From gregory.herrero at oracle.com Wed May 14 18:41:39 2025 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Wed, 14 May 2025 18:41:39 -0000 Subject: [Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-7461-1) Message-ID: Synopsis: USN-7461-1 can now be patched using Ksplice CVEs: CVE-2024-46826 CVE-2024-49974 CVE-2024-50256 CVE-2025-21700 CVE-2025-21702 CVE-2025-21703 Systems running Ubuntu 20.04 Focal can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-7461-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 20.04 Focal install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-46826: Undefined behavior in kernel ELF parsing subsystem. A logic error when using the kernel ELF parsing subsystem. could lead to an inconsistently loaded binary. The resulting loaded binary might exhibit undefined behavior. * CVE-2024-50256: Denial-of-service in IPv6 packet rejection driver. A logic error when using the IPv6 packet rejection driver could lead to a kernel assertion failure. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21700: Privilege escalation in QoS and/or fair queueing driver. A logic error when using the QoS and/or fair queueing driver could lead to a use-after-free. A local attacker could use this flaw to gain root privileges. * CVE-2025-21702: Privilege escalation in QoS and/or fair queueing driver. A logic error when using the QoS and/or fair queueing driver could lead to a use-after-free. A local attacker could use this flaw to gain root privileges. * CVE-2025-21703: Privilege escalation in network emulator. A logic error when using the network emulator could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * Note: Oracle will not provide a zero-downtime update for CVE-2024-49974. Oracle has determined that patching CVE-2024-49974 on a running system would not be safe and recommends a reboot. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From gregory.herrero at oracle.com Thu May 22 18:27:30 2025 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Thu, 22 May 2025 18:27:30 +0000 Subject: [Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-7495-1) Message-ID: Synopsis: USN-7495-1 can now be patched using Ksplice CVEs: CVE-2023-52664 CVE-2023-52927 CVE-2024-26689 Systems running Ubuntu 20.04 Focal can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-7495-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 20.04 Focal install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2023-52664: Privilege escalation in aQuantia AQtion driver. A double free error when using the aQuantia AQtion driver with high memory pressure could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2023-52927: Privilege escalation in Network packet filtering framework. A logic error when using the Network packet filtering framework could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-26689: Privilege escalation in capabilities handling of Ceph distributed file system. A reference count error in capabilities handling of Ceph distributed file system could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From gregory.herrero at oracle.com Thu May 22 18:32:24 2025 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Thu, 22 May 2025 18:32:24 +0000 Subject: [Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-7516-1) Message-ID: <24c17eded7101bcd1ce6644d6d7c9d16.apache@ksplice.com> Synopsis: USN-7516-1 can now be patched using Ksplice CVEs: CVE-2024-26982 CVE-2024-58001 CVE-2024-58017 CVE-2025-21647 CVE-2025-21719 CVE-2025-21753 CVE-2025-21787 CVE-2025-21791 CVE-2025-21920 CVE-2025-21926 CVE-2025-21971 Systems running Ubuntu 20.04 Focal can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-7516-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 20.04 Focal install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-26982: Denial-of-service in SquashFS. A missing check when using SquashFS could lead to an out-of-bounds memory access. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-58001: Denial-of-service in OCFS2 filesystem. Incorrect reference counting when using the OCFS2 filesystem could lead to a memory leak. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-58017: Integer overflow in printk. Undefined behaviour in the printk code could lead to an integer overflow. * CVE-2025-21647: Privilege escalation in Common Applications Kept Enhanced (CAKE) driver. A logic error when using the Common Applications Kept Enhanced (CAKE) driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2025-21719: Denial-of-service in TCP/IP networking driver. A logic error when using the TCP/IP networking driver could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21753: Privilege escalation in Btrfs filesystem. A race condition when using the Btrfs filesystem could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2025-21787: Denial-of-service in Ethernet team driver. Incorrect checks on parameters passed from userspace when using the Ethernet team driver could lead to an out-of-bounds memory read. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21791: Privilege escalation in layer 3 master device support. A race condition when using an L3 master device could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2025-21920: Information leak in ethernet VLAN stack. A missing check for device type in the ethernet VLAN stack could lead to kernel address leak. As System.map file is also readable by an unprivileged attacker, KASLR can be bypassed since the attacker can find out the relative offsets and combine that with the leaked address to find the address of any kernel symbol, which can facilitate an attack, like privilege escalation. * CVE-2025-21926: Denial-of-service in UDPv4 Generic Segmentation Offload support. A logic error when using UDPv4 sockets with GSO could lead to a kernel panic. A local attacker could use this flaw to cause a denial-of-service. * CVE-2025-21971: Denial-of-service in QoS driver. A missing check when computing statistics in the QoS driver could lead to a kernel panic. A local attacker could use this flaw to cause a denial-of-service. * Information leak in USB Modem (CDC ACM) driver. A missing check when using the USB Modem (CDC ACM) driver could lead to use of uninitialized memory. A local attacker could use this flaw to extract sensitive information. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2025-21687, CVE-2025-21785 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.