[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2022-9348)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed May 18 15:40:26 UTC 2022

Synopsis: ELSA-2022-9348 can now be patched using Ksplice
CVEs: CVE-2021-0920 CVE-2021-3573 CVE-2021-4002 CVE-2021-4083 
CVE-2021-4149 CVE-2021-4157 CVE-2021-4203 CVE-2021-45095 CVE-2021-45868 
CVE-2022-0617 CVE-2022-1016

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9348.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2021-0920, CVE-2021-4083: Privilege escalation in BSD Unix domain 

Lack of synchronization in BSD Unix domain sockets module could result 
in a use
after free error. A local user could use this flaw to cause 
or privileges escalation.

Orabug: 33679806

* CVE-2022-0617: NULL-pointer dereference when processing UDF metadata.

When converting a UDF filesystem control block to its expanded form, an
invalid block could result in a NULL callback being invoked, resulting
in a system crash. A malicious user or filesystem image might exploit
this to cause a denial-of-service.

Orabug: 33870269

* CVE-2022-1016: Information leak in the netfilter subsystem.

A flaw in the netfilter subsystem result in a use-after-free. This may
allow a local unprivileged user to cause an information leak,
resulting in loss of system confidentiality.

Orabug: 34012926

* CVE-2021-3573: Code execution in the bluetooth subsystem due to 

Improper handling of HCI device detach events in the bluetooth subsystem
could leading to a use-after-free. A local user could use this flaw to
cause a denial of service or possibly execute arbitrary code.

Orabug: 33014054

* CVE-2021-4002: Information disclosure in HugeTLB due to a missing TLB 

A missing TLB flush in the HugeTLB implementation could allow a local 
to leak or alter data from other processes that use huge pages.

Orabug: 33617221

* CVE-2021-4149: Denial-of-service in BTRFS file system.

An improper locking flaw in BTRFS file system during error handling
could lead to a deadlock condition. A local user could use this flaw
to cause a denial-of-service.

Orabug: 33997139

* CVE-2021-45095: Denial-of-service in Phone Network protocol due to 
memory leaks.

A reference counting flaw in the Phone Network protocol functionality
when handling an error condition could lead to memory leaks. A local
user could use this flaw to cause a denial-of-service.

Orabug: 33962762

* CVE-2021-45868: Use-after-free in disk quota subsystem.

Insufficient validation of the block number in the quota tree on disk 
can lead
to use-after-free when handling a corrupted quota file. A local user can use
this flaw to cause denial-of-service.

Orabug: 33997256

* CVE-2021-4157: Out-of-bounds write in the Network File System.

An out-of-memory bounds write flaw in the NFS subsystem when handling 
of files can lead to invalid memory access. A user having access to the NFS
mount could potentially use this flaw to cause denial-of-service or 

Orabug: 34020970

* CVE-2021-4203: Use-after-free in the sockets subsystem.

A user-after-free read flaw in getsockopt() system call can lead to a race
condition. This could allow an attacker with user privileges to cause
denial-of-service or leak internal kernel information.

Orabug: 34006847


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list