[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2023-12226)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Apr 18 14:43:54 UTC 2023

Synopsis: ELSA-2023-12226 can now be patched using Ksplice
CVEs: CVE-2022-2196 CVE-2022-27672 CVE-2022-3707 CVE-2023-1281 
CVE-2023-1513 CVE-2023-20938 CVE-2023-26545

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12226.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2022-2196: Information leak in Kernel-based Virtual Machine.

A flaw in KVM due to a missing flush of indirect branch predictors
at VM-exit time may result in a leak of information.
A nested guest VM (L2) may use this flaw to perform Spectre v2 attacks
on L1 guest VMs.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-20938.

Oracle has determined that the vulnerability does not affect a
running system.

Lack of input validation in the Android Binder driver when releasing a
transaction buffer could lead to a user-after-free.  A local unprivileged
user could use this flaw to cause a denial-of-service or elevate its

* CVE-2022-3707: Double-free in Intel GVT-g graphics driver.

Incorrect error handling in the Intel GVT-g graphics driver can lead to a
double free. This can allow a local user to cause denial-of-service.

* CVE-2023-1513: Information leak in KVM ioctl.

Incomplete initialization of structure returned to user during KVM's
KVM_GET_DEBUGREGS ioctl can lead to information leak. This can allow a local
user to access to privileged data.

* CVE-2023-26545: Stale pointer in MultiProtocol Label Switching subsystem.

Incorrect error handling in the MultiProtocol Label Switching subsystem
(MPLS) during the renaming of a device can lead to double free. This could
allow a local user to write to arbitrary memory locations or cause

* CVE-2023-1281: Use-after-free in Packet Classifier based on Traffic 
Control Indices.

The imperfect hash area in the traffic control index filter can be
updated while packets are traversing which can lead to a use-after-free.
A local attacker can use this to escalate privileges.

* Incorrect initialization in BTRFS's zlib compression.

Incorrect initialization in BTRFS zlib compression implementation can
lead to use of uninitialized memory.  This can lead to leak of
privileged information or denial-of-service.

* CVE-2022-27672: Information disclosure due to Cross-Thread Return 
Address Predictions.

When SMT (simultaneous multithreading) is enabled, certain AMD processors
may speculative execute instructions using a target from the sibling thread.
This can potentially lead to information disclosure.


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list