[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20365)

Fri Jun 13 11:15:16 UTC 2025

Synopsis: ELSA-2025-20365 can now be patched using Ksplice
CVEs: CVE-2022-49636 CVE-2024-26928 CVE-2024-53144 CVE-2024-56664 CVE-2024-8805
CVE-2025-21959 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21971 CVE-
2025-21991 CVE-2025-22079

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20365.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20365.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-49636: Memory leak in Networking driver.

* CVE-2024-26928: Use-after-free in SMB3/CIFS.

* CVE-2024-53144, CVE-2024-8805: Lack of authorization in Bluetooth subsystem.

* CVE-2024-56664: Use-after-free in bpf() system call driver.

* CVE-2025-21959: Use of uninitialized memory in Netfliter driver.

* CVE-2025-21962, CVE-2025-21963, CVE-2025-21964: Integer overflows in
SMB3/CIFS driver.

* CVE-2025-21971: Kernel panic in QoS driver.

* CVE-2025-21991: Out-of-bounds memory access in AMD microcode loading driver.

* CVE-2025-22079: Out-of-bounds memory access in OCFS2 file system.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2023-53034, CVE-2024-38611, CVE-2025-21968, CVE-2025-21994,
CVE-2025-22007, CVE-2025-22014, CVE-2025-22018, CVE-2025-22054,
CVE-2025-22066, CVE-2025-22071, CVE-2025-22073, CVE-2025-22081,
CVE-2025-38575, CVE-2025-38637

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.