[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2026-50100)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2026-50100 can now be patched using Ksplice
CVEs: CVE-2025-40040 CVE-2025-40083 CVE-2025-40259 CVE-2025-40264 CVE-2025-40277 CVE-2025-40281

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50100.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50100.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2025-40040: Kernel panic in KSM for page merging driver.

* CVE-2025-40083: Null pointer dereference in Quick Fair Queueing scheduler (QFQ) driver.

* CVE-2025-40259: Deadlock in SCSI generic driver.

* CVE-2025-40264: Null pointer dereference in BladeEngine driver.

* CVE-2025-40277: Out-of-bounds memory access in VMware graphics driver.

* CVE-2025-40281: Out-of-bounds memory access in SCTP Protocol driver.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-40253, CVE-2025-40278, CVE-2025-40282, CVE-2025-40306,
CVE-2025-40312, CVE-2025-40315, CVE-2025-40317, CVE-2025-68168,
CVE-2025-68177, CVE-2025-68204, CVE-2025-68217, CVE-2025-68220


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20260211/352dbb39/attachment.sig>