The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5708 advisory.

    - Input: ff-memless - kill timer in destroy() (Oliver Neukum)  [Orabug: 31213691]  {CVE-2019-19524}
    - libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang)  [Orabug: 31351307]     {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897}
    - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook)  [Orabug: 31352068]  {CVE-2017-1000370}     {CVE-2017-1000371} {CVE-2017-1000370}
    - mdio_bus: Fix use-after-free on device_register fails (YueHaibing)  [Orabug: 31222292]  {CVE-2019-12819}
    - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold)  [Orabug: 31351061]  {CVE-2019-19528}
    - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum)  [Orabug: 31351061]  {CVE-2019-19528}
    - mremap: properly flush TLB before releasing the page (Linus Torvalds)  [Orabug: 31352011]     {CVE-2018-18281}
    - Input: add safety guards to input_set_keycode() (Dmitry Torokhov)  [Orabug: 31200558]  {CVE-2019-20636}
    - media: stv06xx: add missing descriptor sanity checks (Johan Hovold)  [Orabug: 31200579]     {CVE-2020-11609}
    - media: ov519: add missing endpoint sanity checks (Johan Hovold)  [Orabug: 31213758]  {CVE-2020-11608}
    - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold)  [Orabug: 31213767]     {CVE-2020-11668}
    - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost)  [Orabug: 31263147]     {CVE-2019-19057}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5708)

critical Nessus Plugin ID 137173

Version 1.7

Version 1.6

Version 1.7 Oct 23, 2024, 3:11 AM CVE (set "CVE" coverage to "CVE-2017-1000370,CVE-2018-18281,CVE-2019-12819,CVE-2019-14897,CVE-2019-19057,CVE-2019-19524,CVE-2019-19528,CVE-2019-19537,CVE-2019-20636,CVE-2020-11608,CVE-2020-11609,CVE-2020-11668") CVSS metrics ("CVSSv2 score" set to 7.5) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 score source (changed from "CVE-2019-14896" to "CVE-2019-14897") CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (changed from "CVE-2019-14897" to none) Detection (updated detection logic) Plugin metadata Plugin Feed: 202410230311
Version 1.6 Mar 7, 2024, 3:19 PM CVSSv3 score source (set to "CVE-2019-14897") Plugin Feed: 202403071519