The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9830 advisory.

    - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo)     [Orabug: 34495548]  {CVE-2022-2585}
    - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo)     [Orabug: 34495566]  {CVE-2022-2586}
    - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo)     [Orabug: 34495566]  {CVE-2022-2586}
    - netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo)     [Orabug: 34495566]  {CVE-2022-2586}
    - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry)  [Orabug: 34510687]     {CVE-2022-21385}
    - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie)  [Orabug: 34419970]  {CVE-2022-21546}
    - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo)  [Orabug:
    34484536]  {CVE-2022-2588}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9830)

high Nessus Plugin ID 165296

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.6 Oct 22, 2024, 6:42 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410221842
Version 1.5 Jun 26, 2024, 11:05 PM CISA reference Plugin Feed: 202406262305
Version 1.4 Jan 12, 2023, 6:19 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202301121819
Version 1.3 Sep 29, 2022, 12:06 AM Exploit attributes Plugin Feed: 202209290006