From gregory.herrero at oracle.com Fri Apr 17 09:14:32 2026 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Fri, 17 Apr 2026 09:14:32 -0000 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-8180-1) Message-ID: Synopsis: USN-8180-1 can now be patched using Ksplice CVEs: CVE-2025-40149 CVE-2025-71194 CVE-2026-22998 CVE-2026-23001 CVE-2026-23011 CVE-2026-23087 CVE-2026-23099 CVE-2026-23105 CVE-2026-23120 CVE-2026-23209 CVE-2026-23273 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-8180-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-40149: Use-after-free in Transport Layer Security HW offload driver. * CVE-2025-71194: Deadlock in Btrfs filesystem driver. * CVE-2026-22998: Null pointer dereference in NVME subsystem. * CVE-2026-23001: Use-after-free in MAC-VLAN driver. * CVE-2026-23011: Kernel panic in GRE tunnel. * CVE-2026-23087: Memory leak in XEN SCSI backend driver. * CVE-2026-23099: Out-of-bounds memory access in Bonding driver. * CVE-2026-23105: Undefined behavior in QFQ network scheduler. * CVE-2026-23120: Data race in Layer Two Tunneling Protocol (L2TP) driver. * CVE-2026-23209, CVE-2026-23273: Use-after-free in MAC-VLAN driver. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2025-38408, CVE-2025-71162, CVE-2025-71163, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71190, CVE-2025-71191, CVE-2025-71196, CVE-2025-71199, CVE-2026-23026, CVE-2026-23033, CVE-2026-23049, CVE-2026-23064, CVE-2026-23085, CVE-2026-23128, CVE-2026-23170 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.