[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-7654-1)
Oracle Ksplice
gregory.herrero at oracle.com
Tue Aug 12 23:23:23 UTC 2025
Synopsis: USN-7654-1 can now be patched using Ksplice
CVEs: CVE-2022-21546 CVE-2022-49168 CVE-2023-52572 CVE-2023-52752 CVE-2024-26739 CVE-2024-35866 CVE-2024-35867 CVE-2024-38540 CVE-2024-49960 CVE-2024-50272 CVE-2025-23145 CVE-2025-23150 CVE-2025-23163 CVE-2025-37738 CVE-2025-37749 CVE-2025-37757 CVE-2025-37773 CVE-2025-37780 CVE-2025-37789 CVE-2025-37797 CVE-2025-37808 CVE-2025-37824 CVE-2025-37844 CVE-2025-37911 CVE-2025-37913 CVE-2025-37914 CVE-2025-37915 CVE-2025-37992
Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-7654-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2022-21546: Denial-of-service in SCSI write path.
* CVE-2022-49168: Use-after-free in Btrfs filesystem driver.
* CVE-2023-52572: Use-after-free in CIFS driver.
* CVE-2023-52752: Use-after-free in SMB/CIFS client driver.
* CVE-2024-26739: Memory corruption in Redirecting and Mirroring driver.
* CVE-2024-35866: Use-after-free in CIFS driver.
* CVE-2024-35867: Use-after-free in SMB/CIFS client driver.
* CVE-2024-38540: Data corruption in Broadcom Netxtreme HCA driver.
* CVE-2024-49960: Use-after-free in ext4 filesystem driver.
* CVE-2024-50272: Infinite loop in memory management subsystem.
* CVE-2025-23145: Null pointer dereference in Multipath TCP driver.
* CVE-2025-23150: Out-of-bounds memory access in ext4 filesystem driver.
* CVE-2025-23163: Deadlock in 802.1Q/802.1ad VLAN Support.
* CVE-2025-37738: Use-after-free in ext4 filesystem driver.
* CVE-2025-37749: Information leak in PPP driver.
* CVE-2025-37757: Memory leak in the TIPC Protocol driver.
* CVE-2025-37773: Null pointer dereference in FUSE virtio filesystem.
* CVE-2025-37780: Out-of-bounds memory access in ISO file system.
* CVE-2025-37789: Out-of-bounds memory access in Open vSwitch.
* CVE-2025-37797: Use-after-free in HFSC network scheduler.
* CVE-2025-37808: Use-after-free in Crypto Null algorithms.
* CVE-2025-37824: Null pointer dereference in TIPC Protocol driver.
* CVE-2025-37844: Null pointer dereference in CIFS driver.
* CVE-2025-37911: Out-of-bounds memory access in Broadcom NetXtreme-C/E driver.
* CVE-2025-37913, CVE-2025-37914, CVE-2025-37915: Memory corruption in multiple network scheduler drivers.
* CVE-2025-37992: Null pointer dereference in multiple network scheduler drivers.
* Null pointer dereference in SMB3/CIFS driver.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-22.04-updates
mailing list