From gregory.herrero at oracle.com Tue Jun 17 04:17:41 2025 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Tue, 17 Jun 2025 04:17:41 +0000 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-7550-1) Message-ID: Synopsis: USN-7550-1 can now be patched using Ksplice CVEs: CVE-2024-53168 CVE-2024-56551 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-7550-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-53168: Memory corruption in SUNRPC networking stack. Incorrect reference counting when using the SUNRPC networking stack could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-56551: Privilege escalation in AMD GPU driver. A logic error when using the AMD GPU driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From gregory.herrero at oracle.com Thu Jun 26 23:03:20 2025 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Thu, 26 Jun 2025 23:03:20 +0000 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-7591-1) Message-ID: Synopsis: USN-7591-1 can now be patched using Ksplice CVEs: CVE-2022-49636 CVE-2024-53144 CVE-2024-56664 CVE-2024-8805 CVE-2025-21959 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21991 CVE-2025-22079 CVE-2025-39735 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-7591-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-49636: Memory leak in Networking driver. * CVE-2024-53144, CVE-2024-8805: Lack of authorization in Bluetooth subsystem. * CVE-2024-56664: Use-after-free in bpf() system call driver. * CVE-2025-21959: Use of uninitialized memory in Netfilter driver. * CVE-2025-21962, CVE-2025-21963, CVE-2025-21964: Integer overflow in SMB3/CIFS driver. * CVE-2025-21991: Out-of-bounds memory access in AMD microcode loading driver. * CVE-2025-22079: Out-of-bounds memory access in OCFS2 file system. * CVE-2025-39735: Out-of-bounds memory access in JFS filesystem driver. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.