Synopsis: ELSA-2025-20518-0 can now be patched using Ksplice CVEs: CVE-2024-36286 CVE-2024-46739 CVE-2024-46744 CVE-2024-47727 CVE-2024-50195 CVE-2024-50210 CVE-2024-56603 CVE-2024-56672 CVE-2024-57801 CVE-2025-21631 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21662 CVE-2025-21675 CVE-2025-21682 CVE-2025-21692 CVE-2025-21700 CVE-2025-21701 CVE-2025-21702 CVE-2025-21714 CVE-2025-21719 CVE-2025-21720 CVE-2025-21731 CVE-2025-21745 CVE-2025-21787 CVE-2025-21790 CVE-2025-21791 CVE-2025-21796 CVE-2025-21844 CVE-2025-21892 CVE-2025-21971 CVE-2025-22057 CVE-2025-22117 CVE-2025-23145 CVE-2025-37791 CVE-2025-37844 CVE-2025-37911 CVE-2025-37954 CVE-2025-37992 CVE-2025-38020 CVE-2025-38035 CVE-2025-38051 CVE-2025-38075 CVE-2025-38146 CVE-2025-38154 CVE-2025-38208 CVE-2025-38488 CVE-2025-38659 CVE-2025-38728
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20518-0. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20518-0.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-36286: Denial-of-service in netfilter subsystem. * CVE-2024-46739: Denial-of-service in Hyper-V VMBus driver. * CVE-2024-46744: Data corruption in SquashFS driver. * CVE-2024-47727: Memory corruption in Intel TDX (Trust Domain Extensions) - Guest driver. * CVE-2024-50195, CVE-2024-50210: Denial-of-service in dynamic POSIX clock driver. * CVE-2024-56603: Privilege escalation in CAN bus subsystem driver. * CVE-2024-56672: Privilege escalation in Block IO Control Groups subsystem. * CVE-2024-57801: Privilege escalation in Mellanox SRIOV E-Switch driver. * CVE-2025-21631: Privilege escalation in Budget Fair Queueing (BFQ) I/O scheduler. * CVE-2025-21636, CVE-2025-21637, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640: Denial-of-service in SCTP. * CVE-2025-21647: Privilege escalation in Common Applications Kept Enhanced (CAKE) driver. * CVE-2025-21662: Denial-of-service in Mellanox devices driver. * CVE-2025-21675: Denial-of-service in Mellanox devices driver. * CVE-2025-21682: Null pointer dereference in Broadcom NetXtreme-C/E driver. * CVE-2025-21692: Privilege escalation in ETS packet scheduler. * CVE-2025-21700: Privilege escalation in QoS and/or fair queueing driver. * CVE-2025-21701: Denial-of-service in Networking driver. * CVE-2025-21702: Privilege escalation in network QoS/scheduling driver. * CVE-2025-21714: Use-after-free in InfiniBand on-demand paging driver. * CVE-2025-21719: Denial-of-service in TCP/IP networking stack. * CVE-2025-21720: Null pointer dereference in IP XFRM subsystem. * CVE-2025-21731: Privilege escalation in network block device driver. * CVE-2025-21745: Denial-of-service in IO controller driver. * CVE-2025-21787: Denial-of-service in Ethernet team driver. * CVE-2025-21790: Null pointer dereference in Virtual eXtensible Local Area Network (VXLAN) driver. * CVE-2025-21791: Privilege escalation in layer 3 master device support. * CVE-2025-21796: Privilege escalation in NFS server for the NFSv2 ACL protocol extension driver. * CVE-2025-21844: Denial-of-service in Common Internet File System (CIFS). * CVE-2025-21892: Deadlock in Mellanox 5th generation network adapters (ConnectX series) driver. * CVE-2025-21971: Statistics corruption in network QoS/scheduling driver. * CVE-2025-22057: Privilege escalation in Networking driver. * CVE-2025-22117: Out-of-bounds memory access in PCI IOV driver. * CVE-2025-23145: Null pointer dereference in Multipath TCP driver. * CVE-2025-37791: Out-of-bounds memory access in Netlink interface for ethtool. * CVE-2025-37844: Null pointer dereference in CIFS driver. * CVE-2025-37911: Out-of-bounds memory access in Broadcom NetXtreme-C/E driver. * CVE-2025-37954: Memory leak in SMB/CIFS client driver. * CVE-2025-37992: Null pointer dereference in Fair Queue driver. * CVE-2025-38020: Null pointer dereference in Mellanox 5th generation network adapters (ConnectX series) Ethernet driver. * CVE-2025-38035: Null pointer dereference in NVMe Target subsystem. * CVE-2025-38051: Use-after-free in SMB/CIFS client driver. * CVE-2025-38075: Null pointer dereference in iSCSI Target Mode Stack driver. * CVE-2025-38146: Soft lockup in Open vSwitch driver. * CVE-2025-38154: Kernel panic in Networking driver. * CVE-2025-38208: Null pointer dereference in SMB/CIFS client driver. * CVE-2025-38488: Use-after-free in SMB/CIFS client driver. * CVE-2025-38659: Null pointer dereference in GFS2 filesystem driver. * CVE-2025-38728: Out-of-bounds memory access in SMB/CIFS client driver. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2022-49353, CVE-2022-50414, CVE-2023-53382, CVE-2024-26893, CVE-2024-27006, CVE-2024-27051, CVE-2024-43819, CVE-2024-47143, CVE-2024-47408, CVE-2024-47751, CVE-2024-49568, CVE-2024-49571, CVE-2024-49853, CVE-2024-50159, CVE-2024-53068, CVE-2024-53109, CVE-2024-53230, CVE-2024-53231, CVE-2024-53241, CVE-2024-56689, CVE-2024-56718, CVE-2024-57899, CVE-2024-57992, CVE-2024-57999, CVE-2024-58051, CVE-2024-58061, CVE-2025-21687, CVE-2025-21750, CVE-2025-21855, CVE-2025-22007, CVE-2025-22066, CVE-2025-37829, CVE-2025-37830, CVE-2025-37913, CVE-2025-37915, CVE-2025-37941, CVE-2025-37979, CVE-2025-38423, CVE-2025-38454, CVE-2025-38637, CVE-2025-39778, CVE-2023-53125, CVE-2024-57998, CVE-2024-58068, CVE-2025-38259, CVE-2025-38070, CVE-2024-56561, CVE-2025-21976, CVE-2025-21750, CVE-2024-58015, CVE-2025-39930, CVE-2023-53523, CVE-2025-38486, CVE-2022-49755 SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
