[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20271)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Apr 22 11:34:20 UTC 2025 

Synopsis: ELSA-2025-20271 can now be patched using Ksplice
CVEs: CVE-2021-47498 CVE-2024-47707 CVE-2024-49884 CVE-2024-49936 CVE-2024-53124 CVE-2024-56631 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21687 CVE-2025-21699 CVE-2025-21703

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20271.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20271.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2021-47498: Denial-of-service in multi-device driver (RAID/LVM).

A missing check when using the multi-device driver (RAID/LVM) could lead
to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 37010188


* CVE-2024-47707: Denial-of-service in Linux INET6 driver.

A missing check when closing network interface in the Linux INET6 driver
could lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-49884: Privilege escalation in EXT4 filesystem driver.

A logic error when adding extent in the EXT4 filesystem driver could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-49936: Privilege escalation in Xen backend network device driver.

A locking error when using the Xen backend network device driver could
lead to a use-after-free. An attacker from a guest VM could use this
flaw to escalate privileges.


* CVE-2024-56631: Privilege escalation in SCSI generic driver.

A locking error when releasing data in the SCSI generic driver could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21638, CVE-2025-21639, CVE-2025-21640: Denial-of-service in SCTP protocol networking stack.

A logic error when using the SCTP protocol networking stack could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2025-21687: Privilege escalation in platform device VFIO driver.

A missing check when using the platform device VFIO driver allows
read/write outside the alloted boundaries. A local attacker could
use this flaw to escalate privileges, execute arbitrary code, or
extract sensitive information from kernel memory.


* CVE-2025-21699: Disk corruption in GFS2 filesystem.

There is a logic error in the GFS2 filesystem code's handling of the
FS_IOC_SETFLAGS ioctl call, which sets the flags for an inode and is
used by the `chattr` command. A local attacker could use this flaw to
cause disk corruption.

This update fixes the logic error so the handling is fixed and later
usage of the ioctl results in correct behaviour, but doesn't actively
attempt to fix the existing filesystem inodes.


* CVE-2025-21703: Privilege escalation in network emulator.

A logic error when using the network emulator could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* Privilege escalation in Control Group (cgroup) layer.

A locking error when using cgroups could lead to a use-after-free.
A local attacker could use this flaw to escalate privileges.

Orabug: 37621585


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-57904, CVE-2024-57906, CVE-2024-57908, CVE-2024-57910,
CVE-2024-57911, CVE-2024-57912, CVE-2024-57913, CVE-2025-21647,
CVE-2025-21697

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20250422/f32d0486/attachment-0001.sig>

More information about the El-errata mailing list