[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2026-50261)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed May 20 08:31:35 UTC 2026 

Synopsis: ELSA-2026-50261 can now be patched using Ksplice
CVEs: CVE-2024-50043 CVE-2025-21720 CVE-2025-21857 CVE-2025-21892 CVE-2025-21997 CVE-2025-38020 CVE-2025-40129 CVE-2025-40135 CVE-2025-54518 CVE-2025-68741 CVE-2025-68775 CVE-2025-68798 CVE-2026-23059 CVE-2026-23173 CVE-2026-23243 CVE-2026-23270 CVE-2026-31402 CVE-2026-31431 CVE-2026-43130 CVE-2026-43139 CVE-2026-43158 CVE-2026-43163 CVE-2026-43168 CVE-2026-43186 CVE-2026-43187 CVE-2026-43190 CVE-2026-43233 CVE-2026-43278 CVE-2026-43304

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50261.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50261.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-50043: Use-after-free in NFS server for NFS version 4 driver.

Orabug: 37989102


* CVE-2025-21720: Null pointer dereference in IP XFRM subsystem.

Orabug: 37649866


* CVE-2025-21857: Null pointer dereference in Networking driver.

Orabug: 37702083


* CVE-2025-21892: Deadlock in Mellanox 5th generation network adapters (ConnectX series) driver.

Orabug: 37766306


* CVE-2025-21997: Memory corruption in XDP sockets driver.

Orabug: 37828202


* CVE-2025-38020: Null pointer dereference in Mellanox 5th generation network adapters (ConnectX series) Ethernet driver.

Orabug: 38094809


* CVE-2025-40129: Null pointer dereference in SUNRPC_GSS.

Orabug: 38649042


* CVE-2025-40135: Use-after-free in IPv6 output subsystem.

Orabug: 38649062


* CVE-2025-54518: Privilege escalation in AMD Zen2 processors.

* CVE-2025-68741: Use-after-free in QLogic QLA2XXX Fibre Channel driver.

Orabug: 38798929


* CVE-2025-68775: Use-after-free in Generic netlink handshake service.

Orabug: 38847720


* CVE-2025-68798: Kernel crash in AMD Performance Monitoring Unit.

Orabug: 38847849


* CVE-2026-23059: Out-of-bounds memory access in QLogic QLA2XXX Fibre Channel driver.

Orabug: 38930868


* CVE-2026-23173: Null pointer dereference in MLX5 TC classifier action driver.

Orabug: 38970398


* CVE-2026-23243: Out-of-bounds memory access in InfiniBand driver.

* CVE-2026-23270: Use-after-free in connection tracking tc action driver.

Orabug: 39362005


* CVE-2026-31402: Out-of-bounds memory access in NFS server driver.

Orabug: 39362036


* CVE-2026-43130: Deadlock in Intel IOMMU DMA remapping driver.

* CVE-2026-43139: Use of uninitialized memory in Networking driver.

* CVE-2026-43158, CVE-2026-43187: Data corruption in XFS filesystem driver.

* CVE-2026-43163: Use-after-free in Multiple devices (RAID and LVM) driver.

* CVE-2026-43168: Out-of-bounds memory access in OCFS2 filesystem driver.

* CVE-2026-43186: Out-of-bounds memory access in Networking driver.

* CVE-2026-43190: Out-of-bounds memory access in Netfilter driver.

* CVE-2026-43233: Out-of-bounds memory access in Netfilter driver.

* CVE-2026-43278: Use-after-free in Multiple devices (RAID and LVM) driver.

* CVE-2026-43304: Out-of-bounds memory access in Ceph core library driver.

* Premature allocation failure in percpu allocator.

Orabug: 39100354


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-53230, CVE-2024-53231, CVE-2025-71265, CVE-2025-71266,
CVE-2025-71267, CVE-2025-71292, CVE-2026-23242, CVE-2026-43141,
CVE-2026-43145, CVE-2026-43148, CVE-2026-43149, CVE-2026-43182,
CVE-2026-43183, CVE-2026-43184, CVE-2026-43196, CVE-2026-43200,
CVE-2026-43202, CVE-2026-43203, CVE-2026-43205, CVE-2026-43207,
CVE-2026-43209, CVE-2026-43227, CVE-2026-43232, CVE-2026-43236,
CVE-2026-43241, CVE-2026-43242, CVE-2026-43268, CVE-2026-43269,
CVE-2026-43270, CVE-2026-43283, CVE-2026-43291, CVE-2026-43295,
CVE-2026-43296, CVE-2026-43302, CVE-2026-43312


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list