The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9274 advisory.

    - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo       Bonzini)  [Orabug: 34053807]  {CVE-2022-1158}
    - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso)  [Orabug: 34035701]     {CVE-2022-1016}
    - sr9700: sanity check for packet length (Brian Maly)  [Orabug: 33962705]  {CVE-2022-26966}
    - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn)  [Orabug: 33835787]  {CVE-2021-22600}
    - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust)  [Orabug: 33958154]     {CVE-2022-24448}
    - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause)  [Orabug: 33840432]     {CVE-2022-22942}
    - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara)  [Orabug: 33870266]  {CVE-2022-0617}
    - udf: Fix NULL ptr deref when converting from inline format (Jan Kara)  [Orabug: 33870266]     {CVE-2022-0617}
    - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet)  [Orabug: 33917056]  {CVE-2020-36516}
    - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet)  [Orabug: 33917056]     {CVE-2020-36516}
    - arm64: Use the clearbhb instruction in mitigations (James Morse)  [Orabug: 33921736]  {CVE-2022-23960}
    - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly)  [Orabug: 33921736]  {CVE-2022-23960}
    - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse)  [Orabug:
    33921736]  {CVE-2022-23960}
    - arm64: Mitigate spectre style branch history side channels (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - KVM: arm64: Add templates for BHB mitigation sequences (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual)  [Orabug: 33921736]  {CVE-2022-23960}
    - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: Add part number for Arm Cortex-A77 (Rob Herring)  [Orabug: 33921736]  {CVE-2022-23960}
    - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse)  [Orabug:
    33921736]  {CVE-2022-23960}
    - arm64: Add percpu vectors for EL1 (James Morse)  [Orabug: 33921736]  {CVE-2022-23960}
    - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse)  [Orabug:
    33921736]  {CVE-2022-23960}
    - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse)  [Orabug:
    33921736]  {CVE-2022-23960}
    - arm64: entry: Move the trampoline data page before the text page (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse)  [Orabug: 33921736]     {CVE-2022-23960}
    - arm64: entry: Make the trampoline cleanup optional (James Morse)  [Orabug: 33921736]  {CVE-2022-23960}
    - arm64: entry.S: Add ventry overflow sanity checks (James Morse)  [Orabug: 33921736]  {CVE-2022-23960}
    - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King)  [Orabug: 33921736]     {CVE-2022-23960}
    - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King)  [Orabug:
    33921736]  {CVE-2022-23960}
    - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King)  [Orabug: 33921736]     {CVE-2022-23960}
    - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King)  [Orabug:
    33921736]  {CVE-2022-23960}
    - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.'     (Russell King)  [Orabug: 33921736]  {CVE-2022-23960}
    - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King)  [Orabug:
    33921736]  {CVE-2022-23960}
    - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King)  [Orabug: 33921736]     {CVE-2022-23960}
    - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King)  [Orabug: 33921736]     {CVE-2022-23960}
    - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King)  [Orabug: 33921736]  {CVE-2022-23960}
    - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King)  [Orabug: 33921736]     {CVE-2022-23960}
    - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp)  [Orabug: 33941936]     {CVE-2021-26401}
    - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp)     [Orabug: 33941936]  {CVE-2021-26401}
    - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips)  [Orabug: 33941936]     {CVE-2021-26401}
    - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips)  [Orabug: 33941936]     {CVE-2021-26401}
    - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf)     [Orabug: 33941936]  {CVE-2021-26401}
    - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra)  [Orabug: 33941936]  {CVE-2021-26401}
    - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra)  [Orabug: 33941936]  {CVE-2021-26401}
    - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel))  [Orabug: 33941936]     {CVE-2021-26401}
    - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov)  [Orabug:
    33941936]  {CVE-2021-26401}
    - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp)  [Orabug: 33941936]     {CVE-2021-26401}
    - x86/speculation: Fix bug in retpoline mode on AMD with  (Patrick Colp)  [Orabug: 33941936]     {CVE-2021-26401}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9274)

high Nessus Plugin ID 159644

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.8 Oct 22, 2024, 6:42 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410221842
Version 1.7 Dec 13, 2023, 4:19 PM CVSSv3 score source (changed from "CVE-2022-1158" to "CVE-2022-22942") Plugin Feed: 202312131619
Version 1.6 Nov 2, 2023, 2:21 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202311021421
Version 1.5 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311
Version 1.4 Feb 1, 2023, 2:09 PM Exploit attributes ("Exploit framework metasploit" set to "True") CVSSv3 score source (set to "CVE-2022-1158") Plugin Feed: 202302011409