[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20319)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri May 23 06:36:41 UTC 2025 

Synopsis: ELSA-2025-20319 can now be patched using Ksplice
CVEs: CVE-2023-52532 CVE-2024-26982 CVE-2024-35884 CVE-2024-58001 CVE-2024-58017 CVE-2024-58069 CVE-2025-21700 CVE-2025-21702 CVE-2025-21704 CVE-2025-21719 CVE-2025-21731 CVE-2025-21753 CVE-2025-21785 CVE-2025-21787 CVE-2025-21791 CVE-2025-21858 CVE-2025-21920 CVE-2025-21926

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20319.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20319.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52532: Denial-of-service in Microsoft Azure Network Adapter (MANA) driver.

A logic error when handling a TX CQE error in the Microsoft Azure
Network Adapter (MANA) driver could lead to a reference count leak. A
local attacker could use this flaw to cause a denial-of-service.

Orabug: 36983924


* CVE-2024-26982: Denial-of-service in SquashFS.

A missing check when using SquashFS could lead to an out-of-bounds
memory access. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-35884: Denial-of-service in Generic Segmentation Offload driver.

An incorrect handling logic of packets in Generic Segmentation Offload
code in the Linux kernel networking stack can result in an internal
assertion triggering. An attacker can use this flaw to cause
denial-of-service.

Orabug: 36643088


* CVE-2024-58001: Denial-of-service in OCFS2 filesystem.

Incorrect reference counting when using the OCFS2 filesystem could lead
to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-58017: Integer overflow in printk.

Undefined behaviour in the printk code could lead to an integer
overflow.


* CVE-2024-58069: Privilege escalation in NXP-PCF85063 RTC chip driver.

A logic error when using the rtc-pcf85063 driver could lead to an
out-of-bounds memory write. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21700: Privilege escalation in network QoS/scheduling driver.

A logic error when using the network QoS/scheduling driver could lead
to a use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21702: Privilege escalation in network QoS/scheduling driver.

A missing check when using the network QoS/scheduling driver could lead
to a use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21704: Memory corruption in USB Modem (CDC ACM) driver.

A logic error when using the USB Modem (CDC ACM) driver could lead to an
integer underflow. A local attacker could use this flaw to cause memory
corruption.


* CVE-2025-21719: Denial-of-service in TCP/IP networking stack.

A logic error when using the TCP/IP networking stack could lead to a
kernel crash. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21731: Privilege escalation in network block device driver.

A race condition when using the nbd driver could lead to a
use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21753: Privilege escalation in BTRFS filesystem.

A race condition when using the BTRFS filesystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21785: Code execution in Arm64 cacheinfo support.

A logic error in Arm64 cacheinfo support (processor cache) can lead
to out-of-bounds write. An attacker could use this exploit to execute
arbitrary code, but that's not really possible as of now. But let's
make the CVE scanners happy.


* CVE-2025-21787: Denial-of-service in Ethernet team driver.

Incorrect checks on parameters passed from userspace when using the
Ethernet team driver could lead to an out-of-bounds memory read. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2025-21791: Privilege escalation in layer 3 master device support.

A race condition when using an L3 master device could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21858: Privilege escalation in Generic Network Virtualization Encapsulation driver.

A logic error when using the geneve driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21920: Information leak in ethernet VLAN stack.

A missing check for device type in the ethernet VLAN stack could
lead to kernel address leak. As System.map file is also readable
by an unprivileged attacker, KASLR can be bypassed since the
attacker can find out the relative offsets and combine that with
the leaked address to find the address of any kernel symbol, which
can facilitate an attack, like privilege escalation.


* CVE-2025-21926: Denial-of-service in UDPv4 Generic Segmentation Offload support.

A logic error when using UDPv4 sockets with GSO could lead to a
kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service due to controller reset in NVMe driver.

A logic error when allocating namespace using the NVMe driver could lead
to a deadlock if a controller reset occurs. A local attacker could use
this flaw to cause a denial-of-service.

Orabug: 37920457


* Information leak in USB Modem (CDC ACM) driver.

A missing check when using the USB Modem (CDC ACM) driver could lead to
use of uninitialized memory. A local attacker could use this flaw to
extract sensitive information.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-58007, CVE-2024-58010, CVE-2024-58051, CVE-2024-58085,
CVE-2025-21715, CVE-2025-21718, CVE-2025-21721, CVE-2025-21722,
CVE-2025-21735, CVE-2025-21736, CVE-2025-21749, CVE-2025-21781,
CVE-2025-21782, CVE-2025-21811, CVE-2025-21823, CVE-2025-21835,
CVE-2025-21859, CVE-2025-21866, CVE-2025-21904, CVE-2025-21914,
CVE-2025-21925, CVE-2025-21934, CVE-2025-21935, CVE-2025-39735

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list