[El-errata] New Ksplice updates for RHCK 10 (ELSA-2025-20095)

Mon Dec 22 09:04:29 UTC 2025

Synopsis: ELSA-2025-20095 can now be patched using Ksplice
CVEs: CVE-2024-53103 CVE-2024-53166 CVE-2024-56605 CVE-2024-56672 CVE-2024-56764 CVE-2024-57801 CVE-2024-58009 CVE-2025-21631 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21652 CVE-2025-21662 CVE-2025-21675 CVE-2025-21682 CVE-2025-21692 CVE-2025-21700 CVE-2025-21701 CVE-2025-21702 CVE-2025-21714 CVE-2025-21719 CVE-2025-21720 CVE-2025-21731 CVE-2025-21745 CVE-2025-21790 CVE-2025-21791 CVE-2025-21796 CVE-2025-21844 CVE-2025-21858 CVE-2025-21892 CVE-2025-21920 CVE-2025-21959 CVE-2025-21971 CVE-2025-22002 CVE-2025-22057 CVE-2025-22126 CVE-2025-23145 CVE-2025-37749 CVE-2025-37756 CVE-2025-37757 CVE-2025-37774 CVE-2025-37789 CVE-2025-37791 CVE-2025-37824 CVE-2025-37844 CVE-2025-37894 CVE-2025-37911 CVE-2025-37933 CVE-2025-37954 CVE-2025-37961 CVE-2025-37992 CVE-2025-38020 CVE-2025-38035 CVE-2025-38051 CVE-2025-38083 CVE-2025-38108 CVE-2025-38115 CVE-2025-38120 CVE-2025-38146 CVE-2025-38154 CVE-2025-38184 CVE-2025-38208 CVE-2025-38430 CVE-2025-38468 CVE-2025-38488

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20095.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20095.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 10 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2024-53103: Privilege escalation in Virtual Socket protocol driver.

* CVE-2024-53166: Memory corruption in BFQ I/O scheduler subsystem.

* CVE-2024-56605, CVE-2024-58009: Privilege escalation in Bluetooth subsystem driver.

* CVE-2024-56672: Privilege escalation in Block IO Control Groups subsystem.

* CVE-2024-56764: Use-after-free in userspace block driver.

* CVE-2024-57801: Privilege escalation in Mellanox SRIOV E-Switch driver.

* CVE-2025-21631: Privilege escalation in Budget Fair Queueing (BFQ) I/O scheduler.

* CVE-2025-21636, CVE-2025-21637, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640: Denial-of-service in SCTP.

* CVE-2025-21647: Privilege escalation in Common Applications Kept Enhanced (CAKE) driver.

* CVE-2025-21652: Use-after-free in the network device link state notification subsystem.

* CVE-2025-21662: Denial-of-service in Mellanox devices driver.

* CVE-2025-21675: Denial-of-service in Mellanox devices driver.

* CVE-2025-21682: Null pointer dereference in Broadcom NetXtreme-C/E driver.

* CVE-2025-21692: Privilege escalation in ETS packet scheduler.

* CVE-2025-21700: Privilege escalation in QoS and/or fair queueing driver.

* CVE-2025-21701: Denial-of-service in Networking driver.

* CVE-2025-21702: Privilege escalation in network QoS/scheduling driver.

* CVE-2025-21714: Use-after-free in InfiniBand on-demand paging driver.

* CVE-2025-21719: Denial-of-service in TCP/IP networking stack.

* CVE-2025-21720: Null pointer dereference in IP XFRM subsystem.

* CVE-2025-21731: Privilege escalation in network block device driver.

* CVE-2025-21745: Denial-of-service in IO controller driver.

* CVE-2025-21790: Null pointer dereference in Virtual eXtensible Local Area Network (VXLAN) driver.

* CVE-2025-21791: Privilege escalation in layer 3 master device support.

* CVE-2025-21796: Privilege escalation in NFS server for the NFSv2 ACL protocol extension driver.

* CVE-2025-21844: Denial-of-service in Common Internet File System (CIFS).

* CVE-2025-21858: Privilege escalation in Generic Network Virtualization Encapsulation driver.

* CVE-2025-21892: Deadlock in Mellanox 5th generation network adapters (ConnectX series) driver.

* CVE-2025-21920: Information leak in ethernet VLAN stack.

* CVE-2025-21959: Use of uninitialised value in netfilter subsystem.

* CVE-2025-21971: Statistics corruption in network QoS/scheduling driver.

* CVE-2025-22002: Denial-of-service in Network filesystem driver.

* CVE-2025-22057: Privilege escalation in Networking driver.

* CVE-2025-22126: Use-after-free in Multiple devices (RAID and LVM) driver.

* CVE-2025-23145: Null pointer dereference in Multipath TCP driver.

* CVE-2025-37749: Information leak in PPP driver.

* CVE-2025-37756: Undefined behaviour in Transport Layer Security driver.

* CVE-2025-37757: Memory leak in the TIPC Protocol driver.

* CVE-2025-37774: Null pointer dereference in slab allocator.

* CVE-2025-37789: Out-of-bounds memory access in Open vSwitch.

* CVE-2025-37791: Out-of-bounds memory access in Netlink interface for ethtool.

* CVE-2025-37824: Null pointer dereference in TIPC Protocol driver.

* CVE-2025-37844: Null pointer dereference in CIFS driver.

* CVE-2025-37894: Invalid pointer dereference in TCP/IP networking.

* CVE-2025-37911: Out-of-bounds memory access in Broadcom NetXtreme-C/E driver.

* CVE-2025-37933: Deadlock in Marvell devices driver.

* CVE-2025-37954: Memory leak in SMB/CIFS client driver.

* CVE-2025-37961: Use of uninitialized memory in IP virtual server driver.

* CVE-2025-37992: Null pointer dereference in Fair Queue driver.

* CVE-2025-38020: Null pointer dereference in Mellanox 5th generation network adapters (ConnectX series) Ethernet driver.

* CVE-2025-38035: Null pointer dereference in NVMe Target subsystem.

* CVE-2025-38051: Use-after-free in SMB/CIFS client driver.

* CVE-2025-38083, CVE-2025-38108: Integer underflow in multiple network schedulers.

* CVE-2025-38115: NULL pointer dereference in Stochastic Fairness Queueing (SFQ) network scheduler.

* CVE-2025-38120: Memory disclosure in Netfilter driver.

* CVE-2025-38146: Soft lockup in Open vSwitch driver.

* CVE-2025-38154: Kernel panic in Networking driver.

* CVE-2025-38184: NULL pointer dereference in IP/UDP media type driver.

* CVE-2025-38208: Null pointer dereference in SMB/CIFS client driver.

* CVE-2025-38430: Remote kernel crash in NFSv4 server driver.

* CVE-2025-38468: Kernel oops in Hierarchical Token Bucket network scheduler.

* CVE-2025-38488: Use-after-free in SMB/CIFS client driver.

* Information leak in USB Modem (CDC ACM) driver.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-47143, CVE-2024-53152, CVE-2024-53153, CVE-2024-53203,
CVE-2024-53230, CVE-2024-53231, CVE-2024-53241, CVE-2024-56561,
CVE-2024-56599, CVE-2024-56689, CVE-2024-56698, CVE-2024-56706,
CVE-2024-56746, CVE-2024-57809, CVE-2024-57849, CVE-2024-57874,
CVE-2024-57877, CVE-2024-57878, CVE-2024-57899, CVE-2024-57984,
CVE-2024-57992, CVE-2024-57999, CVE-2024-58021, CVE-2024-58051,
CVE-2024-58061, CVE-2024-58075, CVE-2025-21750, CVE-2025-21804,
CVE-2025-21821, CVE-2025-21824, CVE-2025-21838, CVE-2025-21855,
CVE-2025-21856, CVE-2025-21866, CVE-2025-21869, CVE-2025-21916,
CVE-2025-21930, CVE-2025-21977, CVE-2025-22007, CVE-2025-22053,
CVE-2025-22066, CVE-2025-22102, CVE-2025-23144, CVE-2025-37758,
CVE-2025-37812, CVE-2025-37829, CVE-2025-37830, CVE-2025-37831,
CVE-2025-37837, CVE-2025-37849, CVE-2025-37922, CVE-2025-37934,
CVE-2025-37937, CVE-2025-37941, CVE-2025-37972, CVE-2025-37979,
CVE-2025-38010, CVE-2025-38044, CVE-2025-38299, CVE-2025-38363,
CVE-2025-38423, CVE-2025-38454, CVE-2025-38637, CVE-2025-39778,
CVE-2025-38486, CVE-2024-36350, CVE-2024-36357, CVE-2025-21952,
CVE-2025-37996, CVE-2025-39930, CVE-2025-21797, CVE-2024-58015,
CVE-2025-38340, CVE-2025-21923, CVE-2025-37811, CVE-2025-21933,
CVE-2025-38235, CVE-2025-38394, CVE-2025-37898, CVE-2025-38233,
CVE-2025-21976, CVE-2024-58006, CVE-2025-38070, CVE-2025-37939,
CVE-2025-38259, CVE-2025-38339, CVE-2025-22094, CVE-2025-37913,
CVE-2025-37915, CVE-2025-38231

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.