[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2022-9667)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Aug 3 14:38:04 UTC 2022

Synopsis: ELSA-2022-9667 can now be patched using Ksplice
CVEs: CVE-2022-0492 CVE-2022-1966 CVE-2022-32250 CVE-2022-33981

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9667.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2022-0492: Privilege escalation in Control Groups feature.

A missing capabilities check flaw in the Control Groups feature when
setting release_agent in the initial user namespace could result in
bypassing namespace isolation. A local user could use this flaw to
escalate privilege.

Orabug: 33825689

* CVE-2022-33981: Denial-of-service in Floppy Disk support.

A logic flaw in ioctls of Floppy Disk support could result in
use-after-free. A local use could use this flaw for a denial-of-service.

Orabug: 34308428

* CVE-2022-1966, CVE-2022-32250: Code execution in Netfilter due to 

A flaw in nftables API of the Netfilter subsystem when removing stateful
expressions could result in a use-after-free. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.

Orabug: 34247343


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list