[El-errata] New Ksplice updates for UEKR8 6.12.0 on OL9 and OL10 (ELSA-2026-50144)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Mar 17 19:15:38 UTC 2026 

Synopsis: ELSA-2026-50144 can now be patched using Ksplice
CVEs: CVE-2025-38248 CVE-2025-71183 CVE-2025-71194 CVE-2026-22976 CVE-2026-22977 CVE-2026-22979 CVE-2026-22988 CVE-2026-22998 CVE-2026-23001 CVE-2026-23003 CVE-2026-23010 CVE-2026-23011 CVE-2026-23050 CVE-2026-23053 CVE-2026-23139

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50144.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50144.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR8 6.12.0 on
OL9 and OL10 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2025-38248: Use-after-free in IGMP/MLD snooping driver.

* CVE-2025-71183: Kernel assertion failure in Btrfs filesystem driver.

* CVE-2025-71194: Deadlock in Btrfs filesystem driver.

* CVE-2026-22976: Null pointer dereference in QFQ network scheduler.

* CVE-2026-22977: Kernel panic in TCP/IP networking driver.

* CVE-2026-22979: Memory leak in TCP/IP networking driver.

* CVE-2026-22988: Use-after-free in TCP/IP networking driver.

* CVE-2026-22998: Null pointer dereference in NVME subsystem.

* CVE-2026-23001: Use-after-free in MAC-VLAN driver.

* CVE-2026-23003: Use of uninitialized memory in IP-in-IPv6 tunnel driver.

* CVE-2026-23010: Use-after-free in IPv6.

* CVE-2026-23011: Kernel panic in GRE tunnel.

* CVE-2026-23050: Deadlock in NFS client driver.

* CVE-2026-23053: Deadlock in NFS client driver.

* CVE-2026-23139: Memory leak in Netfilter driver.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-71162, CVE-2025-71163, CVE-2025-71180, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71191,
CVE-2025-71195, CVE-2025-71196, CVE-2026-22982, CVE-2026-23006,
CVE-2026-23019, CVE-2026-23026, CVE-2026-23033, CVE-2026-23037,
CVE-2026-23055


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list