (Gui-Dong Han) [Orabug: 38852300] {CVE-2025-71111}
 - fsnotify: do not generate ACCESS/MODIFY events on child for special files (Amir Goldstein) [Orabug:
 38847800] {CVE-2025-68788}
 - tracing: Do not register unsupported perf events (Steven Rostedt) [Orabug: 38852355] {CVE-2025-71125}
 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (Fuqiang Wang) [Orabug:
 38852273] {CVE-2025-71104}
 - libceph: make decode_pool() more resilient against corrupted osdmaps (Ilya Dryomov) [Orabug: 38852325] {CVE-2025-71116}
 - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (Prithvi Tambewagh) [Orabug: 38847688] {CVE-2025-68771}
 - scsi: target: Reset t_task_cdb pointer in error case (Andrey Vatoropin) [Orabug: 38847770] {CVE-2025-68782}
 - scsi: aic94xx: fix use-after-free in device removal path (Junrui Luo) [Orabug: 38848009] {CVE-2025-71075}
 - scsi: Revert 'scsi: qla2xxx: Perform lockless command completion in abort path' (Tony Battersby) [Orabug: 38847931] {CVE-2025-68818}
 - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (Jeongjun Park) [Orabug: 38847937] {CVE-2025-68819}
 - ext4: xattr: fix null pointer deref in ext4_raw_inode() (Karina Yankevich) [Orabug: 38848276] {CVE-2025-68820}
 - KEYS: trusted: Fix a memory leak in tpm2_load_cmd (Jarkko Sakkinen) [Orabug: 38887597] {CVE-2025-71147}
 - usb: typec: ucsi: Handle incorrect num_connectors capability (Mark Pearson) [Orabug: 38852285] {CVE-2025-71108}
 - via_wdt: fix critical boot hang due to unnamed resource allocation (Li Qiang) [Orabug: 38852318] {CVE-2025-71114}
 - ALSA: usb-mixer: us16x08: validate meter packet indices (Shipei Qu) [Orabug: 38847775] {CVE-2025-68783}
 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (Shaurya Rane) [Orabug: 38847724] {CVE-2025-68776}
 - net/mlx5: fw_tracer, Validate format string parameters (Shay Drory) [Orabug: 38847914] {CVE-2025-68816}
 - ethtool: Avoid overflowing userspace buffer on stats query (Gal Pressman) [Orabug: 38847826] {CVE-2025-68795}
 - net/sched: ets: Remove drr class from the active list if it changes to strict (Victor Nogueira) [Orabug:
 38847910] {CVE-2025-68815}
 - ipvs: fix ipv4 null-ptr-deref in route error path (Slavin Liu) [Orabug: 38847900] {CVE-2025-68813}
 - netfilter: nf_conncount: fix leaked ct in error paths (Fernando Fernandez Mancera) [Orabug: 38974757] {CVE-2025-71146}
 - net: openvswitch: fix middle attribute validation in push_nsh() action (Ilya Maximets) [Orabug:
 38847784] {CVE-2025-68785}
 - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (Jamal Hadi Salim) [Orabug: 38847965] {CVE-2025-71066}
 - ACPICA: Avoid walking the Namespace if start_node is NULL (Cryolitia Pukngae) [Orabug: 38852333] {CVE-2025-71118}
 - sched/deadline: only set free_cpus for online runqueues (Doug Berger) [Orabug: 38847753] {CVE-2025-68780}
 - ALSA: dice: fix buffer overflow in detect_stream_formats() (Junrui Luo) [Orabug: 38798767] {CVE-2025-68346}
 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (Trond Myklebust) [Orabug:
 38818237] {CVE-2025-68764}
 - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (Jonathan Curley) [Orabug:
 38798775] {CVE-2025-68349}
 - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (Sparkhuang) [Orabug:
 38798787] {CVE-2025-68354}
 - ima: Handle error code returned by ima_filter_rule_match() (Zhao Yipeng) [Orabug: 38798922] {CVE-2025-68740}
 - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (Seungjin Bae) [Orabug:
 38798815] {CVE-2025-68362}
 - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (Abdun Nihaal) [Orabug: 38818222] {CVE-2025-68759}
 - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() (Dmitry Antipov) [Orabug: 38798824] {CVE-2025-68364}
 - nbd: defer config unlock in nbd_genl_connect (Zheng Qixing) [Orabug: 38798833] {CVE-2025-68366}
 - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (Long Li) [Orabug: 38798838] {CVE-2025-68367}
 - nbd: defer config put in recv_work (Zheng Qixing) [Orabug: 38798851] {CVE-2025-68372}
 - spi: tegra210-quad: Fix timeout handling (Vishwaroop A) [Orabug: 38798944] {CVE-2025-68746}
 - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (Thorsten Blum) [Orabug:
 38798875] {CVE-2025-68724}
 - drm/vgem-fence: Fix potential deadlock on release (Janusz Krzysztofik) [Orabug: 38818212] {CVE-2025-68757}
 - gpu: host1x: Fix race in syncpt alloc/free (Mainak Sen) [Orabug: 38798899] {CVE-2025-68732}
 - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (Navaneeth K) [Orabug: 38773544] {CVE-2025-68254}
 - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (Navaneeth K) [Orabug: 38773554] {CVE-2025-68255}
 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (Alexey Nepomnyashih) [Orabug:
 38773587] {CVE-2025-68261}
 - ext4: refresh inline data size before write operations (Deepanshu Kartikey) [Orabug: 38773603] {CVE-2025-68264}
 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (Ye Bin) [Orabug:
 38792633] {CVE-2025-68337}
 - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 39004269] {CVE-2025-40256}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-50145.html

Plugin Details

Severity: High

ID: 301901

File Name: oraclelinux_ELSA-2026-50145.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/11/2026

Updated: 3/11/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-22980

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-modules, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 3/10/2026

Vulnerability Publication Date: 4/1/2024

Reference Information

CVE: CVE-2024-26655, CVE-2024-36903, CVE-2024-36927, CVE-2024-40928, CVE-2024-46830, CVE-2024-49968, CVE-2025-21979, CVE-2025-22022, CVE-2025-22111, CVE-2025-22119, CVE-2025-22121, CVE-2025-37860, CVE-2025-38007, CVE-2025-38022, CVE-2025-38057, CVE-2025-38129, CVE-2025-38232, CVE-2025-38556, CVE-2025-38591, CVE-2025-40110, CVE-2025-40149, CVE-2025-40164, CVE-2025-40256, CVE-2025-68211, CVE-2025-68254, CVE-2025-68255, CVE-2025-68261, CVE-2025-68264, CVE-2025-68282, CVE-2025-68337, CVE-2025-68346, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68724, CVE-2025-68725, CVE-2025-68732, CVE-2025-68740, CVE-2025-68746, CVE-2025-68757, CVE-2025-68759, CVE-2025-68764, CVE-2025-68771, CVE-2025-68776, CVE-2025-68780, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68788, CVE-2025-68795, CVE-2025-68803, CVE-2025-68813, CVE-2025-68815, CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-71066, CVE-2025-71068, CVE-2025-71075, CVE-2025-71077, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71087, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71104, CVE-2025-71108, CVE-2025-71111, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71125, CVE-2025-71127, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71146, CVE-2025-71147, CVE-2025-71154, CVE-2025-71182, CVE-2025-71190, CVE-2025-71194, CVE-2025-71197, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22980, CVE-2026-22984, CVE-2026-22988, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23011, CVE-2026-23020, CVE-2026-23021, CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23058, CVE-2026-23060, CVE-2026-23061, CVE-2026-23071, CVE-2026-23073, CVE-2026-23074, CVE-2026-23076, CVE-2026-23084, CVE-2026-23085, CVE-2026-23087, CVE-2026-23089, CVE-2026-23091, CVE-2026-23097, CVE-2026-23099, CVE-2026-23101