[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-7774-1)

Oracle Ksplice gregory.herrero at oracle.com
Wed Oct 22 22:26:50 UTC 2025 

Synopsis: USN-7774-1 can now be patched using Ksplice
CVEs: CVE-2022-48703 CVE-2024-26726 CVE-2024-44939 CVE-2025-38074 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38115 CVE-2025-38120 CVE-2025-38146 CVE-2025-38154 CVE-2025-38181 CVE-2025-38184 CVE-2025-38190 CVE-2025-38193 CVE-2025-38203 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38222 CVE-2025-38230 CVE-2025-38231 CVE-2025-38245 CVE-2025-38251 CVE-2025-38263 CVE-2025-38305 CVE-2025-38310 CVE-2025-38328 CVE-2025-38332 CVE-2025-38342 CVE-2025-38352 CVE-2025-38387 CVE-2025-38399 CVE-2025-38403 CVE-2025-38430 CVE-2025-38445 CVE-2025-38457 CVE-2025-38461 CVE-2025-38464 CVE-2025-38466 CVE-2025-38498

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-7774-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-48703: Null pointer dereference in ACPI INT340X thermal driver.

* CVE-2024-26726: Kernel panic in Btrfs filesystem driver.

* CVE-2024-44939: Denial-of-service in JFS file system driver.

* CVE-2025-38074: Race condition in VHOST SCSI TCM fabric driver.

* CVE-2025-38084, CVE-2025-38085: Race condition in Transparent Hugepage driver.

* CVE-2025-38086: Use of uninitialized memory in QingHeng CH9200 USB ethernet driver.

* CVE-2025-38107: Integer overflow in Enhanced transmission selection scheduler (ETS).

* CVE-2025-38108: Integer underflow in multiple network schedulers.

* CVE-2025-38111: Out-of-bounds memory usage in MDIO bus driver.

* CVE-2025-38115: NULL pointer dereference in Stochastic Fairness Queueing (SFQ) network scheduler.

* CVE-2025-38120: Memory disclosure in Netfilter driver.

* CVE-2025-38146: Soft lockup in Open vSwitch driver.

* CVE-2025-38154: Kernel panic in Networking driver.

* CVE-2025-38181: NULL pointer dereference in NetLabel subsystem.

* CVE-2025-38184: NULL pointer dereference in IP/UDP media type driver.

* CVE-2025-38190: Memory leak in ATM networking stack.

* CVE-2025-38193: Integer overflow in Stochastic Fairness Queueing (SFQ) driver.

* CVE-2025-38203: Null pointer dereference in JFS filesystem driver.

* CVE-2025-38206: Double free in exFAT filesystem driver.

* CVE-2025-38211: Use-after-free in InfiniBand driver.

* CVE-2025-38212: Use-after-free in System V IPC driver.

* CVE-2025-38222: Integer overflow in ext4 filesystem.

* CVE-2025-38230: Out-of-bounds memory access in JFS filesystem driver.

* CVE-2025-38231: Null pointer dereference in NFS server driver.

* CVE-2025-38245: Race condition in ATM networking stack.

* CVE-2025-38251: Kernel crash in Classical IP over ATM driver.

* CVE-2025-38263: Null pointer dereference in Block device as cache driver.

* CVE-2025-38305: Deadlock in Precision Time Protocol (PTP) driver.

* CVE-2025-38310: Out-of-bounds memory access in IPv6 Segment Routing Header encapsulation driver.

* CVE-2025-38328: Null pointer dereference in Journalling Flash File System v2 (JFFS2) driver.

* CVE-2025-38332: Kernel panic in Emulex LightPulse Fibre Channel driver.

* CVE-2025-38342: Out-of-bounds memory access in software node component.

* CVE-2025-38352: Missing check in POSIX clock/timer driver.

* CVE-2025-38387: Null pointer dereference in Mellanox MLX5 InfiniBand driver.

* CVE-2025-38399: Null pointer dereference in Generic Target Core Mod (TCM) and ConfigFS Infrastructure driver.

* CVE-2025-38403: Use of uninitialized memory in Virtual Socket protocol driver.

* CVE-2025-38430: Remote kernel crash in NFSv4 server driver.

* CVE-2025-38445: Kernel panic in RAID-1 (mirroring) mode driver.

* CVE-2025-38457: Null pointer dereference in QoS and/or fair queueing driver.

* CVE-2025-38461: Denial-of-service in Virtual Socket protocol driver.

* CVE-2025-38464: Use-after-free in TIPC Protocol driver.

* CVE-2025-38466: Missing privilege check in Kernel performance events and counters driver.

* CVE-2025-38498: Logic error in core filesystem layer.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-38194


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-22.04-updates mailing list