The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12842 advisory.

    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis)  [Orabug:
    35814273]  {CVE-2023-4206}
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela)  [Orabug: 35636291]     {CVE-2023-3611}
    - rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge)  [Orabug: 35741584]     [Orabug: 35818110]  {CVE-2023-22024}
    - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma)  [Orabug: 35754509]  {CVE-2023-3772}
    - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu)  [Orabug:
    35732892]  {CVE-2023-4459}
    - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu)  [Orabug:
    35732764]  {CVE-2023-4387}
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan)  [Orabug:
    35636313]  {CVE-2023-3776}
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo)  [Orabug:
    35609787]  {CVE-2023-35001}
    - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li)  [Orabug: 35382025]  {CVE-2023-2513}
    - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li)  [Orabug: 35382025]  {CVE-2023-2513}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12842)

critical Nessus Plugin ID 182443

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Oct 23, 2024, 7:37 AM CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:A") Plugin Feed: 202410230737
Version 1.4 Oct 22, 2024, 6:42 PM CVSS metrics ("Cvssv4 score" set to 9.3) CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H") Plugin metadata Plugin Feed: 202410221842
Version 1.3 Dec 15, 2023, 2:39 PM CVSSv3 score source (changed from "CVE-2023-3776" to "CVE-2023-4206") Plugin Feed: 202312151439
Version 1.2 Oct 23, 2023, 4:39 PM CVSSv3 score source (set to "CVE-2023-3776") Plugin Feed: 202310231639
Version 1.1 Oct 4, 2023, 4:16 PM Exploit attributes ("Exploit framework core" set to "True". "Exploit framework metasploit" set to "True". "Exploited by malware" set to "True") Plugin Feed: 202310041616
Version 1.0 Oct 3, 2023, 10:53 PM New Plugin Feed: 202310032253