[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-8180-1)

[Oracle Ksplice]

Synopsis: USN-8180-1 can now be patched using Ksplice
CVEs: CVE-2025-40149 CVE-2025-71194 CVE-2026-22998 CVE-2026-23001 CVE-2026-23011 CVE-2026-23087 CVE-2026-23099 CVE-2026-23105 CVE-2026-23120 CVE-2026-23209 CVE-2026-23273

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-8180-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2025-40149: Use-after-free in Transport Layer Security HW offload driver.

* CVE-2025-71194: Deadlock in Btrfs filesystem driver.

* CVE-2026-22998: Null pointer dereference in NVME subsystem.

* CVE-2026-23001: Use-after-free in MAC-VLAN driver.

* CVE-2026-23011: Kernel panic in GRE tunnel.

* CVE-2026-23087: Memory leak in XEN SCSI backend driver.

* CVE-2026-23099: Out-of-bounds memory access in Bonding driver.

* CVE-2026-23105: Undefined behavior in QFQ network scheduler.

* CVE-2026-23120: Data race in Layer Two Tunneling Protocol (L2TP) driver.

* CVE-2026-23209, CVE-2026-23273: Use-after-free in MAC-VLAN driver.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-38408, CVE-2025-71162, CVE-2025-71163, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71190, CVE-2025-71191,
CVE-2025-71196, CVE-2025-71199, CVE-2026-23026, CVE-2026-23033,
CVE-2026-23049, CVE-2026-23064, CVE-2026-23085, CVE-2026-23128,
CVE-2026-23170


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.