[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20095)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Feb 24 13:18:50 UTC 2025 

Synopsis: ELSA-2025-20095 can now be patched using Ksplice
CVEs: CVE-2023-52658 CVE-2024-38538 CVE-2024-39494 CVE-2024-42142 CVE-2024-42315 CVE-2024-43864 CVE-2024-49996 CVE-2024-50121 CVE-2024-50264 CVE-2024-50265 CVE-2024-50273 CVE-2024-50278 CVE-2024-50279 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53141 CVE-2024-53164 CVE-2024-53173 CVE-2024-53241 CVE-2024-56590 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56642 CVE-2024-56644 CVE-2024-56650 CVE-2024-56688 CVE-2024-57874

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20095.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20095.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52658: Denial-of-service in Mellanox Technologies MLX5 SRIOV E-Switch driver.

A logic error when entering switchdev mode with ns inconsistency in
Mellanox Technologies MLX5 SRIOV E-Switch driver could lead to a
kernel crash. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 36811057


* CVE-2024-38538: Data corruption in 802.1d Ethernet Bridging.

A missing check when sending a short skb in the 802.1d Ethernet
Bridging driver could lead to use of uninitialized memory. An
attacker could use this flaw to cause data corruption.


* CVE-2024-39494: Denial-of-service in Integrity Measurement Architecture (IMA) driver.

A logic error when using the Integrity Measurement Architecture (IMA)
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-42142: Denial-of-service in Mellanox devices driver.

A logic error when using active-backup lag mode in the Mellanox devices
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 36948578


* CVE-2024-42315: Denial-of-service in exFAT filesystem driver.

A locking error when using the exFAT filesystem driver could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-43864: Denial-of-service in Mellanox devices driver.

Incorrect return status checks when using the Mellanox devices driver
could lead to a invalid pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.

Orabug: 36948578


* CVE-2024-49996: Privilege escalation in SMB3 and CIFS driver.

A missing check when parsing NFS reparse points in the SMB3 and CIFS
driver could lead to an out-of-bounds memory access. A remote attacker
could use this flaw to escalate privileges.


* CVE-2024-50121: Privilege escalation in NFS server version 4 driver.

A logic error when using the NFS server version 4 driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-50264: Privilege escalation in Virtual Socket protocol driver.

A missing variable initialization when during loopback communication in
the Virtual Socket protocol driver could lead to a use-after-free. A
local attacker could use this flaw to escalate privileges.


* CVE-2024-50265: Denial-of-service in OCFS2 filesystem driver.

A logic error when setting extended attributes in the OCFS2 filesystem
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-50273: Denial-of-service in Btrfs filesystem driver.

A logic error when handling delayed reference counting in the Btrfs
filesystem driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-50278, CVE-2024-50279: Privilege escalation in Multiple Device Cache Target driver.

Logic errors when manipulating cache in the Multiple Device Cache Target
driver could lead to an out-of-bounds memory access. A local attacker
could use this flaw to escalate privileges.


* CVE-2024-53103: Privilege escalation in Virtual Socket protocol driver.

A missing variable initialization when destroying socket in the Virtual
Socket protocol driver could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.


* CVE-2024-53104: Code execution in USB Video Class (UVC) driver.

A missing check when using the USB Video Class (UVC) driver could lead
to an out-of-bounds memory write. A local attacker could use this flaw
to execute arbitrary code in kernel mode.


* CVE-2024-53112: Denial-of-service in OCFS2 filesystem driver.

A missing check when using OCFS2_IOC_GROUP_ADD ioctl in the OCFS2
filesystem driver could lead to a kernel assertion failure. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-53141: Privilege escalation in netfilter (IP set) subsystem.

A missing check when updating the bitmap for IP addresses in the
netfilter (IP set) subsystem could lead to an out-of-bounds memory
access. A local attacker could use this flaw to escalate privileges.


* CVE-2024-53164: Privilege escalation in CAKE network scheduler.

A logic error when using the Common Applications Kept Enhanced (CAKE)
network scheduler could lead to a use-after-free. A local attacker could
use this flaw to escalate privileges.


* CVE-2024-53173: Privilege escalation in NFS client driver.

A logic error when opening multiple files concurrently in the NFS client
driver could lead to a use-after-free. A local attacker could use this
flaw to escalate privileges.


* CVE-2024-56590: Privilege escalation in Bluetooth subsystem driver.

A logic error when using the Bluetooth subsystem driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56600: Privilege escalation in Networking subsystem.

A missing variable initialization when creating a socket fails in the
Networking subsystem could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.


* CVE-2024-56601: Privilege escalation in TCP/IP networking driver.

A missing variable initialization when creating a socket fails in the
TCP/IP networking driver could lead to a use-after-free. A local
attacker could use this flaw to escalate privileges.


* CVE-2024-56602: Privilege escalation in IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver.

A missing variable initialization when creating a socket fails in the
IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56603: Privilege escalation in CAN bus subsystem driver.

A missing variable initialization when creating a CAN socket fails in
the CAN bus subsystem driver could lead to a use-after-free. A local
attacker could use this flaw to escalate privileges.


* CVE-2024-56605: Privilege escalation in Bluetooth subsystem driver.

A missing variable initialization when creating a l2cap socket fails in
the Bluetooth subsystem driver could lead to a use-after-free. A local
attacker could use this flaw to escalate privileges.


* CVE-2024-56606: Privilege escalation in Packet socket driver.

A logic error when packet creation fails in the Packet socket driver
could lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56642: Privilege escalation in TIPC over IP/UDP driver.

A missing check when disabling a bearer in the TIPC over IP/UDP driver
could lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56644: Remote denial-of-service in IPv6 networking stack.

Incorrect reference counting when using the IPv6 networking stack could
lead to a memory leak. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-56650: Privilege escalation in netfilter driver.

A missing check when using the netfilter driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56688: Denial-of-service in Sun RPC driver.

A logic error when using the Sun RPC driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-57874: Information leak in Ptrace subsystem.

A missing check when ptracing a process using the Ptrace subsystem could
lead to leaking of kernel memory. A local attacker could use this flaw
to extract sensitive information.


* Note: Oracle will not provide a zero-downtime update for CVE-2024-53241 (XSA-466).

CVE-2024-53241 (XSA-466) is an information leak from Xen guests.

Oracle has determined that patching CVE-2024-53241 (XSA-466) on a
running system would not be safe and recommends a reboot if Xen is used.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2022-49034, CVE-2024-36476, CVE-2024-40939, CVE-2024-42073,
CVE-2024-42138, CVE-2024-43098, CVE-2024-44949, CVE-2024-45828,
CVE-2024-47143, CVE-2024-47408, CVE-2024-47730, CVE-2024-49571,
CVE-2024-50051, CVE-2024-50268, CVE-2024-50269, CVE-2024-50283,
CVE-2024-50287, CVE-2024-50292, CVE-2024-50295, CVE-2024-50296,
CVE-2024-53130, CVE-2024-53131, CVE-2024-53145, CVE-2024-53148,
CVE-2024-53158, CVE-2024-53161, CVE-2024-53165, CVE-2024-53181,
CVE-2024-53183, CVE-2024-53184, CVE-2024-53241, CVE-2024-53690,
CVE-2024-56548, CVE-2024-56562, CVE-2024-56567, CVE-2024-56572,
CVE-2024-56575, CVE-2024-56578, CVE-2024-56581, CVE-2024-56586,
CVE-2024-56595, CVE-2024-56596, CVE-2024-56597, CVE-2024-56598,
CVE-2024-56610, CVE-2024-56619, CVE-2024-56626, CVE-2024-56627,
CVE-2024-56643, CVE-2024-56659, CVE-2024-56678, CVE-2024-56679,
CVE-2024-56700, CVE-2024-56701, CVE-2024-56704, CVE-2024-56726,
CVE-2024-56728, CVE-2024-56741, CVE-2024-56754, CVE-2024-56766,
CVE-2024-56767, CVE-2024-56776, CVE-2024-56777, CVE-2024-56778,
CVE-2024-56781, CVE-2024-56785, CVE-2024-56787, CVE-2024-57791,
CVE-2024-57802, CVE-2024-57838, CVE-2024-57849, CVE-2024-57889,
CVE-2024-57900

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list