Detections
Analytics
Oracle Linux 8 : kernel (ELSA-2026-21706)
high Nessus Plugin ID 318320
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21706 advisory.- smb: client: validate the whole DACL before rewriting it in cifsacl (Paulo Alcantara) [RHEL-172815] {CVE-2026-31709}
- netfilter: xt_tcpmss: check remaining length before reading optlen (CKI Backport Bot) [RHEL-174212] {CVE-2026-43190}
- md/bitmap: fix GPF in write_page caused by resize race (CKI Backport Bot) [RHEL-174088] {CVE-2026-43163}
- xfs: fix freemap adjustments when adding xattrs to leaf blocks (CKI Backport Bot) [RHEL-174045] {CVE-2026-43158}
- xfs: delete attr leaf freemap entries when empty (CKI Backport Bot) [RHEL-174045] {CVE-2026-43158}
- can: raw: fix ro->uniq use-after-free in raw_rcv() (Davide Caratti) [RHEL-170753] {CVE-2026-31532}
- can: af_can: export can_sock_destruct() (Davide Caratti) [RHEL-170753] {CVE-2026-31532}
- HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CKI Backport Bot) [RHEL-172734] {CVE-2026-43051}
- netfilter: nf_conntrack_helper: pass helper to expect cleanup (CKI Backport Bot) [RHEL-172614] {CVE-2026-43027}
- Bluetooth: MGMT: validate LTK enc_size on load (CKI Backport Bot) [RHEL-172566] {CVE-2026-43020}
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Init sk_peer_* on bt_sock_alloc (David Marlin) [RHEL-165057] {CVE-2026-31408}
- Bluetooth: Consolidate code around sk_alloc into a helper function (David Marlin) [RHEL-165057] {CVE-2026-31408}
- netfilter: ip6t_eui64: reject invalid MAC header for all packets (CKI Backport Bot) [RHEL-171149] {CVE-2026-31685}
- net: sched: act_csum: validate nested VLAN headers (CKI Backport Bot) [RHEL-171132] {CVE-2026-31684}
- ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (Bruno Meneguele) [RHEL-166886] {CVE-2025-68183}
- netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CKI Backport Bot) [RHEL-166981] {CVE-2026-23455}
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CKI Backport Bot) [RHEL-166960] {CVE-2025-68347}
- RDMA/umad: Reject negative data_len in ib_umad_write (Kamal Heib) [RHEL-156872] {CVE-2026-23243}
- Bluetooth: MGMT: Fix possible UAFs (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: fix set_local_name race condition (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: MGMT: Fix possible deadlocks (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: mgmt: remove NULL check in mgmt_set_connectable_complete() (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Refactor remove Adv Monitor (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: hci_sync: Refactor add Adv Monitor (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: msft: Clear tracked devices on resume (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: mgmt: Add MGMT Adv Monitor Device Found/Lost events (David Marlin) [RHEL-122890] {CVE-2025-39981}
- Bluetooth: msft: Handle MSFT Monitor Device Event (David Marlin) [RHEL-122890] {CVE-2025-39981}
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CKI Backport Bot) [RHEL-157322] {CVE-2026-23270}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 318320
File Name: oraclelinux_ELSA-2026-21706.nasl
Version: 1.1
Type: Local
Agent: unix
Published: 6/3/2026
Updated: 6/3/2026
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2026-43027
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-modules, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-abi-stablelists, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-debug-core, cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-modules-extra, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 5/28/2026
Vulnerability Publication Date: 10/15/2025
Reference Information
CVE: CVE-2025-39981, CVE-2025-68183, CVE-2025-68347, CVE-2025-71116, CVE-2026-23243, CVE-2026-23270, CVE-2026-23455, CVE-2026-31408, CVE-2026-31532, CVE-2026-31684, CVE-2026-31685, CVE-2026-31709, CVE-2026-43020, CVE-2026-43027, CVE-2026-43051, CVE-2026-43158, CVE-2026-43163, CVE-2026-43190