From gregory.herrero at oracle.com Tue Mar 10 02:10:51 2026 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Tue, 10 Mar 2026 02:10:51 +0000 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-8033-1) Message-ID: Synopsis: USN-8033-1 can now be patched using Ksplice CVEs: CVE-2025-38236 CVE-2025-38248 CVE-2025-39880 CVE-2025-39885 CVE-2025-39955 CVE-2025-39973 CVE-2025-40027 CVE-2025-40044 CVE-2025-40055 CVE-2025-40068 CVE-2025-40087 CVE-2025-40105 CVE-2025-40111 CVE-2025-40134 CVE-2025-40173 CVE-2025-40186 CVE-2025-40187 CVE-2025-40204 CVE-2025-40205 CVE-2025-40215 CVE-2025-40231 CVE-2025-40233 CVE-2025-40240 CVE-2025-40256 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-8033-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-38236: Out-of-bounds memory access in Unix domain sockets driver. * CVE-2025-38248: Use-after-free in 802.1d Ethernet Bridge driver. * CVE-2025-39880: Kernel crash in Ceph core library driver. * CVE-2025-39885: Deadlock in OCFS2 filesystem driver. * CVE-2025-39955, CVE-2025-40186: Dropped packets in TCP/IP networking driver. * CVE-2025-39973: Out-of-bounds memory access in Intel(R) Ethernet Controller XL710 Family driver. * CVE-2025-40027: Use-after-free in 9P protocol stack. * CVE-2025-40044: Out-of-bounds memory access in UDF filesystem. * CVE-2025-40055: Use-after-free in OCFS2 filesystem. * CVE-2025-40068: Integer overflow in NTFS filesystem driver. * CVE-2025-40087: Remote null pointer dereference in Parallel NFS FlexFile server driver. * CVE-2025-40105: Memory leak in core filesystem layer. * CVE-2025-40111: Use-after-free in VMware vGPU driver. * CVE-2025-40134: Null pointer dereference in multi-device driver (RAID/LVM). * CVE-2025-40173: Use-after-free in IPv6 networking stack. * CVE-2025-40187: Null pointer dereference in SCTP Protocol driver. * CVE-2025-40204: Variable-time MAC check in SCTP Protocol driver. * CVE-2025-40205: Out-of-bounds memory access in BTRFS filesystem. * CVE-2025-40231: Deadlock in Virtual Socket protocol driver. * CVE-2025-40233: Kernel crash in OCFS2 filesystem driver. * CVE-2025-40240: Remote null pointer dereference in SCTP Protocol driver. * CVE-2025-40256, CVE-2025-40215: Race condition in XFRM subsystem. * Logic error in Transport Layer Security driver. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2024-56538, CVE-2025-39869, CVE-2025-39873, CVE-2025-39876, CVE-2025-39923, CVE-2025-39934, CVE-2025-39951, CVE-2025-39986, CVE-2025-40029, CVE-2025-40060, CVE-2025-40081, CVE-2025-40112, CVE-2025-40124, CVE-2025-40126, CVE-2025-40127, CVE-2025-40188, CVE-2025-40245, CVE-2025-40346 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.