偵測

Oracle Linux 9 ELSA-2025-20518-0: / kernel (ELSA-2025-205180)

high Nessus Plugin ID 276689

語言:

概要

遠端 Oracle Linux 主機缺少一個或多個安全性更新。

說明

遠端 Oracle Linux 9 主機中安裝的套件受到 ELSA-2025-205180 公告中提及的多個弱點影響。

 - io_uring/futex確保 io_futex_wait() 在失敗時正確清理 (CKI Backport Bot) [RHEL-114336] {CVE-2025-39698}
 - NFS修正 nfs_fh_to_dentry() 中的 filehandle 邊界檢查 (CKI Backport Bot) [RHEL-113611] {CVE-2025-39730}
 - eventpoll修正半無限制遞回 (CKI 反向移植機器人) [RHEL-111050] {CVE-2025-38614}
 - ALSA:hda/ca0132:修正 add_tuning_control 中的緩衝區溢位 (CKI Backport Bot) [RHEL-114850] {CVE-2025-39751}
 - wifiath12k處理 RX 對等片段設定錯誤時遞減 TID (CKI 反向移植機器人) [RHEL-114708] {CVE-2025-39761}
 - ALSA:usb-audio:也驗證 UAC3 power 網域描述符號 (Jaroslav Kysela) [RHEL-114691] {CVE-2025-38729}
 - ALSAusb-audio驗證 UAC3 叢集區段描述符號 (CKI Backport Bot) [RHEL-114691] {CVE-2025-39757}
 - selfteststls新增零長度記錄的測試 (Sabrina Dubroca) [RHEL-114324] {CVE-2025-39682}
 - tls修正 rx_list 上零長度記錄的處理 (Sabrina Dubroca) [RHEL-114324] {CVE-2025-39682}

Tenable 已直接從 Oracle Linux 安全公告擷取前置描述區塊。

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://linux.oracle.com/errata/ELSA-2025-20518-0.html

Plugin 詳細資訊

嚴重性: High

ID: 276689

檔案名稱: oraclelinux_ELSA-2025-205180.nasl

版本: 1.1

類型: local

代理程式: unix

已發布: 2025/11/25

已更新: 2025/11/25

支援的感應器: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

風險資訊

VPR

風險因素: High

分數: 7.4

CVSS v2

風險因素: Medium

基本分數: 6.8

時間性分數: 5

媒介: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2025-38116

CVSS v3

風險因素: High

基本分數: 7.8

時間性分數: 6.8

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:oracle:linux:kernel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-core, p-cpe:/a:oracle:linux:kernel-debug-modules, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-modules-extra, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:kernel-abi-stablelists, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-debug-devel-matched, p-cpe:/a:oracle:linux:kernel-devel-matched, p-cpe:/a:oracle:linux:kernel-debug-modules-core, p-cpe:/a:oracle:linux:kernel-debug-uki-virt, p-cpe:/a:oracle:linux:kernel-modules-core, p-cpe:/a:oracle:linux:kernel-uki-virt, p-cpe:/a:oracle:linux:rtla, p-cpe:/a:oracle:linux:libperf, p-cpe:/a:oracle:linux:rv, p-cpe:/a:oracle:linux:kernel-uki-virt-addons, cpe:/o:oracle:linux:9:7:baseos_base

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2025/11/17

弱點發布日期: 2022/7/15

參考資訊

CVE: CVE-2022-48830, CVE-2022-49024, CVE-2022-49269, CVE-2022-49353, CVE-2022-49357, CVE-2022-49432, CVE-2022-49437, CVE-2022-49443, CVE-2022-49623, CVE-2022-49627, CVE-2022-49643, CVE-2022-49648, CVE-2022-49657, CVE-2022-49670, CVE-2022-49672, CVE-2022-49845, CVE-2024-36350, CVE-2024-36357, CVE-2024-46689, CVE-2024-46744, CVE-2024-47679, CVE-2024-47727, CVE-2024-49570, CVE-2024-49864, CVE-2024-50060, CVE-2024-50195, CVE-2024-50294, CVE-2024-52332, CVE-2024-53052, CVE-2024-53090, CVE-2024-53119, CVE-2024-53135, CVE-2024-53170, CVE-2024-53216, CVE-2024-53229, CVE-2024-53241, CVE-2024-53680, CVE-2024-54456, CVE-2024-56603, CVE-2024-56645, CVE-2024-56662, CVE-2024-56672, CVE-2024-56675, CVE-2024-56690, CVE-2024-56709, CVE-2024-56739, CVE-2024-57981, CVE-2024-57986, CVE-2024-57987, CVE-2024-57988, CVE-2024-57989, CVE-2024-57990, CVE-2024-57993, CVE-2024-57995, CVE-2024-57998, CVE-2024-58012, CVE-2024-58014, CVE-2024-58015, CVE-2024-58057, CVE-2024-58062, CVE-2024-58068, CVE-2024-58072, CVE-2024-58075, CVE-2024-58077, CVE-2024-58083, CVE-2024-58088, CVE-2025-21631, CVE-2025-21647, CVE-2025-21648, CVE-2025-21671, CVE-2025-21672, CVE-2025-21691, CVE-2025-21693, CVE-2025-21696, CVE-2025-21702, CVE-2025-21714, CVE-2025-21726, CVE-2025-21728, CVE-2025-21729, CVE-2025-21738, CVE-2025-21739, CVE-2025-21745, CVE-2025-21746, CVE-2025-21765, CVE-2025-21786, CVE-2025-21787, CVE-2025-21790, CVE-2025-21791, CVE-2025-21795, CVE-2025-21796, CVE-2025-21806, CVE-2025-21826, CVE-2025-21828, CVE-2025-21829, CVE-2025-21839, CVE-2025-21844, CVE-2025-21846, CVE-2025-21847, CVE-2025-21848, CVE-2025-21851, CVE-2025-21853, CVE-2025-21855, CVE-2025-21861, CVE-2025-21863, CVE-2025-21864, CVE-2025-22056, CVE-2025-22097, CVE-2025-37994, CVE-2025-38116, CVE-2025-38396

IAVB: 2024-B-0200