[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20471)

Mon Jul 21 04:49:31 UTC 2025

Synopsis: ELSA-2025-20471 can now be patched using Ksplice
CVEs: CVE-2021-47352 CVE-2025-23150 CVE-2025-23163 CVE-2025-37738 CVE-2025-37749 CVE-2025-37757 CVE-2025-37780 CVE-2025-37789 CVE-2025-37797 CVE-2025-37808 CVE-2025-37824 CVE-2025-37892

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20471.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20471.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2021-47352: Denial-of-service in Virtio network driver.

* CVE-2025-23150: Out-of-bounds memory access in ext4 filesystem driver.

* CVE-2025-23163: Deadlock in 802.1Q/802.1ad VLAN Support.

* CVE-2025-37738: Use-after-free in ext4 filesystem driver.

* CVE-2025-37749: Information leak in PPP driver.

* CVE-2025-37757: Memory leak in the TIPC Protocol driver.

* CVE-2025-37780: Out-of-bounds memory access in ISO file system.

* CVE-2025-37789: Out-of-bounds memory access in Open vSwitch.

* CVE-2025-37797: Use-after-free in HFSC network scheduler.

* CVE-2025-37808: Use-after-free in Crypto Null algorithms.

* CVE-2025-37824: Null pointer dereference in TIPC Protocol driver.

* CVE-2025-37892: Use of uninitialized memory in Memory Technology Device (MTD) driver.

* Slow user-pages get in RDS Protocol driver.

Using _fast() API to locklessly get user pages will improve
performance.

Orabug: 37973441

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-28956, CVE-2025-23140, CVE-2025-23147, CVE-2025-23157,
CVE-2025-23158, CVE-2025-23159, CVE-2025-37740, CVE-2025-37741,
CVE-2025-37758, CVE-2025-37773, CVE-2025-37803, CVE-2025-37812,
CVE-2025-37817, CVE-2025-37829, CVE-2025-37838, CVE-2025-37840,
CVE-2025-37841, CVE-2025-37850, CVE-2025-37851, CVE-2025-37858,
CVE-2025-37881

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20250721/6683e189/attachment.sig>