Detections
Analytics

Oracle Linux 9 : dracut (ELSA-2026-26533)

high Nessus Plugin ID 322994

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26533 advisory.

 [057-115.git20260527.0.1]
 - Skip the default FIPS logic on special UEK kernels where the FIPS module is linked directly into the kernel. [Orabug: 38705580]
 - Ship Oracle IMA certificate [Orabug: 35992862]
 - Ship 98-integrity.conf, populating initramfs with Oracle IMA certificate [Orabug: 35992862]
 - Include sys-fs-fuse-connections.mount if needed [Orabug: 35267570]
 - network-legacy: Revert some shellcheck that breaks parse_option_121 in dhclient [Orabug: 33778173]
 - Change installation dir in network legacy module-setup so that file is never missing [Orabug: 33516170]
 - Fix paths in squash module, so that correct modprobe is installed [Orabug: 33514517]
 - Install missing 68-del-part-node.rules [Orabug: 32827579]
 - Fix permission denied error while upgrading from OL8u2 to OL8u3 [Orabug 32160196]
 - dracut-shutdown.service should run before shutdown.target is invoked [Orabug: 29629738]
 - Update list of necessary files after squashfs execution [Orabug: 29864620]
 - Supress iscsidm error output during non-debug PV boot [Orabug: 29846195]
 - Stop block device service in case system is dropped to emergency shell [Orabug: 29851988]
 - Enable booting from block device if netroot=iscsi has failed [Orabug: 29478156]
 - Calculate relative path for kernel and initrd in 51-dracut-rescue.instal [Orabug: 29503293]
 - 40network scripts ifup and netlib updates for iSCSI [Orabug: 28502725]
 - Increase timeout when waiting for carrier detection on a network interface [Orabug: 24657828] ([email protected])
 - add hyperv-keyboard for Hyper-V Gen2 VM [Orabug: 19191303] (Vaughan Cao)

 [057-115.git20260527]
 - build: rebuild without an obsoleted patch

 [057-115.git20260514]
 - fix(network): warn on suspicious shell metacharacters in
 - fix(base): escape arguments in initqueue hook script Related: RHEL-170857

 [057-113.git20260502]
 - fix(network-legacy): replace echo writes with printf to
 - fix(iscsi): replace echo writes with printf to prevent
 - fix(base): replace eval with safe variable indirection in Resolves: RHEL-170857

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-26533.html

Plugin Details

Severity: High

ID: 322994

File Name: oraclelinux_ELSA-2026-26533.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/26/2026

Updated: 6/26/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, tenable_cloud_security, tenable_self_hosted_container_security, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-6893

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:dracut-config-rescue, p-cpe:/a:oracle:linux:dracut-network, p-cpe:/a:oracle:linux:dracut-live, p-cpe:/a:oracle:linux:dracut-squash, p-cpe:/a:oracle:linux:dracut-config-generic, p-cpe:/a:oracle:linux:dracut-caps, cpe:/o:oracle:linux:9:8:baseos_patch, p-cpe:/a:oracle:linux:dracut-tools, p-cpe:/a:oracle:linux:dracut, cpe:/o:oracle:linux:9

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 6/24/2026

Vulnerability Publication Date: 6/10/2026

Reference Information

CVE: CVE-2026-6893