[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20553)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2025-20553 can now be patched using Ksplice
CVEs: CVE-2018-3646 CVE-2022-48773 CVE-2022-48828 CVE-2022-48829 CVE-2024-57996 CVE-2025-37752 CVE-2025-38083 CVE-2025-38086 CVE-2025-38108 CVE-2025-38111 CVE-2025-38115 CVE-2025-38147 CVE-2025-38181 CVE-2025-38184 CVE-2025-38190 CVE-2025-38194 CVE-2025-38212 CVE-2025-38222 CVE-2025-38328 CVE-2025-38332 CVE-2025-38337 CVE-2025-38352 CVE-2025-38430

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2025-20553.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2025-20553.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-48773: Denial-of-service in RPC-over-RDMA transport driver.

* CVE-2022-48828, CVE-2022-48829: Integer underflow in NFS server driver.

* CVE-2024-57996, CVE-2025-37752: Out-of-bounds memory access in Stochastic Fairness Queueing (SFQ) driver.

Orabug: 38377926


* CVE-2025-38083, CVE-2025-38108: Integer underflow in multiple network schedulers.

* CVE-2025-38086: Use of uninitialized memory in QingHeng CH9200 USB ethernet driver.

* CVE-2025-38111: Out-of-bounds memory usage in MDIO bus driver.

* CVE-2025-38115: NULL pointer dereference in Stochastic Fairness Queueing (SFQ) network scheduler.

* CVE-2025-38147: NULL pointer dereference in NetLabel subsystem.

* CVE-2025-38181: NULL pointer dereference in NetLabel subsystem.

* CVE-2025-38184: NULL pointer dereference in IP/UDP media type driver.

* CVE-2025-38190: Memory leak in ATM networking stack.

* CVE-2025-38194, CVE-2025-38328: Logic error in Journalling Flash File System v2 (JFFS2) driver.

* CVE-2025-38212: Use-after-free in System V IPC driver.

* CVE-2025-38222: Integer overflow in ext4 filesystem.

* CVE-2025-38332: Kernel panic in Emulex LightPulse Fibre Channel driver.

False positive with CONFIG_FORTIFY_SOURCE causes kernel crash.


* CVE-2025-38337: NULL pointer dereference in JBD2 filesystem.

* CVE-2025-38352: Missing check in POSIX clock/timer driver.

* CVE-2025-38430: Remote kernel crash in NFSv4 server driver.

A maliciously crafted RPC request can trigger undefined behaviour or
kernel crash.


* Improved fix for CVE-2018-3646: L1 Terminal Fault Reloaded.

* Information leak on x86 CPUs (VMScape).

Orabug: 38343661


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-38090, CVE-2025-38135, CVE-2025-38136, CVE-2025-38145,
CVE-2025-38153, CVE-2025-38163, CVE-2025-38173, CVE-2025-38203,
CVE-2025-38204, CVE-2025-38219, CVE-2025-38237, CVE-2025-38286,
CVE-2025-38313, CVE-2025-38416, CVE-2025-38428


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20250912/4d529008/attachment.sig>