Detections
Analytics

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50160)

critical Nessus Plugin ID 303468

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50160 advisory.

 - mm/hugetlb: fix hugetlb_pmd_shared() (David Hildenbrand) [Orabug: 38931087] {CVE-2026-23100}
 - platform/x86: classmate-laptop: Add missing NULL pointer checks (Rafael J. Wysocki) [Orabug: 39044501] {CVE-2026-23237}
 - scsi: qla2xxx: Fix bsg_done() causing double free (Anil Gurumurthy) [Orabug: 39044457] {CVE-2025-71238}
 - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (Ali Tariq) [Orabug: 38997990] {CVE-2025-71234}
 - xfs: fix UAF in xchk_btree_check_block_owner (Darrick J. Wong) [Orabug: 38998028] {CVE-2026-23223}
 - scsi: qla2xxx: Free sp in error path to fix system crash (Anil Gurumurthy) [Orabug: 38997979] {CVE-2025-71232}
 - scsi: qla2xxx: Delay module unload while fabric scan in progress (Anil Gurumurthy) [Orabug: 38997992] {CVE-2025-71235}
 - scsi: qla2xxx: Validate sp before freeing associated memory (Anil Gurumurthy) [Orabug: 38997998] {CVE-2025-71236}
 - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (Bitterblue Smith) [Orabug: 38997972] {CVE-2025-71229}
 - crypto: virtio - Add spinlock protection with virtqueue notification (Bibo Mao) [Orabug: 38998052] {CVE-2026-23229}
 - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (Thorsten Blum) [Orabug:
 38997976] {CVE-2025-71231}
 - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (Henrique Carvalho) [Orabug:
 38998059] {CVE-2026-23230}
 - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (Breno Leitao) [Orabug: 38970593] {CVE-2026-23202}
 - ASoC: amd: fix memory leak in acp3x pdm dma ops (Chris Bainbridge) [Orabug: 38970441] {CVE-2026-23190}
 - ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF (Shigeru Yoshida) [Orabug: 38970598] {CVE-2026-23200}
 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (Andrew Fasano) [Orabug:
 38970170] {CVE-2026-23111}
 - net: usb: r8152: fix resume reset deadlock (Sergey Senozhatsky) [Orabug: 38970438] {CVE-2026-23188}
 - macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970508] {CVE-2026-23209}
 - net/sched: cls_u32: use skb_header_pointer_careful() (Eric Dumazet) [Orabug: 38970487] {CVE-2026-23204}
 - smb/client: fix memory leak in smb2_open_file() (Chenxiaosong) [Orabug: 38970578] {CVE-2026-23205}
 - btrfs: reject new transactions if the fs is fully read-only (Qu Wenruo) [Orabug: 38985156] {CVE-2026-23214}
 - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug:
 38985169] {CVE-2026-23216}
 - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug:
 38970453] {CVE-2026-23193}
 - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (Hannes Reinecke) [Orabug: 38970416] {CVE-2026-23179}
 - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (Perry Yuan) [Orabug: 38985149] {CVE-2026-23213}
 - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (Kwok Kin Ming) [Orabug: 38970413] {CVE-2026-23178}
 - md: suspend array while updating raid_disks via sysfs (Danny Shih) [Orabug: 38985108] {CVE-2025-71225}
 - wifi: wlcore: ensure skb headroom before skb_push (Peter Astrand) [Orabug: 38970152] {CVE-2025-71222}
 - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (Moon Hee Lee) [Orabug: 38970163] {CVE-2025-71224}
 - procfs: avoid fetching build ID while holding VMA lock (Andrii Nakryiko) [Orabug: 38970476] {CVE-2026-23199}
 - mm, shmem: prevent infinite loop on truncate race (Kairui Song) [Orabug: 38970409] {CVE-2026-23177}
 - ceph: fix oops due to invalid pointer for kfree() in parse_longname() (Daniel Vogelbacher) [Orabug:
 38970590] {CVE-2026-23201}
 - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (Viacheslav Dubeyko) [Orabug: 38970595] {CVE-2026-23189}
 - mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single (Hao Ge) [Orabug: 38985192] {CVE-2026-23219}
 - ALSA: aloop: Fix racy access at PCM trigger (Takashi Iwai) [Orabug: 38970445] {CVE-2026-23191}
 - x86/vmware: Fix hypercall clobbers (Josh Poimboeuf) [Orabug: 38985163] {CVE-2026-23215}
 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (Yunje Shin) [Orabug: 38970176] {CVE-2026-23112}
 - perf: sched: Fix perf crash with new is_user_task() helper (Steven Rostedt) [Orabug: 38970581] {CVE-2026-23159}
 - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (Kang Yang) [Orabug: 37844126] {CVE-2024-58096}
 - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (Jon Doron) [Orabug:
 38970348] {CVE-2026-23163}
 - net: fix segmentation of forwarding fraglist GRO (Jibin Zhang) [Orabug: 38970318] {CVE-2026-23154}
 - mm/shmem, swap: fix race of truncate and swap entry split (Kairui Song) [Orabug: 38970345] {CVE-2026-23161}
 - flex_proportions: make fprop_new_period() hardirq safe (Jan Kara) [Orabug: 38970373] {CVE-2026-23168}
 - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (Ming Lei) [Orabug: 38970608] {CVE-2026-23148}
 - efivarfs: fix error propagation in efivar_entry_get() (Kohei Enju) [Orabug: 38970325] {CVE-2026-23156}
 - net/mlx5e: TC, delete flows only for existing peers (Mark Bloch) [Orabug: 38970397] {CVE-2026-23173}
 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (Aaron Ma) [Orabug: 38970364] {CVE-2026-23166}
 - rocker: fix memory leak in rocker_world_port_post_fini() (Kery Qi) [Orabug: 38970351] {CVE-2026-23164}
 - bonding: annotate data-races around slave->last_rx (Eric Dumazet) [Orabug: 38985142] {CVE-2026-23212}
 - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (Jianpeng Chang) [Orabug: 38970587] {CVE-2026-23151}
 - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (Jia-Hong Su) [Orabug: 38970604] {CVE-2026-23146}
 - wifi: ath11k: fix RCU stall while reaping monitor destination ring (P Praneesh) [Orabug: 37844129] {CVE-2024-58097}
 - btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (Boris Burkov) [Orabug: 38798802] {CVE-2025-68358}
 - sched_ext: Fix possible deadlock in the deferred_irq_workfn() (Zqiang) [Orabug: 38792605] {CVE-2025-68333}
 - exfat: fix refcount leak in exfat_find (Shuhao Fu) [Orabug: 38798780] {CVE-2025-68351}
 - bpf: Do not let BPF test infra emit invalid GSO types to stack (Daniel Borkmann) [Orabug: 38798881] {CVE-2025-68725}
 - migrate: correct lock ordering for hugetlb file folios (Matthew Wilcox) [Orabug: 38931066] {CVE-2026-23097}
 - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38931120] {CVE-2026-23108}
 - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug:
 38930881] {CVE-2026-23061}
 - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38930859] {CVE-2026-23058}
 - irqchip/gic-v3-its: Avoid truncating memory addresses (Arnd Bergmann) [Orabug: 38931001] {CVE-2026-23085}
 - intel_th: fix device leak on output open() (Johan Hovold) [Orabug: 38931040] {CVE-2026-23091}
 - tracing: Fix crash on synthetic stacktrace field usage (Steven Rostedt) [Orabug: 38931024] {CVE-2026-23088}
 - arm64: Set __nocfi on swsusp_arch_resume() (Zhaoyang Huang) [Orabug: 38970241] {CVE-2026-23128}
 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (Mark Rutland) [Orabug: 38931118] {CVE-2026-23107}
 - wifi: rsi: Fix memory corruption due to not set vif driver data size (Marek Vasut) [Orabug: 38930939] {CVE-2026-23073}
 - wifi: ath10k: fix dma_free_coherent() pointer (Thomas Fourier) [Orabug: 38970253] {CVE-2026-23133}
 - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (Berk Cem Goksel) [Orabug: 38931029] {CVE-2026-23089}
 - ALSA: scarlett2: Fix buffer overflow in config retrieval (Samasth Norway Ananda) [Orabug: 38930973] {CVE-2026-23078}
 - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (Takashi Iwai) [Orabug: 38930966] {CVE-2026-23076}
 - leds: led-class: Only Add LED to leds_list when it is fully ready (Hans de Goede) [Orabug: 38931091] {CVE-2026-23101}
 - dpll: Prevent duplicate registrations (Ivan Vecera) [Orabug: 38970244] {CVE-2026-23129}
 - vsock/virtio: cap TX credit to local buffer size (Melbin K Mathew) [Orabug: 38931008] {CVE-2026-23086}
 - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (Melbin K Mathew) [Orabug:
 38930919] {CVE-2026-23069}
 - bonding: provide a net pointer to __skb_flow_dissect() (Eric Dumazet) [Orabug: 38970199] {CVE-2026-23119}
 - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (Andrey Vatoropin) [Orabug: 38930992] {CVE-2026-23084}
 - ipv6: annotate data-race in ndisc_router_discovery() (Eric Dumazet) [Orabug: 38970222] {CVE-2026-23124}
 - netdevsim: fix a race issue related to the operation on bpf_bound_progs list (Yun Lu) [Orabug: 38970233] {CVE-2026-23126}
 - scsi: qla2xxx: Sanitize payload size to prevent member overflow (Jiasheng Jiang) [Orabug: 38930867] {CVE-2026-23059}
 - scsi: core: Wake up the error handler when final completions race against each other (David Jeffery) [Orabug: 38931132] {CVE-2026-23110}
 - regmap: Fix race condition in hwspinlock irqsave routine (Cheng-Yu Lee) [Orabug: 38930930] {CVE-2026-23071}
 - interconnect: debugfs: initialize src_node and dst_node to empty strings (Georgi Djakov) [Orabug:
 38970218] {CVE-2026-23123}
 - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (Jens Axboe) [Orabug: 38970181] {CVE-2026-23113}
 - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (Mario Limonciello) [Orabug:
 38930890] {CVE-2026-23062}
 - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (Mario Limonciello) [Orabug:
 38970247] {CVE-2026-23131}
 - scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() (Abdun Nihaal) [Orabug: 38931014] {CVE-2026-23087}
 - w1: therm: Fix off-by-one buffer overflow in alarms_store (Thorsten Blum) [Orabug: 38930796] {CVE-2025-71197}
 - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Taeyang Lee) [Orabug:
 38930874] {CVE-2026-23060}
 - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (Jamal Hadi Salim) [Orabug: 38931110] {CVE-2026-23105}
 - net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930948] {CVE-2026-23074}
 - ipvlan: Make the addrs_lock be per port (Dmitry Skorodumov) [Orabug: 38931102] {CVE-2026-23103}
 - l2tp: avoid one data-race in l2tp_tunnel_del_work() (Eric Dumazet) [Orabug: 38970202] {CVE-2026-23120}
 - gue: Fix skb memleak with inner IP protocol 0. (Kuniyuki Iwashima) [Orabug: 38931057] {CVE-2026-23095}
 - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (Xin Long) [Orabug: 38970225] {CVE-2026-23125}
 - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (Marc Kleine-Budde) [Orabug: 38931184] {CVE-2026-23082}
 - l2tp: Fix memleak in l2tp_udp_encap_recv(). (Kuniyuki Iwashima) [Orabug: 38930935] {CVE-2026-23072}
 - bonding: limit BOND_MODE_8023AD to Ethernet devices (Eric Dumazet) [Orabug: 38931079] {CVE-2026-23099}
 - vsock/virtio: Coalesce only linear skb (Michal Luczaj) [Orabug: 38930857] {CVE-2026-23057}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-50160.html

Plugin Details

Severity: Critical

ID: 303468

File Name: oraclelinux_ELSA-2026-50160.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/24/2026

Updated: 3/24/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23112

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek64k-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-core, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek64k-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-core, p-cpe:/a:oracle:linux:kernel-uek64k, p-cpe:/a:oracle:linux:kernel-uek64k-modules, p-cpe:/a:oracle:linux:kernel-uek64k-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-modules-deprecated, p-cpe:/a:oracle:linux:kernel-uek-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek64k-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-modules-extra-netfilter, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek-debug-modules, cpe:/o:oracle:linux:10, p-cpe:/a:oracle:linux:kernel-uek64k-devel, p-cpe:/a:oracle:linux:kernel-uek-modules-desktop, p-cpe:/a:oracle:linux:kernel-uek64k-modules-wireless, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-usb, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek64k-core, p-cpe:/a:oracle:linux:kernel-uek64k-modules-core, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-deprecated

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 3/20/2026

Vulnerability Publication Date: 2/27/2025

Reference Information

CVE: CVE-2024-58096, CVE-2024-58097, CVE-2025-21717, CVE-2025-21882, CVE-2025-37929, CVE-2025-38431, CVE-2025-39832, CVE-2025-40082, CVE-2025-68333, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365, CVE-2025-68725, CVE-2025-68737, CVE-2025-68749, CVE-2025-68823, CVE-2025-71197, CVE-2025-71200, CVE-2025-71203, CVE-2025-71204, CVE-2025-71220, CVE-2025-71222, CVE-2025-71223, CVE-2025-71224, CVE-2025-71225, CVE-2025-71229, CVE-2025-71231, CVE-2025-71232, CVE-2025-71233, CVE-2025-71234, CVE-2025-71235, CVE-2025-71236, CVE-2025-71237, CVE-2025-71238, CVE-2026-23056, CVE-2026-23057, CVE-2026-23058, CVE-2026-23059, CVE-2026-23060, CVE-2026-23061, CVE-2026-23062, CVE-2026-23063, CVE-2026-23069, CVE-2026-23070, CVE-2026-23071, CVE-2026-23072, CVE-2026-23073, CVE-2026-23074, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23082, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087, CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23100, CVE-2026-23101, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107, CVE-2026-23108, CVE-2026-23110, CVE-2026-23111, CVE-2026-23112, CVE-2026-23113, CVE-2026-23116, CVE-2026-23118, CVE-2026-23119, CVE-2026-23120, CVE-2026-23123, CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128, CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135, CVE-2026-23146, CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23154, CVE-2026-23155, CVE-2026-23156, CVE-2026-23158, CVE-2026-23159, CVE-2026-23160, CVE-2026-23161, CVE-2026-23163, CVE-2026-23164, CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23169, CVE-2026-23170, CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23177, CVE-2026-23178, CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187, CVE-2026-23188, CVE-2026-23189, CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198, CVE-2026-23199, CVE-2026-23200, CVE-2026-23201, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205, CVE-2026-23206, CVE-2026-23209, CVE-2026-23212, CVE-2026-23213, CVE-2026-23214, CVE-2026-23215, CVE-2026-23216, CVE-2026-23219, CVE-2026-23220, CVE-2026-23221, CVE-2026-23222, CVE-2026-23223, CVE-2026-23224, CVE-2026-23228, CVE-2026-23229, CVE-2026-23230, CVE-2026-23233, CVE-2026-23234, CVE-2026-23235, CVE-2026-23236, CVE-2026-23237