[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20152)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Mar 14 10:48:19 UTC 2025 

Synopsis: ELSA-2025-20152 can now be patched using Ksplice
CVEs: CVE-2024-23307 CVE-2024-47687 CVE-2024-47707 CVE-2024-53124 CVE-2024-53685 CVE-2024-56631 CVE-2024-56672 CVE-2024-57892 CVE-2025-21631 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21669

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20152.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20152.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-23307: Denial-of-service in RAID and LVM driver.

Incorrect checks on parameters passed from userspace when using RAID
or LVM filesystems could lead to an integer overflow. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-47687: Denial-of-service in Mellanox VDPA driver.

A missing check when adding a device in the Mellanox VDPA driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.

Orabug: 37296163


* CVE-2024-47707: Denial-of-service in Linux INET6 driver.

A missing check when closing network interface in the Linux INET6 driver
could lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-53124: Denial-of-service in IPv6 Networking driver.

A missing check when destroying a socket in the IPv6 Networking driver
could lead to a memory leak. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-53685: Denial-of-service in Ceph distributed file system driver.

A logic error when building a dentry path in the Ceph distributed file
system driver could lead to an infinite loop. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2024-56631: Privilege escalation in SCSI generic driver.

A locking error when releasing data in the SCSI generic driver could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56672: Privilege escalation in Common Block IO controller.

A logic error when using the Common Block IO controller could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-57892: Privilege escalation in OCFS2 file system driver.

A logic error when using quota_getnextquota() syscall in the OCFS2 file
system driver could lead to a use-after-free. A local attacker could use
this flaw to escalate privileges.


* CVE-2025-21631: Privilege escalation in Budget Fair Queueing (BFQ) I/O scheduler.

A missing check when using the Budget Fair Queueing (BFQ) I/O scheduler
could lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21636, CVE-2025-21637, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640: Denial-of-service in The SCTP Protocol driver.

A logic error when using the The SCTP Protocol driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2025-21669: Denial-of-service in Virtual Socket protocol driver.

A logic error when using the Virtual Socket protocol driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service in SMB3 and CIFS driver.

A locking error when using the SMB3 and CIFS driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 37535421


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-57904, CVE-2024-57906, CVE-2024-57908, CVE-2024-57910,
CVE-2024-57911, CVE-2024-57912, CVE-2024-57913, CVE-2024-57925,
CVE-2024-57939, CVE-2025-21646, CVE-2025-21697

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list