[El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-8643)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2025-8643 can now be patched using Ksplice
CVEs: CVE-2025-21920 CVE-2025-21926 CVE-2025-21997 CVE-2025-37943

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-8643.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-8643.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2025-21920: Information leak in ethernet VLAN stack.

A missing check for device type in the ethernet VLAN stack could
lead to kernel address leak. As System.map file is also readable
by an unprivileged attacker, KASLR can be bypassed since the
attacker can find out the relative offsets and combine that with
the leaked address to find the address of any kernel symbol, which
can facilitate an attack, like privilege escalation.


* CVE-2025-21926: Denial-of-service in UDPv4 Generic Segmentation Offload support.

A logic error when using UDPv4 sockets with GSO could lead to a
kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21997: Memory corruption in XDP sockets driver.

A missing check when using the XDP sockets driver could lead to an
integer overflow. A local attacker could use this flaw to cause memory
corruption.


* CVE-2025-37943: Out-of-bounds memory access in Qualcomm Technologies Wi-Fi 7 (ath12k) driver.



SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.