Synopsis: ELSA-2026-50112 can now be patched using Ksplice CVEs: CVE-2025-68226 CVE-2025-68292 CVE-2025-68293 CVE-2025-68295 CVE-2025-68300 CVE-2025-68301 CVE-2025-68305 CVE-2025-68340 CVE-2025-68349 CVE-2025-68356 CVE-2025-68741 CVE-2025-68764 CVE-2025-68775 CVE-2025-68776 CVE-2025-68788 CVE-2025-68794 CVE-2025-68798 CVE-2025-68803 CVE-2025-68810 CVE-2025-68811 CVE-2025-68813 CVE-2025-68818 CVE-2025-71066 CVE-2025-71068 CVE-2025-71084 CVE-2025-71089 CVE-2025-71097 CVE-2025-71098 CVE-2025-71104 CVE-2025-71120 CVE-2025-71131 CVE-2025-71147 CVE-2025-71157
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2026-50112. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2026-50112.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR8 6.12.0 on OL9 and OL10 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-68226: Use-after-free in SMB/CIFS client driver. * CVE-2025-68292: Uninitialized memory exposure in memfd. * CVE-2025-68293: Null pointer dereference in Transparent Hugepage driver. * CVE-2025-68295: Memory leak in SMB/CIFS client driver. * CVE-2025-68300: Reference count leak in namespace support. * CVE-2025-68301: Out-of-bounds memory access in aQuantia AQtion driver. * CVE-2025-68305: Use-after-free in Bluetooth subsystem. * CVE-2025-68340: Out-of-bounds memory access in Ethernet team driver. * CVE-2025-68349: Null pointer dereference in NFS client for NFSv4.1 driver. * CVE-2025-68356: Deadlock in GFS2 filesystem driver. * CVE-2025-68741: Use-after-free in QLogic QLA2XXX Fibre Channel driver. * CVE-2025-68764: Insufficient privilege checks in NFS client driver. * CVE-2025-68775: Use-after-free in Generic netlink handshake service. * CVE-2025-68776: Null pointer dereference in High-availability Seamless Redundancy (HSR & PRP) driver. * CVE-2025-68788: Information leak in fsnotify. * CVE-2025-68794: Out-of-bounds memory access in block layer driver. * CVE-2025-68798: Kernel crash in AMD Performance Monitoring Unit. * CVE-2025-68803: Access control violation in NFS server driver. * CVE-2025-68810: Use-after-free in KVM. * CVE-2025-68811: Out-of-bounds memory access in RPC-over-RDMA transport driver. * CVE-2025-68813: Null pointer dereference in IP virtual server driver. * CVE-2025-68818: Null pointer dereference in QLogic QLA2XXX Fibre Channel driver. * CVE-2025-71066: Use-after-free in ETS network scheduler. * CVE-2025-71068: Out-of-bounds memory access in RPC-over-RDMA transport driver. * CVE-2025-71084: Reference count leak in InfiniBand driver. * CVE-2025-71089: Use-after-free in IOMMU Shared Virtual Addressing. * CVE-2025-71097: Reference count leak in TCP/IP networking driver. * CVE-2025-71098: Kernel panic in IPv6 GRE tunnel driver. * CVE-2025-71104: Hard lockup in KVM. * CVE-2025-71120: Null pointer dereference in SunRPC GSS. * CVE-2025-71131: Use-after-free in Sequence Number IV Generator driver. * CVE-2025-71147: Memory leak in TPM-based trusted keys driver. * CVE-2025-71157: Memory leak in InfiniBand driver. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2025-40253, CVE-2025-40262, CVE-2025-40276, CVE-2025-68217, CVE-2025-68220, CVE-2025-68222, CVE-2025-68238, CVE-2025-68254, CVE-2025-68255, CVE-2025-68256, CVE-2025-68257, CVE-2025-68258, CVE-2025-68263, CVE-2025-68266, CVE-2025-68287, CVE-2025-68289, CVE-2025-68290, CVE-2025-68302, CVE-2025-68303, CVE-2025-68327, CVE-2025-68328, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68338, CVE-2025-68339, CVE-2025-68344, CVE-2025-68346, CVE-2025-68347, CVE-2025-68352, CVE-2025-68369, CVE-2025-68727, CVE-2025-68728, CVE-2025-68733, CVE-2025-68747, CVE-2025-68748, CVE-2025-68753, CVE-2025-68758, CVE-2025-68763, CVE-2025-68765, CVE-2025-68766, CVE-2025-68767, CVE-2025-68769, CVE-2025-68773, CVE-2025-68774, CVE-2025-68777, CVE-2025-68781, CVE-2025-68786, CVE-2025-68787, CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68804, CVE-2025-68806, CVE-2025-68808, CVE-2025-68809, CVE-2025-68817, CVE-2025-71064, CVE-2025-71065, CVE-2025-71067, CVE-2025-71069, CVE-2025-71071, CVE-2025-71073, CVE-2025-71078, CVE-2025-71079, CVE-2025-71086, CVE-2025-71102, CVE-2025-71105, CVE-2025-71107, CVE-2025-71109, CVE-2025-71112, CVE-2025-71119, CVE-2025-71121, CVE-2025-71122, CVE-2025-71129, CVE-2025-71136, CVE-2025-71137, CVE-2025-71140, CVE-2025-71145, CVE-2025-71150, CVE-2025-71153 SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
