The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20018 advisory.

    [5.15.0-304.171.4]
    - Revert 'unicode: Don't special case ignorable code points' (Linus Torvalds)
    - Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (Aurelien Jarno)
    - tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Kuniyuki Iwashima)
    - lib/buildid: Fix build ID parsing logic (Jiri Olsa)
    - powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
    - mm: krealloc: Fix MTE false alarm in __do_krealloc (Qun-Wei Lin)
    - Revert 'ALSA: hda/conexant: Mute speakers at suspend / shutdown' (Jaroslaw Janik)
    - usb: dwc3: fix fault at system suspend if device was already runtime suspended (Roger Quadros)
    - ACPI: PRM: Clean up guid type in struct prm_handler_info (Dan Carpenter)
    - RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (Junxian Huang)
    - mm: revert 'mm: shmem: fix data-race in shmem_getattr()' (Andrew Morton)
    - ACPI: CPPC: Fix _CPC register setting issue (Lifeng Zheng)
    - scsi: qla2xxx: Fix abort in bsg timeout (Quinn Tran)
    - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (Antonio Quartulli)
    - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
    - vhost_scsi: log write descriptors (Dongli Zhang)  [Orabug: 37393531]
    - vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang)  [Orabug: 37393531]

    [5.15.0-304.171.3]
    - build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock)  [Orabug: 37381702]
    - mtd: fix use-after-free in mtd release (Alexander Usyskin)  [Orabug: 37371929]
    - mtd: Clean refcounting with MTD_PARTITIONED_MASTER (Miquel Raynal)  [Orabug: 37371929]
    - mtd: call external _get and _put in right order (Alexander Usyskin)  [Orabug: 37371929]
    - nvmem: core: Check input parameter for NULL in nvmem_unregister() (Andy Shevchenko)  [Orabug: 37371929]
    - Revert 'ocfs2: fix the la space leak when unmounting an ocfs2 volume' (Sherry Yang)  [Orabug: 37364544]
    - x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna)  [Orabug: 37361290]
    - x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna)  [Orabug: 37361290]
    - cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Vishal Verma)  [Orabug: 37347419]
    - mm/memcontrol: Fix memcg stat calculation (Aruna Ramakrishna)  [Orabug: 37306542]

    [5.15.0-304.171.2]
    - uek-rpm: Add mstflint_access module to the core list (Thomas Tai)  [Orabug: 37345530]
    - uek-rpm/ol8/config-aarch64-emb3: Enable CONFIG_ARM_SDE_INTERFACE (Thomas Tai)  [Orabug: 37345530]
    - sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay)  [Orabug:
    37329531]
    - Partial revert 'rds: Add inc/frag cache statistics' (Hans Westgaard Ry)  [Orabug: 37232315]

    [5.15.0-304.171.1]
    - kpcimgr: assign CPU to handle PCIE transactions during kexec (Joe Dobosenski)  [Orabug: 37295980]
    - kexec: update start address for LPI table data (Joe Dobosenski)  [Orabug: 37295980]
    - kpcimgr: fix flush_icache_range arguments (Joe Dobosenski)  [Orabug: 37295980]
    - embedded2: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Joe Dobosenski)  [Orabug: 37295980]
    - embedded2: Support booting an encrypted root filesystem (Joe Dobosenski)  [Orabug: 37295980]
    - Update embedded2 config for UEK7 (Joe Dobosenski)  [Orabug: 37295980]
    - Pensando: kernel config changes for kdump (Rob Gardner)  [Orabug: 34091165] [Orabug: 37295980]
    - arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Joe Dobosenski)  [Orabug:
    37295980]
    - arm64: kexec: add support for kexec with spin-table (Henry Willard)  [Orabug: 32549965] [Orabug:
    37295980]
    - drivers/soc/pensando/cap_mem.c: Support DM region mapping. (David Clear)  [Orabug: 37295980]
    - drivers/edac: elba: Support multiple DDR bypass ranges. (David Clear)  [Orabug: 37295980]
    - mmc: sdhci-cadence: Enable host driver defined bounce buffer (Brad Larson)  [Orabug: 37295980]
    - Fix NULL pointer dereference in cn_filter() (Anjali Kulkarni)  [Orabug: 37280567]
    - selftests: connector: Fix input argument error paths to skip (Shuah Khan)  [Orabug: 37280567]
    - connector/cn_proc: Selftest for proc connector (Anjali Kulkarni)  [Orabug: 37280567]
    - connector/cn_proc: Allow non-root users access (Anjali Kulkarni)  [Orabug: 37280567]
    - connector/cn_proc: Performance improvements (Anjali Kulkarni)  [Orabug: 37280567]
    - connector/cn_proc: Add filtering to fix some bugs (Anjali Kulkarni)  [Orabug: 37280567]
    - netlink: Add new netlink_release function (Anjali Kulkarni)  [Orabug: 37280567]
    - ice: Add netif_device_attach/detach into PF reset flow (Dawid Osuchowski)  [Orabug: 37214589]     {CVE-2024-46770}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20018)

high Nessus Plugin ID 213998

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Jan 16, 2025, 9:44 AM CVSS metrics ("CVSSv2 score" set to 6.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2024-53226" to "CVE-2024-53206") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Plugin Feed: 202501160944
Version 1.2 Jan 13, 2025, 10:27 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501132227
Version 1.1 Jan 13, 2025, 2:37 PM New Plugin Feed: 202501131437