The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5866 advisory.

    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) (Jann Horn)  [Orabug: 29434845]     {CVE-2019-6974}
    - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) (Peter Shier)     [Orabug: 29434898]  {CVE-2019-7221}
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) (Paolo Bonzini)  [Orabug:
    29434924]  {CVE-2019-7222}
    - net: arc_emac: fix koops caused by sk_buff free (Alexander Kochetkov)  [Orabug: 30254239]     {CVE-2016-10906}
    - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson)  [Orabug: 30254251]     {CVE-2016-10905}
    - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson)  [Orabug: 30254251]     {CVE-2016-10905}
    - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca)  [Orabug: 31872821]     {CVE-2020-1749}
    - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell)  [Orabug: 31872910]     {CVE-2020-25212}
    - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov)  [Orabug: 31884169]     {CVE-2020-25284}
    - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song)  [Orabug: 31884239]     {CVE-2020-25285}
    - ext4: fix potential negative array index in do_split() (Eric Sandeen)  [Orabug: 31895331]     {CVE-2020-14314}
    - ARM: amba: Fix race condition with driver_override (Geert Uytterhoeven)  [Orabug: 29671212]     {CVE-2018-9415}
    - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (xiao jin)  [Orabug: 30120513]     {CVE-2018-20856}
    - USB: serial: omninet: fix reference leaks at open (Johan Hovold)  [Orabug: 30484761]  {CVE-2017-8925}
    - nl80211: validate beacon head (Johannes Berg)  [Orabug: 30556264]  {CVE-2019-16746}
    - cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen)  [Orabug: 30556264]     {CVE-2019-16746}
    - cfg80211: add and use strongly typed element iteration macros (Johannes Berg)  [Orabug: 30556264]     {CVE-2019-16746}
    - cfg80211: add helper to find an IE that matches a byte-array (Luca Coelho)  [Orabug: 30556264]     {CVE-2019-16746}
    - cfg80211: allow finding vendor with OUI without specifying the OUI type (Emmanuel Grumbach)  [Orabug:
    30556264]  {CVE-2019-16746}
    - dccp: Fix memleak in __feat_register_sp (YueHaibing)  [Orabug: 30732821]  {CVE-2019-20096}
    - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing)  [Orabug: 30732938]  {CVE-2019-20054}
    - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing)  [Orabug: 30732938]     {CVE-2019-20054}
    - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan)  [Orabug: 30770913]     {CVE-2019-19965}
    - kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon)  [Orabug: 31350720]     {CVE-2019-14898}
    - sysctl: handle overflow for file-max (Christian Brauner)  [Orabug: 31350720]  {CVE-2019-14898}
    - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost)  [Orabug: 31351572]  {CVE-2019-19073}
    - can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost)  [Orabug: 31351682]  {CVE-2019-19052}
    - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (Takashi Iwai)  [Orabug:
    31351837]  {CVE-2019-15927}
    - media: usb: siano: Fix general protection fault in smsusb (Alan Stern)  [Orabug: 31351875]     {CVE-2019-15218}
    - net-gro: fix use-after-free read in napi_gro_frags() (Eric Dumazet)  [Orabug: 31856195]     {CVE-2020-10720}
    - ALSA: seq: Cancel pending autoload work at unbinding device (Takashi Iwai)  [Orabug: 31352045]     {CVE-2017-16528}
    - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold)  [Orabug: 31352084]     {CVE-2017-8924}
    - blktrace: Protect q->blk_trace with RCU (Jan Kara)  [Orabug: 31123576]  {CVE-2019-19768}
    - media: technisat-usb2: break out of loop at end of buffer (Sean Young)  [Orabug: 31224554]     {CVE-2019-15505}
    - btrfs: merge btrfs_find_device and find_device (Anand Jain)  [Orabug: 31351746]  {CVE-2019-18885}
    - RDMA/cxgb4: Do not dma memory off of the stack (Greg KH)  [Orabug: 31351783]  {CVE-2019-17075}
    - mwifiex: Abort at too short BSS descriptor element (Takashi Iwai)  [Orabug: 31351916]  {CVE-2019-3846}
    - mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai)  [Orabug: 31351916]     {CVE-2019-3846} {CVE-2019-3846}
    - repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval)  [Orabug:
    31351941]  {CVE-2019-11487}
    - mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds)  [Orabug: 31351941]     {CVE-2019-11487}
    - mm: add 'try_get_page()' helper function (Linus Torvalds)  [Orabug: 31351941]  {CVE-2019-11487}
    - fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox)  [Orabug: 31351941]     {CVE-2019-11487}
    - mm: make page ref count overflow check tighter and more explicit (Linus Torvalds)  [Orabug: 31351941]     {CVE-2019-11487}
    - sctp: implement memory accounting on tx path (Xin Long)  [Orabug: 31351960]  {CVE-2019-3874}
    - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin)  [Orabug: 31351995]  {CVE-2018-16884}
    - sunrpc: use-after-free in svc_process_common() (Vasily Averin)  [Orabug: 31351995]  {CVE-2018-16884}
    - af_packet: set defaule value for tmo (Mao Wenan)  [Orabug: 31439107]  {CVE-2019-20812}
    - selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore)  [Orabug: 31439369]     {CVE-2020-10751}
    - selinux: Print 'sclass' as string when unrecognized netlink message occurs (Marek Milkovic)  [Orabug:
    31439369]  {CVE-2020-10751}
    - mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen)  [Orabug: 31473652]     {CVE-2019-5108}
    - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky)  [Orabug: 31473652]     {CVE-2019-5108}
    - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers)  [Orabug: 31535529]     {CVE-2020-10769}
    - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang)  [Orabug: 31705121]     {CVE-2020-14331} {CVE-2020-14331}
    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli)  [Orabug: 31351221]     {CVE-2019-19535}
    - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav)  [Orabug: 31352053]     {CVE-2017-16644}
    - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval)  [Orabug: 31351904]     {CVE-2019-10638} {CVE-2019-10639}
    - netns: provide pure entropy for net_hash_mix() (Eric Dumazet)  [Orabug: 31351904]  {CVE-2019-10638}     {CVE-2019-10639}
    - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko)  [Orabug:
    31350639]  {CVE-2020-10732}
    - crypto: user - fix memory leak in crypto_report (Navid Emamdoost)  [Orabug: 31351640]  {CVE-2019-19062}
    - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost)  [Orabug: 31351702]     {CVE-2019-19049}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)

critical Nessus Plugin ID 141207

Version 1.6

Version 1.5

Version 1.6 Oct 23, 2024, 3:11 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410230311
Version 1.5 Feb 16, 2024, 7:23 PM CVSSv3 score source (set to "CVE-2019-16746") Plugin Feed: 202402161923