[El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-20518-0)

Mon Dec 22 18:18:55 UTC 2025

Synopsis: ELSA-2025-20518-0 can now be patched using Ksplice
CVEs: CVE-2024-36286 CVE-2024-46739 CVE-2024-46744 CVE-2024-47727 CVE-2024-50195 CVE-2024-50210 CVE-2024-56603 CVE-2024-56672 CVE-2024-57801 CVE-2025-21631 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21662 CVE-2025-21675 CVE-2025-21682 CVE-2025-21692 CVE-2025-21700 CVE-2025-21701 CVE-2025-21702 CVE-2025-21714 CVE-2025-21719 CVE-2025-21720 CVE-2025-21731 CVE-2025-21745 CVE-2025-21787 CVE-2025-21790 CVE-2025-21791 CVE-2025-21796 CVE-2025-21844 CVE-2025-21892 CVE-2025-21971 CVE-2025-22057 CVE-2025-22117 CVE-2025-23145 CVE-2025-37791 CVE-2025-37844 CVE-2025-37911 CVE-2025-37954 CVE-2025-37992 CVE-2025-38020 CVE-2025-38035 CVE-2025-38051 CVE-2025-38075 CVE-2025-38146 CVE-2025-38154 CVE-2025-38208 CVE-2025-38488 CVE-2025-38659 CVE-2025-38728

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20518-0.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20518-0.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2024-36286: Denial-of-service in netfilter subsystem.

* CVE-2024-46739: Denial-of-service in Hyper-V VMBus driver.

* CVE-2024-46744: Data corruption in SquashFS driver.

* CVE-2024-47727: Memory corruption in Intel TDX (Trust Domain Extensions) - Guest driver.

* CVE-2024-50195, CVE-2024-50210: Denial-of-service in dynamic POSIX clock driver.

* CVE-2024-56603: Privilege escalation in CAN bus subsystem driver.

* CVE-2024-56672: Privilege escalation in Block IO Control Groups subsystem.

* CVE-2024-57801: Privilege escalation in Mellanox SRIOV E-Switch driver.

* CVE-2025-21631: Privilege escalation in Budget Fair Queueing (BFQ) I/O scheduler.

* CVE-2025-21636, CVE-2025-21637, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640: Denial-of-service in SCTP.

* CVE-2025-21647: Privilege escalation in Common Applications Kept Enhanced (CAKE) driver.

* CVE-2025-21662: Denial-of-service in Mellanox devices driver.

* CVE-2025-21675: Denial-of-service in Mellanox devices driver.

* CVE-2025-21682: Null pointer dereference in Broadcom NetXtreme-C/E driver.

* CVE-2025-21692: Privilege escalation in ETS packet scheduler.

* CVE-2025-21700: Privilege escalation in QoS and/or fair queueing driver.

* CVE-2025-21701: Denial-of-service in Networking driver.

* CVE-2025-21702: Privilege escalation in network QoS/scheduling driver.

* CVE-2025-21714: Use-after-free in InfiniBand on-demand paging driver.

* CVE-2025-21719: Denial-of-service in TCP/IP networking stack.

* CVE-2025-21720: Null pointer dereference in IP XFRM subsystem.

* CVE-2025-21731: Privilege escalation in network block device driver.

* CVE-2025-21745: Denial-of-service in IO controller driver.

* CVE-2025-21787: Denial-of-service in Ethernet team driver.

* CVE-2025-21790: Null pointer dereference in Virtual eXtensible Local Area Network (VXLAN) driver.

* CVE-2025-21791: Privilege escalation in layer 3 master device support.

* CVE-2025-21796: Privilege escalation in NFS server for the NFSv2 ACL protocol extension driver.

* CVE-2025-21844: Denial-of-service in Common Internet File System (CIFS).

* CVE-2025-21892: Deadlock in Mellanox 5th generation network adapters (ConnectX series) driver.

* CVE-2025-21971: Statistics corruption in network QoS/scheduling driver.

* CVE-2025-22057: Privilege escalation in Networking driver.

* CVE-2025-22117: Out-of-bounds memory access in PCI IOV driver.

* CVE-2025-23145: Null pointer dereference in Multipath TCP driver.

* CVE-2025-37791: Out-of-bounds memory access in Netlink interface for ethtool.

* CVE-2025-37844: Null pointer dereference in CIFS driver.

* CVE-2025-37911: Out-of-bounds memory access in Broadcom NetXtreme-C/E driver.

* CVE-2025-37954: Memory leak in SMB/CIFS client driver.

* CVE-2025-37992: Null pointer dereference in Fair Queue driver.

* CVE-2025-38020: Null pointer dereference in Mellanox 5th generation network adapters (ConnectX series) Ethernet driver.

* CVE-2025-38035: Null pointer dereference in NVMe Target subsystem.

* CVE-2025-38051: Use-after-free in SMB/CIFS client driver.

* CVE-2025-38075: Null pointer dereference in iSCSI Target Mode Stack driver.

* CVE-2025-38146: Soft lockup in Open vSwitch driver.

* CVE-2025-38154: Kernel panic in Networking driver.

* CVE-2025-38208: Null pointer dereference in SMB/CIFS client driver.

* CVE-2025-38488: Use-after-free in SMB/CIFS client driver.

* CVE-2025-38659: Null pointer dereference in GFS2 filesystem driver.

* CVE-2025-38728: Out-of-bounds memory access in SMB/CIFS client driver.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2022-49353, CVE-2022-50414, CVE-2023-53382, CVE-2024-26893,
CVE-2024-27006, CVE-2024-27051, CVE-2024-43819, CVE-2024-47143,
CVE-2024-47408, CVE-2024-47751, CVE-2024-49568, CVE-2024-49571,
CVE-2024-49853, CVE-2024-50159, CVE-2024-53068, CVE-2024-53109,
CVE-2024-53230, CVE-2024-53231, CVE-2024-53241, CVE-2024-56689,
CVE-2024-56718, CVE-2024-57899, CVE-2024-57992, CVE-2024-57999,
CVE-2024-58051, CVE-2024-58061, CVE-2025-21687, CVE-2025-21750,
CVE-2025-21855, CVE-2025-22007, CVE-2025-22066, CVE-2025-37829,
CVE-2025-37830, CVE-2025-37913, CVE-2025-37915, CVE-2025-37941,
CVE-2025-37979, CVE-2025-38423, CVE-2025-38454, CVE-2025-38637,
CVE-2025-39778, CVE-2023-53125, CVE-2024-57998, CVE-2024-58068,
CVE-2025-38259, CVE-2025-38070, CVE-2024-56561, CVE-2025-21976,
CVE-2025-21750, CVE-2024-58015, CVE-2025-39930, CVE-2023-53523,
CVE-2025-38486, CVE-2022-49755

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.