The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8267 advisory.

    - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116968]     {CVE-2022-2585}
    - fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116968] {CVE-2022-2585}
    - ath9k: htc: clean up statistics macros (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}
    - ath9k: hif_usb: simplify if-if to if-else (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}
    - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Jose Ignacio Tornos Martinez) [2084600]     {CVE-2022-1679}
    - x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115086] {CVE-2022-26373}
    - x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115086] {CVE-2022-26373}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 9 : kernel (ELSA-2022-8267)

high Nessus Plugin ID 168085

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.4

Version 1.3

Version 1.2

Version 1.10 Nov 2, 2024, 5:10 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202411020510
Version 1.9 Oct 23, 2024, 10:51 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202410232251
Version 1.8 Oct 23, 2024, 7:37 AM Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202410230737
Version 1.7 Oct 22, 2024, 9:14 PM CVE (set "CVE" coverage to "CVE-2020-36516,CVE-2021-3640,CVE-2022-0168,CVE-2022-0617,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1184,CVE-2022-1280,CVE-2022-1353,CVE-2022-1679,CVE-2022-1852,CVE-2022-1998,CVE-2022-2586,CVE-2022-2639,CVE-2022-20368,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-21499,CVE-2022-23816,CVE-2022-23825,CVE-2022-24448,CVE-2022-26373,CVE-2022-28390,CVE-2022-28893,CVE-2022-29581,CVE-2022-29900,CVE-2022-29901,CVE-2022-36946,CVE-2022-39190") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Exploit attributes ("Exploited by malware" changed from "True" to none) Plugin metadata Plugin Feed: 202410222114
Version 1.6 Jun 26, 2024, 11:05 PM CISA reference Plugin Feed: 202406262305
Version 1.5 Jan 16, 2024, 5:39 PM CVE (Removed rejected CVE) Plugin Feed: 202401161739
Version 1.4 Dec 13, 2022, 2:03 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202212131403
Version 1.4 Jan 16, 2024, 3:43 PM CVE (Removed rejected CVE) Plugin Feed: 202401161543
Version 1.3 Dec 5, 2022, 10:02 PM Reference Plugin Feed: 202212052202
Version 1.2 Nov 23, 2022, 1:55 AM New Plugin Feed: 202211230155