[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20552)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Sep 11 07:08:29 UTC 2025 

Synopsis: ELSA-2025-20552 can now be patched using Ksplice
CVEs: CVE-2018-3646 CVE-2024-26726 CVE-2025-38083 CVE-2025-38086 CVE-2025-38102
CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38115 CVE-
2025-38120 CVE-2025-38146 CVE-2025-38147 CVE-2025-38154 CVE-2025-38159 CVE-
2025-38181 CVE-2025-38184 CVE-2025-38190 CVE-2025-38193 CVE-2025-38194 CVE-
2025-38197 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38222 CVE-
2025-38231 CVE-2025-38245 CVE-2025-38251 CVE-2025-38263 CVE-2025-38305 CVE-
2025-38310 CVE-2025-38328 CVE-2025-38332 CVE-2025-38342 CVE-2025-38352 CVE-
2025-38380 CVE-2025-38387 CVE-2025-38399 CVE-2025-38403 CVE-2025-38412 CVE-
2025-38430

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20552.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20552.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-26726: Kernel panic in Btrfs filesystem driver.

* CVE-2025-38083, CVE-2025-38108: Integer underflow in multiple network
schedulers.

* CVE-2025-38086: Use of uninitialized memory in QingHeng CH9200 USB ethernet
driver.

* CVE-2025-38102: Race condition in VMware VMCI driver.

* CVE-2025-38107: Integer overflow in Enhanced transmission selection scheduler
(ETS).

* CVE-2025-38111: Out-of-bounds memory usage in MDIO bus driver.

* CVE-2025-38112: Null pointer dereference in TCP/IP networking driver.

* CVE-2025-38115: Null-pointer dereference in Stochastic Fairness Queueing
(SFQ) network scheduler.

* CVE-2025-38120: Memory disclosure in Netfilter driver.

* CVE-2025-38146: Soft lockup in Open vSwitch driver.

* CVE-2025-38147: Null-pointer dereference in NetLabel subsystem.

* CVE-2025-38154: Kernel panic in Networking driver.

* CVE-2025-38159: Out-of-bounds memory access in Realtek 802.11ac wireless
chips driver.

* CVE-2025-38181: Null-pointer dereference in NetLabel subsystem.

* CVE-2025-38184: Null-pointer dereference in TIPC IP/UDP driver.

* CVE-2025-38190: Memory leak in ATM networking stack.

* CVE-2025-38193: Integer overflow in Stochastic Fairness Queueing (SFQ)
driver.

* CVE-2025-38194, CVE-2025-38328: Logic error in Journalling Flash File System
v2 (JFFS2) driver.

* CVE-2025-38197: Null pointer dereference in BIOS update driver for DELL
systems.

* CVE-2025-38206: Double free in exFAT filesystem driver.

* CVE-2025-38211: Use-after-free in InfiniBand driver.

* CVE-2025-38212: Use-after-free in System V IPC driver.

* CVE-2025-38222: Integer overflow in ext4 filesystem.

* CVE-2025-38231: Null pointer dereference in NFS server driver.

* CVE-2025-38245: Race condition in ATM networking stack.

* CVE-2025-38251: Kernel crash in Classical IP over ATM driver.

* CVE-2025-38263: Null pointer dereference in Block device as cache driver.

* CVE-2025-38305: Deadlock in Precision Time Protocol (PTP) driver.

* CVE-2025-38310: Out-of-bounds memory access in IPv6 Segment Routing Header
encapsulation driver.

* CVE-2025-38332: Kernel panic in Emulex LightPulse Fibre Channel driver.

* CVE-2025-38342: Out-of-bounds memory access in software node component.

* CVE-2025-38352: Missing check in POSIX clock/timer driver.

* CVE-2025-38380: Out-of-bounds memory access in I2C subsystem.

* CVE-2025-38387: Null pointer dereference in Mellanox MLX5 InfiniBand driver.

* CVE-2025-38399: Null pointer dereference in Generic Target Core Mod (TCM) and
ConfigFS Infrastructure driver.

* CVE-2025-38403: Use of uninitialized memory in Virtual Socket protocol
driver.

* CVE-2025-38412: Kernel crash in Dell WMI-based Systems management driver.

* CVE-2025-38430: Remote kernel crash in NFSv4 server driver.

* Improved fix for CVE-2018-3646: L1 Terminal Fault Reloaded.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-38088, CVE-2025-38090, CVE-2025-38135, CVE-2025-38136,
CVE-2025-38138, CVE-2025-38143, CVE-2025-38145, CVE-2025-38153,
CVE-2025-38163, CVE-2025-38167, CVE-2025-38173, CVE-2025-38203,
CVE-2025-38204, CVE-2025-38218, CVE-2025-38219, CVE-2025-38226,
CVE-2025-38227, CVE-2025-38237, CVE-2025-38257, CVE-2025-38262,
CVE-2025-38286, CVE-2025-38313, CVE-2025-38362, CVE-2025-38371,
CVE-2025-38377, CVE-2025-38384, CVE-2025-38401, CVE-2025-38416,
CVE-2025-38428


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list