The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3651 advisory.

    - mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov)     [Orabug: 27200879]  {CVE-2017-1000405}
    - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh)  [Orabug: 27069038]     {CVE-2017-12190}
    - more bio_map_user_iov() leak fixes (Al Viro)  [Orabug: 27069038]  {CVE-2017-12190}
    - packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn)  [Orabug: 27069065]     {CVE-2017-15649}
    - packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn)  [Orabug: 27069065]     {CVE-2017-15649}
    - net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena)  [Orabug: 27069065]     {CVE-2017-15649}
    - packet: fix races in fanout_add() (Eric Dumazet)  [Orabug: 27069065]  {CVE-2017-15649}
    - refcount_t: Introduce a special purpose refcount type (Peter Zijlstra)  [Orabug: 27069065]     {CVE-2017-15649}
    - locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon)     [Orabug: 27069065]  {CVE-2017-15649}
    - net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork)  [Orabug: 27215225]  {CVE-2017-16650}
    - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai)  [Orabug: 27148276]  {CVE-2017-16527}
    - selinux: fix off-by-one in setprocattr (Stephen Smalley)  [Orabug: 27001717]  {CVE-2017-2618}     {CVE-2017-2618} {CVE-2017-2618}
    - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming)  [Orabug: 27036903]     {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}
    - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers)  [Orabug: 27050248]  {CVE-2017-12192}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3651)

high Nessus Plugin ID 105143

Version 3.16