The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12207 advisory.

    - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005829]     {CVE-2023-0394}
    - net: sched: disallow noqueue for qdisc classes (Frederick Lawler) [Orabug: 35005792] {CVE-2022-47929}
    - net: sched: cbq: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983584]     {CVE-2023-23454}
    - net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983614]     {CVE-2023-23455}
    - media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820629]     {CVE-2022-41218}
    - media: dvbdev: fix refcnt bug (Lin Ma) [Orabug: 34983295] {CVE-2022-45885} {CVE-2022-45887}     {CVE-2022-45886} {CVE-2022-45919} {CVE-2022-45884}
    - media: dvbdev: adopts refcnt to avoid UAF (Lin Ma) [Orabug: 34983295] {CVE-2022-45887} {CVE-2022-45884}     {CVE-2022-45886} {CVE-2022-45919} {CVE-2022-45885}
    - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Zheyu Ma) [Orabug: 34555527] {CVE-2022-2873}
    - Bluetooth: L2CAP: Fix u8 overflow (Sungwoo Kim) [Orabug: 34880795] {CVE-2022-45934}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12207)

high Nessus Plugin ID 173057

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Oct 22, 2024, 9:14 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202410222114
Version 1.1 Apr 21, 2023, 2:04 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202304211404
Version 1.0 Mar 21, 2023, 10:07 PM New Plugin Feed: 202303212207