[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20320)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2025-20320 can now be patched using Ksplice
CVEs: CVE-2024-25742 CVE-2024-25743 CVE-2024-26982 CVE-2024-57801 CVE-2024-58001
CVE-2024-58069 CVE-2025-21662 CVE-2025-21675 CVE-2025-21700 CVE-2025-21701 CVE-
2025-21702 CVE-2025-21704 CVE-2025-21719 CVE-2025-21727 CVE-2025-21731 CVE-2025-
21745 CVE-2025-21753 CVE-2025-21756 CVE-2025-21779 CVE-2025-21785 CVE-2025-21787
CVE-2025-21791 CVE-2025-21795 CVE-2025-21796 CVE-2025-21844 CVE-2025-21858 CVE-
2025-21887 CVE-2025-21919 CVE-2025-21920 CVE-2025-21926

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20320.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20320.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-25742, CVE-2024-25743: Disruption of AMD SEV-SNP With Interrupts.

A missing check in the AMD SEV Linux kernel driver can result in
malicious interrupts injection. An attacker with an access to a
hypervisor can potentially break confidentiality and integrity
of Linux SEV-SNP guests.

Orabug: 37687865


* CVE-2024-26982: Denial-of-service in SquashFS.

A missing check when using SquashFS could lead to an out-of-bounds memory
access. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-57801: Privilege escalation in Mellanox SRIOV E-Switch driver.

A logic error when using the Mellanox SRIOV E-Switch driver
could lead to a use-after-free. A local attacker could use this
flaw to escalate privileges.

Orabug: 37710815


* CVE-2024-58001: Denial-of-service in OCFS2 filesystem.

Incorrect reference counting when using the OCFS2 filesystem could lead to a
memory leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-58069: Privilege escalation in NXP-PCF85063 RTC driver.

A logic error when using the rtc-pcf85063 driver could lead to an
out-of-bounds memory write. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21662: Denial-of-service in Mellanox devices driver.

Missing complete call when using the Mellanox devices driver could lead
to kthread hang. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 37710815


* CVE-2025-21675: Denial-of-service in Mellanox devices driver.

A logic error when using the Mellanox devices driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.

Orabug: 37710815


* CVE-2025-21700: Privilege escalation in QoS and/or fair queueing driver.

A logic error when using the QoS and/or fair queueing driver could lead
to a use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21701: Denial-of-service in Networking driver.

A race condition when using the Networking driver could lead to a kernel
assertion failure. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21702: Privilege escalation in network QoS/scheduling driver.

A missing check when using the network QoS/scheduling driver could lead
to a use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21704: Memory corruption in USB Modem (CDC ACM) driver.

A logic error when using the USB Modem (CDC ACM) driver could lead to an
integer underflow. A local attacker could use this flaw to cause memory
corruption.


* CVE-2025-21719: Denial-of-service in TCP/IP networking driver.

A logic error when using the TCP/IP networking driver could lead to a
kernel crash. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21727: Privilege escalation in PADATA.

A race condition when using the interface to proccess data streams in parallel
could lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21731: Privilege escalation in network block device driver.

A race condition when using the NBD driver could lead to a use-after-free. A
local attacker could use this flaw to escalate privileges.


* CVE-2025-21745: Denial-of-service in IO controller driver.

Incorrect reference counting when using the IO controller driver could
lead to a reference count leak. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2025-21753: Privilege escalation in Btrfs filesystem.

A race condition when using the Btrfs filesystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21756: Privilege escalation in Virtual Socket protocol driver.

A logic error when using the Virtual Socket protocol driver could lead
to a use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21779: Denial-of-service in Kernel-based Virtual Machine (KVM).

A logic error when using the KVM could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21785: Code execution in Arm64 cacheinfo support.

A logic error in Arm64 cacheinfo support (processor cache) can lead
to out-of-bounds write. An attacker could use this exploit to execute
arbitrary code, but that's not really possible as of now. But let's
make the CVE scanners happy.


* CVE-2025-21787: Denial-of-service in Ethernet team driver.

Incorrect checks on parameters passed from userspace when using the
Ethernet team driver could lead to an out-of-bounds memory read. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2025-21791: Privilege escalation in layer 3 master device support.

A race condition when using an L3 master device could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21795: Remote denial-of-service in NFS server driver.

A logic error when using the NFS server driver could lead to ~15 minutes long
hang. A remote attacker could use this flaw to cause a denial-of-service.


* CVE-2025-21796: Privilege escalation in NFS server for the NFSv2 ACL protocol
extension driver.

Logic error when using the NFS server for the NFSv2 ACL protocol extension
driver could lead to a kernel panic. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21844: Denial-of-service in Common Internet File System (CIFS).

A missing check when using the SMB3 client could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21858: Privilege escalation in Generic Network Virtualization
Encapsulation driver.

A logic error when using the GENEVE driver could lead to
a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2025-21887: Privilege escalation in Overlay filesystem.

A logic error when using the Overlay filesystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2025-21919: Memory corruption in Completely Fair Scheduler (CFS).

A logic error when using the Completely Fair Scheduler could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.


* CVE-2025-21920: Information leak in ethernet VLAN stack.

A missing check for device type in the ethernet VLAN stack could
lead to kernel address leak. As System.map file is also readable
by an unprivileged attacker, KASLR can be bypassed since the
attacker can find out the relative offsets and combine that with
the leaked address to find the address of any kernel symbol, which
can facilitate an attack, like privilege escalation.


* CVE-2025-21926: Denial-of-service in UDPv4 Generic Segmentation Offload
support.

A logic error when using UDPv4 sockets with GSO could lead to a
kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* Delayed send operations in the RDS Protocol driver.

A logic error in the RDS Protocol driver can cause delayed work for send
operations to fail to queue for execution when expected.  This can lead to
increased latency in RDS traffic.

Orabug: 37783021, 37260584, 37551309


* Denial-of-service in Bridged IP/ARP packets filtering driver.

A logic error when using the Bridged IP/ARP packets filtering driver
could lead to the bridge dropping IP packets under specific conditions.

Orabug: 37847171


* Information leak in USB Modem (CDC ACM) driver.

A missing check when using the USB Modem (CDC ACM) driver could lead to
use of uninitialized memory. A local attacker could use this flaw to
extract sensitive information.


* Performance degradation in Transparent Hugepage Memory Management.

A logic error when very large number of processes are executed from
the same binary could lead to resource contention issue. That can
lead to performance degradation.

Orabug: 37608058


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-47726, CVE-2024-50252, CVE-2024-57834, CVE-2024-58007,
CVE-2024-58010, CVE-2024-58016, CVE-2024-58051, CVE-2024-58076,
CVE-2024-58085, CVE-2024-58086, CVE-2025-21684, CVE-2025-21711,
CVE-2025-21715, CVE-2025-21718, CVE-2025-21735, CVE-2025-21736,
CVE-2025-21748, CVE-2025-21749, CVE-2025-21781, CVE-2025-21782,
CVE-2025-21799, CVE-2025-21802, CVE-2025-21804, CVE-2025-21811,
CVE-2025-21835, CVE-2025-21859, CVE-2025-21866, CVE-2025-21878,
CVE-2025-21904, CVE-2025-21914, CVE-2025-21924, CVE-2025-21925,
CVE-2025-21934, CVE-2025-21935, CVE-2025-21943, CVE-2025-21950,
CVE-2025-39735

Orabug: 37710815

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.