[El-errata] New Ksplice updates for UEKR8 6.12.0 on OL9 and OL10 (ELSA-2025-20662)

Thu Oct 16 14:38:50 UTC 2025

Synopsis: ELSA-2025-20662 can now be patched using Ksplice
CVEs: CVE-2025-38568 CVE-2025-38569 CVE-2025-38572 CVE-2025-38587 CVE-2025-38588 CVE-2025-38616 CVE-2025-38617 CVE-2025-38622 CVE-2025-38639 CVE-2025-38659 CVE-2025-38660 CVE-2025-38675 CVE-2025-38684 CVE-2025-38685 CVE-2025-38686 CVE-2025-38688 CVE-2025-38708 CVE-2025-38710 CVE-2025-38718 CVE-2025-38728 CVE-2025-38729 CVE-2025-39730 CVE-2025-39756 CVE-2025-39757

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20662.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20662.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR8 6.12.0 on
OL9 and OL10 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2025-38568: Out-of-bounds memory access in Multi-queue priority scheduler (MQPRIO) driver.

* CVE-2025-38569: Kernel oops in BladeEngine NIC driver.

* CVE-2025-38572: Out-of-bounds memory access in IPv6 networking stack.

* CVE-2025-38587: Infinite loop in IPV6 subsystem.

* CVE-2025-38588: Infinite loop in IPV6 subsystem.

* CVE-2025-38616: Out-of-bounds memory access in TLS networking stack.

* CVE-2025-38617: Out-of-bounds memory access in raw-packet protocol stack.

* CVE-2025-38622: Kernel oops in UDP networking stack.

* CVE-2025-38639: Out-of-bounds memory access in Netfilter driver.

* CVE-2025-38659: Null pointer dereference in GFS2 filesystem driver.

* CVE-2025-38660: Out-of-bounds memory access in CEPH driver.

* CVE-2025-38675: Out-of-bounds memory access in XFRM subsystem.

* CVE-2025-38684: Null pointer dereference in Packet Scheduler subsystem.

* CVE-2025-38685: Out-of-bounds memory access in frame buffer device driver.

* CVE-2025-38686: Invalid pointer dereference in userfaultfd system call.

* CVE-2025-38688: Out-of-bounds memory access in Generic IOMMU driver.

* CVE-2025-38708: Remote use-after-free in Distributed Replicated Block Device driver.

* CVE-2025-38710: Out-of-bounds memory access in GFS2 filesystem driver.

* CVE-2025-38718: Use of uninitialized memory in SCTP Protocol driver.

* CVE-2025-38728: Out-of-bounds memory access in SMB/CIFS client driver.

* CVE-2025-38729, CVE-2025-39757: Out-of-bounds memory access in USB Audio/MIDI driver.

* CVE-2025-39730: Out-of-bounds memory access in NFS client driver.

* CVE-2025-39756: Kernel assertion failure in core filesystem layer.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-37925, CVE-2025-38501, CVE-2025-38561, CVE-2025-38562,
CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579,
CVE-2025-38581, CVE-2025-38582, CVE-2025-38583, CVE-2025-38585,
CVE-2025-38595, CVE-2025-38610, CVE-2025-38612, CVE-2025-38615,
CVE-2025-38619, CVE-2025-38623, CVE-2025-38624, CVE-2025-38626,
CVE-2025-38630, CVE-2025-38631, CVE-2025-38634, CVE-2025-38635,
CVE-2025-38648, CVE-2025-38650, CVE-2025-38652, CVE-2025-38662,
CVE-2025-38663, CVE-2025-38666, CVE-2025-38679, CVE-2025-38681,
CVE-2025-38687, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698,
CVE-2025-38707, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713,
CVE-2025-38714, CVE-2025-38715, CVE-2025-38716, CVE-2025-38717,
CVE-2025-38722, CVE-2025-38723, CVE-2025-38726, CVE-2025-39731,
CVE-2025-39734, CVE-2025-39736, CVE-2025-39737, CVE-2025-39743,
CVE-2025-39752, CVE-2025-39758, CVE-2025-39794

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.