[El-errata] New Ksplice updates for UEKR8 6.12.0 on OL9 and OL10 (ELSA-2025-25754)

Wed Nov 26 21:57:09 UTC 2025

Synopsis: ELSA-2025-25754 can now be patched using Ksplice
CVEs: CVE-2025-38732 CVE-2025-39673 CVE-2025-39676 CVE-2025-39697 CVE-2025-39703 CVE-2025-39770 CVE-2025-39779 CVE-2025-39782 CVE-2025-39791 CVE-2025-39812 CVE-2025-39825 CVE-2025-39841 CVE-2025-39842 CVE-2025-39860 CVE-2025-39880 CVE-2025-39885 CVE-2025-39922 CVE-2025-39926 CVE-2025-39931 CVE-2025-39955 CVE-2025-39975 CVE-2025-39982 CVE-2025-40022

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-25754.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-25754.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR8 6.12.0 on
OL9 and OL10 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2025-38732: Memory leak in IPv6 packet rejection driver.

* CVE-2025-39673: Kernel panic in PPP (point-to-point protocol) driver.

* CVE-2025-39676: Invalid pointer dereference in QLogic ISP4XXX and ISP82XX host adapter family driver.

* CVE-2025-39697: Kernel crash in NFS client driver.

* CVE-2025-39703: Kernel panic in High-availability Seamless Redundancy (HSR & PRP) driver.

* CVE-2025-39770: Kernel assertion failure in IPv6 networking driver.

* CVE-2025-39779: Kernel oops in Btrfs filesystem driver.

* CVE-2025-39782: Soft lockup in JBD2 filesystem.

* CVE-2025-39791: Deadlock in Crypt target driver.

* CVE-2025-39812: Use of uninitialized memory in IPv6 networking stack.

* CVE-2025-39825: Concurrent open operations in SMB/CIFS client driver.

* CVE-2025-39841: Use-after-free in Emulex LightPulse Fibre Channel driver.

* CVE-2025-39842: Null pointer dereference in OCFS2 filesystem driver.

* CVE-2025-39860: Use-after-free in Bluetooth subsystem.

* CVE-2025-39880: Kernel crash in Ceph core library driver.

* CVE-2025-39885: Deadlock in OCFS2 filesystem driver.

* CVE-2025-39922: Use-after-free in Intel(R) 10GbE PCI Express adapters driver.

* CVE-2025-39926: Undefined behavior in Generic Netlink Family driver.

* CVE-2025-39931: Kernel crash in crypto subsystem.

* CVE-2025-39955: Dropped packets in TCP/IP networking driver.

* CVE-2025-39975: Out-of-bounds memory access in SMB/CIFS client driver.

* CVE-2025-39982: Use-after-free in Bluetooth subsystem.

* CVE-2025-40022: Improper handling of concurrent input in crypto subsystem.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-38677, CVE-2025-38733, CVE-2025-38734, CVE-2025-39684,
CVE-2025-39685, CVE-2025-39686, CVE-2025-39692, CVE-2025-39702,
CVE-2025-39709, CVE-2025-39710, CVE-2025-39712, CVE-2025-39715,
CVE-2025-39716, CVE-2025-39719, CVE-2025-39720, CVE-2025-39722,
CVE-2025-39767, CVE-2025-39776, CVE-2025-39781, CVE-2025-39783,
CVE-2025-39788, CVE-2025-39801, CVE-2025-39815, CVE-2025-39831,
CVE-2025-39836, CVE-2025-39839, CVE-2025-39846, CVE-2025-39848,
CVE-2025-39857, CVE-2025-39869, CVE-2025-39873, CVE-2025-39876,
CVE-2025-39896, CVE-2025-39907, CVE-2025-39909, CVE-2025-39916,
CVE-2025-39920, CVE-2025-39934, CVE-2025-39937, CVE-2025-39938,
CVE-2025-39942, CVE-2025-39943, CVE-2025-39944, CVE-2025-39950,
CVE-2025-39951, CVE-2025-39952, CVE-2025-39978, CVE-2025-39985,
CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-40008,
CVE-2025-40012, CVE-2025-40013

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.