[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20270)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Apr 23 10:39:07 UTC 2025 

Synopsis: ELSA-2025-20270 can now be patched using Ksplice
CVEs: CVE-2024-35966 CVE-2024-35967 CVE-2024-40919 CVE-2024-41079 CVE-
2024-43866 CVE-2024-44970 CVE-2024-45019 CVE-2024-46717 CVE-2024-46842
CVE-2024-46857 CVE-2024-50155 CVE-2024-50215 CVE-2024-53209 CVE-2024-
53213 CVE-2025-21647 CVE-2025-21687 CVE-2025-21692 CVE-2025-21699 CVE-
2025-21703

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20270.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20270.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-35966, CVE-2024-35967: Denial-of-service in Bluetooth
subsystem.

A missing check in several setsockopt handlers could lead
to an out-of-bounds read in the Bluetooth subsystem. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-40919: Denial-of-service in Broadcom NetXtreme-C/E driver.

Incorrect return status checks when using the Broadcom NetXtreme-C/E
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 37070333


* CVE-2024-41079: Information leak in NVMe over Fabrics target
subsystem.

A missing structure field initialization in the NVMe over Fabrics
target
code could lead to leaking data from kernel memory. An attacker could
potentially use this flaw to extract sensitive information.

Orabug: 36897348


* CVE-2024-43866: Denial-of-service in Mellanox devices driver.

A race condition when using the Mellanox devices driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.

Orabug: 37534698


* CVE-2024-44970: Denial-of-service in Mellanox devices driver.

A logic error when using the Mellanox 5th generation network adapters
Ethernet driver could lead to a kernel panic. A local attacker could
use
this flaw to cause a denial-of-service.

Orabug: 37534698


* CVE-2024-45019: Denial-of-service in Mellanox devices driver.

A locking error when using the Mellanox devices driver could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 37534698


* CVE-2024-46717: Memory corruption in Mellanox 5th generation network
adapters (ConnectX series) Ethernet driver.

A missing check when using the Mellanox 5th generation network adapters
(ConnectX series) Ethernet driver could lead to a use-after-free. A
local attacker could use this flaw to cause memory corruption.

Orabug: 37534698


* CVE-2024-46842: Denial-of-service in Emulex LightPulse Fibre Channel
driver.

A race condition when using the Emulex LightPulse Fibre Channel driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 37116505


* CVE-2024-46857: Denial-of-service in Mellanox devices driver.

A missing check when using the Mellanox devices driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.

Orabug: 37534698


* CVE-2024-50155: Denial-of-service in Simulated networking device
driver.

Insufficient scheduling when using the Simulated networking device
driver could lead to task blocking for extended periods.. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 37264120


* CVE-2024-50215: Privilege escalation in NVMe over Fabrics In-band
Authentication driver.

A logic error when using the NVMe over Fabrics In-band Authentication
driver could lead to double free. A local attacker could use this flaw
to escalate privileges.

Orabug: 37268555


* CVE-2024-53209: Denial-of-service in Broadcom NetXtreme-C/E driver.

A logic error when using the Broadcom NetXtreme-C/E driver could lead
to
an out-of-bounds memory access. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 37433562


* CVE-2024-53213: Privilege escalation in Microchip LAN78XX Based USB
Ethernet Adapters driver.

A logic error when using the Microchip LAN78XX Based USB Ethernet
Adapters driver could lead to double free. A local attacker could use
this flaw to escalate privileges.

Orabug: 37433573


* CVE-2025-21647: Privilege escalation in Common Applications Kept
Enhanced (CAKE) driver.

A logic error when using the Common Applications Kept Enhanced (CAKE)
driver could lead to an out-of-bounds memory access. A local attacker
could use this flaw to escalate privileges.


* CVE-2025-21687: Privilege escalation in platform device VFIO driver.

A missing check when using the platform device VFIO driver allows
read/write outside the alloted boundaries. A local attacker could
use this flaw to escalate privileges, execute arbitrary code, or
extract sensitive information from kernel memory.


* CVE-2025-21692: Privilege escalation in Enhanced transmission
selection scheduler (ETS) driver.

A missing check when using the Enhanced transmission selection
scheduler
(ETS) driver could lead to an out-of-bounds memory access. A local
attacker could use this flaw to escalate privileges.


* CVE-2025-21699: Disk corruption in GFS2 filesystem.

There is a logic error in the GFS2 filesystem code's handling of the
FS_IOC_SETFLAGS ioctl call, which sets the flags for an inode and is
used by the `chattr` command. A local attacker could use this flaw to
cause disk corruption.

This update fixes the logic error so the handling is fixed and later
usage of the ioctl results in correct behaviour, but doesn't actively
attempt to fix the existing filesystem inodes.


* CVE-2025-21703: Privilege escalation in network emulator.

A logic error when using the network emulator could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-50242

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list