[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-8096-1)

Sat Mar 28 20:57:55 UTC 2026

Synopsis: USN-8096-1 can now be patched using Ksplice
CVEs: CVE-2022-49465 CVE-2024-36903 CVE-2024-36927 CVE-2024-37354 CVE-2024-46830 CVE-2024-47666 CVE-2025-38022 CVE-2025-40040 CVE-2025-40083 CVE-2025-40110 CVE-2025-40248 CVE-2025-40257 CVE-2025-40258 CVE-2025-40271 CVE-2025-40272 CVE-2025-40273 CVE-2025-40277 CVE-2025-40280 CVE-2025-40281 CVE-2025-68295 CVE-2025-68301 CVE-2025-68764 CVE-2025-68776 CVE-2025-68788 CVE-2025-68803 CVE-2025-68813 CVE-2025-71066 CVE-2025-71068 CVE-2025-71084 CVE-2025-71097 CVE-2025-71098 CVE-2025-71104 CVE-2025-71120 CVE-2025-71131 CVE-2025-71147 CVE-2026-22976 CVE-2026-22977 CVE-2026-22988

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-8096-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-49465: Use-after-free in Block layer bio throttling driver.

* CVE-2024-36903: Information leak in IPv6 networking support.

* CVE-2024-36927: Use of uninitialized memory in TCP/IP networking driver.

* CVE-2024-37354: Denial-of-service in Btrfs filesystem driver.

* CVE-2024-46830: Memory corruption in Kernel-based Virtual Machine (KVM) driver.

* CVE-2024-47666: Kernel crash in PMC-Sierra SPC 8001 SAS/SATA Based Host Adapter driver.

* CVE-2025-38022: Use-after-free in InfiniBand driver.

* CVE-2025-40040: Kernel panic in KSM for page merging driver.

* CVE-2025-40083: Null pointer dereference in Quick Fair Queueing scheduler (QFQ) driver.

* CVE-2025-40110: Null pointer dereference in DRM driver for VMware virtual GPUs.

* CVE-2025-40248: Use-after-free in Virtual Socket protocol driver.

* CVE-2025-40257: Use-after-free in MPTCP: Multipath TCP driver.

* CVE-2025-40258: Use-after-free in MPTCP: Multipath TCP driver.

* CVE-2025-40271: Use-after-free in /proc filesystem driver.

* CVE-2025-40272: Use-after-free in secret memory management.

* CVE-2025-40273: Kernel oops in NFS server for NFS version 4 driver.

* CVE-2025-40277: Out-of-bounds memory access in VMware graphics driver.

* CVE-2025-40280: Use-after-free in TIPC Protocol driver.

* CVE-2025-40281: Out-of-bounds memory access in SCTP Protocol driver.

* CVE-2025-68295: Memory leak in SMB/CIFS client driver.

* CVE-2025-68301: Out-of-bounds memory access in aQuantia AQtion driver.

* CVE-2025-68764: Insufficient privilege checks in NFS client driver.

* CVE-2025-68776: Null pointer dereference in High-availability Seamless Redundancy (HSR & PRP) driver.

* CVE-2025-68788: Information leak in fsnotify.

* CVE-2025-68803: Access control violation in NFS server driver.

* CVE-2025-68813: Null pointer dereference in IP virtual server driver.

* CVE-2025-71066: Use-after-free in ETS network scheduler.

* CVE-2025-71068: Out-of-bounds memory access in RPC-over-RDMA transport driver.

* CVE-2025-71084: Reference count leak in InfiniBand driver.

* CVE-2025-71097: Reference count leak in TCP/IP networking driver.

* CVE-2025-71104: Hard lockup in KVM.

* CVE-2025-71120: Null pointer dereference in SunRPC GSS.

* CVE-2025-71131: Use-after-free in Sequence Number IV Generator driver.

* CVE-2025-71147: Memory leak in TPM-based trusted keys driver.

* CVE-2026-22976: Null pointer dereference in QFQ network scheduler.

* CVE-2026-22977: Kernel panic in TCP/IP networking driver.

* CVE-2026-22988, CVE-2025-71098: Kernel panic in IPv6 GRE tunnel driver.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2022-49635, CVE-2025-40253, CVE-2025-40262, CVE-2025-40278,
CVE-2025-68176, CVE-2025-68177, CVE-2025-68204, CVE-2025-68220,
CVE-2025-68238, CVE-2025-68328, CVE-2025-68336, CVE-2025-68732,
CVE-2025-68773, CVE-2025-68777, CVE-2025-68808, CVE-2025-71064,
CVE-2025-71078, CVE-2025-71102, CVE-2025-71112, CVE-2025-71121,
CVE-2025-71132, CVE-2025-71137

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.