Synopsis: ELSA-2025-20609 can now be patched using Ksplice CVEs: CVE-2022-2639 CVE-2022-34918 CVE-2025-38264 CVE-2025-38494 CVE-2025-38495 CVE-2025-38499 CVE-2025-38618
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20609. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20609.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on OL8 and OL9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-38264: Kernel crash in NVM Express over Fabrics TCP driver. Orabug: 38454661 * CVE-2025-38494, CVE-2025-38495: Out-of-bounds memory access in HID bus driver. Orabug: 38454662, 38454666 * CVE-2025-38499: Overly permissive privilege checks in Virtual File System. Orabug: 38454664 * CVE-2025-38618: Use-after-free in Virtual Socket protocol driver. Orabug: 38454665 SUPPORT Ksplice support is available at ksplice-support...@oracle.com. _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata
