[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2026-50145)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Mar 17 19:39:13 UTC 2026 

Synopsis: ELSA-2026-50145 can now be patched using Ksplice
CVEs: CVE-2022-49465 CVE-2023-53520 CVE-2024-36903 CVE-2024-36927 CVE-2024-46830 CVE-2025-38022 CVE-2025-38129 CVE-2025-40110 CVE-2025-68764 CVE-2025-68776 CVE-2025-68788 CVE-2025-68803 CVE-2025-68813 CVE-2025-68818 CVE-2025-71066 CVE-2025-71068 CVE-2025-71084 CVE-2025-71097 CVE-2025-71098 CVE-2025-71104 CVE-2025-71120 CVE-2025-71131 CVE-2025-71147 CVE-2025-71182 CVE-2025-71194 CVE-2026-22976 CVE-2026-22977 CVE-2026-22988 CVE-2026-22998 CVE-2026-23001 CVE-2026-23011 CVE-2026-23060 CVE-2026-23074 CVE-2026-23097 CVE-2026-23099 CVE-2026-23105 CVE-2026-23111 CVE-2026-23120 CVE-2026-23209

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50145.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50145.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-49465: Use-after-free in Block layer bio throttling driver.

* CVE-2023-53520: Kernel crash in Bluetooth subsystem.

* CVE-2024-36903: Information leak in IPv6 networking support.

* CVE-2024-36927: Use of uninitialized memory in TCP/IP networking driver.

* CVE-2024-46830: Memory corruption in Kernel-based Virtual Machine (KVM) driver.

* CVE-2025-38022: Use-after-free in InfiniBand driver.

* CVE-2025-38129: Use-after-free in Networking driver.

* CVE-2025-40110: Null pointer dereference in DRM driver for VMware virtual GPUs.

* CVE-2025-68764: Insufficient privilege checks in NFS client driver.

* CVE-2025-68776: Null pointer dereference in High-availability Seamless Redundancy (HSR & PRP) driver.

* CVE-2025-68788: Information leak in fsnotify.

* CVE-2025-68803: Access control violation in NFS server driver.

* CVE-2025-68813: Null pointer dereference in IP virtual server driver.

* CVE-2025-68818: Null pointer dereference in QLogic QLA2XXX Fibre Channel driver.

* CVE-2025-71066: Use-after-free in ETS network scheduler.

* CVE-2025-71068: Out-of-bounds memory access in RPC-over-RDMA transport driver.

* CVE-2025-71084: Reference count leak in InfiniBand driver.

* CVE-2025-71097: Reference count leak in TCP/IP networking driver.

* CVE-2025-71104: Hard lockup in KVM.

* CVE-2025-71120: Null pointer dereference in SunRPC GSS.

* CVE-2025-71131: Use-after-free in Sequence Number IV Generator driver.

* CVE-2025-71147: Memory leak in TPM-based trusted keys driver.

* CVE-2025-71182: Denial-of-service in SAE J1939 driver.

* CVE-2025-71194: Deadlock in Btrfs filesystem driver.

* CVE-2026-22976: Null pointer dereference in QFQ network scheduler.

* CVE-2026-22977: Kernel panic in Networking driver.

* CVE-2026-22988, CVE-2025-71098: Kernel panic in IPv6 GRE tunnel driver.

* CVE-2026-22998: Null pointer dereference in NVME subsystem.

* CVE-2026-23001: Use-after-free in MAC-VLAN driver.

* CVE-2026-23011: Kernel panic in IP: GRE tunnels over IP driver.

* CVE-2026-23060: Null pointer dereference in Authenc driver.

* CVE-2026-23074: Use-after-free in TEQL network scheduler.

* CVE-2026-23097: Deadlock in Page migration driver.

* CVE-2026-23099: Out-of-bounds memory access in Bonding driver.

* CVE-2026-23105: Undefined behavior in QFQ network scheduler.

* CVE-2026-23111: Use-after-free in Netfilter driver.

Orabug: 39057346


* CVE-2026-23120: Data race in Layer Two Tunneling Protocol (L2TP) driver.

* CVE-2026-23209: Use-after-free in MAC-VLAN driver.

Orabug: 39057366


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2022-49635, CVE-2025-38408, CVE-2025-40082, CVE-2025-68257,
CVE-2025-68258, CVE-2025-68266, CVE-2025-68332, CVE-2025-68335,
CVE-2025-68336, CVE-2025-68365, CVE-2025-68727, CVE-2025-68728,
CVE-2025-68733, CVE-2025-68765, CVE-2025-68767, CVE-2025-68769,
CVE-2025-68773, CVE-2025-68774, CVE-2025-68777, CVE-2025-68787,
CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68800,
CVE-2025-68801, CVE-2025-68804, CVE-2025-68808, CVE-2025-68817,
CVE-2025-71064, CVE-2025-71069, CVE-2025-71078, CVE-2025-71079,
CVE-2025-71086, CVE-2025-71102, CVE-2025-71105, CVE-2025-71112,
CVE-2025-71121, CVE-2025-71136, CVE-2025-71137, CVE-2025-71145,
CVE-2025-71162, CVE-2025-71163, CVE-2025-71180, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71191, CVE-2025-71196,
CVE-2025-71199, CVE-2026-22982, CVE-2026-23019, CVE-2026-23026,
CVE-2026-23033, CVE-2026-23037, CVE-2026-23056, CVE-2026-23063,
CVE-2026-23064, CVE-2026-23080, CVE-2026-23093, CVE-2026-23096,
CVE-2026-23098, CVE-2026-23150, CVE-2026-23167, CVE-2026-23170


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list