[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20552)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Sep 11 07:08:29 UTC 2025
Synopsis: ELSA-2025-20552 can now be patched using Ksplice
CVEs: CVE-2018-3646 CVE-2024-26726 CVE-2025-38083 CVE-2025-38086 CVE-2025-38102
CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38115 CVE-
2025-38120 CVE-2025-38146 CVE-2025-38147 CVE-2025-38154 CVE-2025-38159 CVE-
2025-38181 CVE-2025-38184 CVE-2025-38190 CVE-2025-38193 CVE-2025-38194 CVE-
2025-38197 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38222 CVE-
2025-38231 CVE-2025-38245 CVE-2025-38251 CVE-2025-38263 CVE-2025-38305 CVE-
2025-38310 CVE-2025-38328 CVE-2025-38332 CVE-2025-38342 CVE-2025-38352 CVE-
2025-38380 CVE-2025-38387 CVE-2025-38399 CVE-2025-38403 CVE-2025-38412 CVE-
2025-38430
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20552.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20552.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2024-26726: Kernel panic in Btrfs filesystem driver.
* CVE-2025-38083, CVE-2025-38108: Integer underflow in multiple network
schedulers.
* CVE-2025-38086: Use of uninitialized memory in QingHeng CH9200 USB ethernet
driver.
* CVE-2025-38102: Race condition in VMware VMCI driver.
* CVE-2025-38107: Integer overflow in Enhanced transmission selection scheduler
(ETS).
* CVE-2025-38111: Out-of-bounds memory usage in MDIO bus driver.
* CVE-2025-38112: Null pointer dereference in TCP/IP networking driver.
* CVE-2025-38115: Null-pointer dereference in Stochastic Fairness Queueing
(SFQ) network scheduler.
* CVE-2025-38120: Memory disclosure in Netfilter driver.
* CVE-2025-38146: Soft lockup in Open vSwitch driver.
* CVE-2025-38147: Null-pointer dereference in NetLabel subsystem.
* CVE-2025-38154: Kernel panic in Networking driver.
* CVE-2025-38159: Out-of-bounds memory access in Realtek 802.11ac wireless
chips driver.
* CVE-2025-38181: Null-pointer dereference in NetLabel subsystem.
* CVE-2025-38184: Null-pointer dereference in TIPC IP/UDP driver.
* CVE-2025-38190: Memory leak in ATM networking stack.
* CVE-2025-38193: Integer overflow in Stochastic Fairness Queueing (SFQ)
driver.
* CVE-2025-38194, CVE-2025-38328: Logic error in Journalling Flash File System
v2 (JFFS2) driver.
* CVE-2025-38197: Null pointer dereference in BIOS update driver for DELL
systems.
* CVE-2025-38206: Double free in exFAT filesystem driver.
* CVE-2025-38211: Use-after-free in InfiniBand driver.
* CVE-2025-38212: Use-after-free in System V IPC driver.
* CVE-2025-38222: Integer overflow in ext4 filesystem.
* CVE-2025-38231: Null pointer dereference in NFS server driver.
* CVE-2025-38245: Race condition in ATM networking stack.
* CVE-2025-38251: Kernel crash in Classical IP over ATM driver.
* CVE-2025-38263: Null pointer dereference in Block device as cache driver.
* CVE-2025-38305: Deadlock in Precision Time Protocol (PTP) driver.
* CVE-2025-38310: Out-of-bounds memory access in IPv6 Segment Routing Header
encapsulation driver.
* CVE-2025-38332: Kernel panic in Emulex LightPulse Fibre Channel driver.
* CVE-2025-38342: Out-of-bounds memory access in software node component.
* CVE-2025-38352: Missing check in POSIX clock/timer driver.
* CVE-2025-38380: Out-of-bounds memory access in I2C subsystem.
* CVE-2025-38387: Null pointer dereference in Mellanox MLX5 InfiniBand driver.
* CVE-2025-38399: Null pointer dereference in Generic Target Core Mod (TCM) and
ConfigFS Infrastructure driver.
* CVE-2025-38403: Use of uninitialized memory in Virtual Socket protocol
driver.
* CVE-2025-38412: Kernel crash in Dell WMI-based Systems management driver.
* CVE-2025-38430: Remote kernel crash in NFSv4 server driver.
* Improved fix for CVE-2018-3646: L1 Terminal Fault Reloaded.
* Note: Oracle has determined some CVEs are not applicable.
The kernel is not affected by the following CVEs
since the code under consideration is not compiled.
CVE-2025-38088, CVE-2025-38090, CVE-2025-38135, CVE-2025-38136,
CVE-2025-38138, CVE-2025-38143, CVE-2025-38145, CVE-2025-38153,
CVE-2025-38163, CVE-2025-38167, CVE-2025-38173, CVE-2025-38203,
CVE-2025-38204, CVE-2025-38218, CVE-2025-38219, CVE-2025-38226,
CVE-2025-38227, CVE-2025-38237, CVE-2025-38257, CVE-2025-38262,
CVE-2025-38286, CVE-2025-38313, CVE-2025-38362, CVE-2025-38371,
CVE-2025-38377, CVE-2025-38384, CVE-2025-38401, CVE-2025-38416,
CVE-2025-38428
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list