[Ksplice][Ubuntu-24.04-Updates] New Ksplice updates for Ubuntu 24.04 Noble (6.8.0-58.60)

Oracle Ksplice gregory.herrero at oracle.com
Tue Jun 10 14:19:14 UTC 2025 

Synopsis: 6.8.0-58.60 can now be patched using Ksplice
CVEs: CVE-2024-41014 CVE-2024-50110 CVE-2024-50115 CVE-2024-50121 CVE-2024-50124 CVE-2024-50126 CVE-2024-50142 CVE-2024-50151 CVE-2024-50152 CVE-2024-50158 CVE-2024-50195 CVE-2024-50208 CVE-2024-50210 CVE-2024-50215 CVE-2024-50218 CVE-2024-50223 CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50255 CVE-2024-50256 CVE-2024-50261 CVE-2024-50265 CVE-2024-50273 CVE-2024-50278 CVE-2024-50279 CVE-2024-50283 CVE-2024-50301 CVE-2024-53042 CVE-2024-53112 CVE-2024-53117 CVE-2024-53118 CVE-2024-53139 CVE-2024-53146 CVE-2024-53155 CVE-2024-53166 CVE-2024-53168 CVE-2024-53171 CVE-2024-53173 CVE-2024-53209 CVE-2024-53213 CVE-2024-56551 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56605 CVE-2024-56606 CVE-2024-56613 CVE-2024-56626 CVE-2024-56627 CVE-2024-56631 CVE-2024-56644 CVE-2024-56650 CVE-2024-56742 CVE-2024-57843 CVE-2024-58009 CVE-2025-21700 CVE-2025-21701 CVE-2025-21702 CVE-2025-21756

Systems running Ubuntu 24.04 Noble can now use Ksplice to patch
against the latest Ubuntu kernel update, 6.8.0-58.60.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 24.04
Noble install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-41014: Privilege escalation in XFS filesystem driver.

A missing check when manipulating images in the XFS filesystem driver
could lead to an out-of-bounds memory access. A local attacker could use
this flaw to gain root privileges.


* CVE-2024-50110: Information leak in Transformation user configuration interface driver.

A logic error when dumping information in the Transformation user
configuration interface driver could lead to use of uninitialized
memory. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-50115: Privilege escalation in KVM SVM driver.

A missing check when retrieving nested guest pages in the KVM SVM driver
could lead to an out-of-bounds memory access. A local attacker could use
this flaw to escalate privileges.


* CVE-2024-50121: Privilege escalation in NFS server version 4 driver.

A logic error when using the NFS server version 4 driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-50124: Denial-of-service in Bluetooth Low Energy driver.

A missing check when using the Bluetooth Low Energy driver could
lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-50126: Memory corruption in Time Aware Priority (taprio) Scheduler driver.

A locking error when using the Time Aware Priority (taprio) Scheduler
driver could lead to a use-after-free. A local attacker could use this
flaw to cause memory corruption.


* CVE-2024-50142: Denial-of-service in transformation user configuration interface.

A logic error when using the transformation user configuration interface
could lead to an integer overflow. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-50151: Privilege escalation in SMB3 and CIFS driver.

A missing check when using the SMB3 and CIFS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-50152: Memory corruption in SMB3 and CIFS filesystem driver.

A double free error when using the SMB3 and CIFS filesystem driver could
lead to a use-after-free. A local attacker could use this flaw to cause
memory corruption.


* CVE-2024-50158: Memory corruption in Broadcom Netxtreme HCA driver.

A missing check when using the Broadcom Netxtreme HCA driver could lead
to an out-of-bounds memory write. A local attacker could use this flaw
to cause memory corruption.


* CVE-2024-50195, CVE-2024-50210: Denial-of-service in dynamic POSIX clock driver.

A missing check when using the dynamic POSIX clock driver could lead to
invalid time being set. A local attacker could use this flaw to cause a
denial-of-service or other types of attacks (since other kernel parts or
drivers may depend on the set time).


* CVE-2024-50208: Privilege escalation in Broadcom Netxtreme HCA driver.

A logic error when using the Broadcom Netxtreme HCA driver could lead to
an out-of-bounds memory access. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-50215: Privilege escalation in NVMe over Fabrics In-band Authentication driver.

A logic error when using the NVMe over Fabrics In-band Authentication
driver could lead to double free. A local attacker could use this flaw
to escalate privileges.

Orabug: 37268555


* CVE-2024-50218: Denial-of-service in OCFS2 file system driver.

A missing check when using the OCFS2 file system driver could lead to a
kernel assertion failure. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-50223: Denial-of-service in CFS scheduler.

A logic error when handling SIGSEGV signal in the CFS scheduler
could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-50249: Denial-of-service in ACPI subsystem.

A locking error in the Advanced Configuration and Power
Interface (ACPI) subsystem could lead to instability in
CPU performance scaling and power management functionality
during high-performance workloads or when switching power
states. A local attacker could potentially use this flaw
to cause a denial-of-service.


* CVE-2024-50250: Information leak in File system based Direct Access (DAX) driver.

A logic error when using the File system based Direct Access (DAX)
driver could lead to use of uninitialized memory. A local attacker could
use this flaw to extract sensitive information.


* CVE-2024-50251: Denial-of-service in Network packet filtering framework (Netfilter) driver.

A missing check when using the Network packet filtering framework
(Netfilter) driver could lead to a kernel assertion failure. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-50255: Denial-of-service in Bluetooth subsystem.

A missing check when using the Bluetooth subsystem could lead
to a NULL pointer dereference. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-50256: Denial-of-service in IPv6 packet rejection driver.

A logic error when using the IPv6 packet rejection driver could lead to
a kernel assertion failure. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-50261: Privilege escalation in IEEE 802.1AE MAC-level encryption (MACsec) driver.

A logic error when using the IEEE 802.1AE MAC-level encryption (MACsec)
driver could lead to a use-after-free. A local attacker could use this
flaw to escalate privileges.


* CVE-2024-50265: Denial-of-service in OCFS2 filesystem driver.

A logic error when setting extended attributes in the OCFS2 filesystem
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-50273: Denial-of-service in Btrfs filesystem driver.

A logic error when handling delayed reference counting in the Btrfs
filesystem driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-50278, CVE-2024-50279: Privilege escalation in Multiple Device Cache Target driver.

Logic errors when manipulating cache in the Multiple Device Cache Target
driver could lead to an out-of-bounds memory access. A local attacker
could use this flaw to escalate privileges.


* CVE-2024-50283: Memory corruption in SMB3 server driver.

A logic error when using the SMB3 server driver could lead to a
use-after-free. A local attacker could use this flaw to cause memory
corruption.


* CVE-2024-50301: Privilege escalation in Keyring subsystem.

A missing check when checking if a key can be used in the Keyring
subsystem could lead to an out-of-bounds memory access. A local attacker
could use this flaw to escalate privileges.


* CVE-2024-53042: Denial-of-service in IP tunneling subsystem.

A race condition when using ip tunnels could lead to a kernel oops. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-53112: Denial-of-service in OCFS2 filesystem.

A missing check when using OCFS2_IOC_GROUP_ADD ioctl in the OCFS2
filesystem could lead to a kernel assertion failure. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-53117, CVE-2024-53118: Denial-of-service in Virtual Socket protocol driver.

Incorrect reference counting when using the Virtual Socket protocol
driver could lead to a memory leak. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-53139: Privilege escalation in SCTP protocol driver.

A locking error when using the SCTP protocol driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-53146: Information leak in NFS server driver.

A logic error when using the NFS server driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-53155: Information leak in OCFS2 filesystem.

A missing variable initialization when using the OCFS2 filesystem could
lead to use of uninitialized memory. A local attacker could use this
flaw to extract sensitive information.


* CVE-2024-53166: Memory corruption in BFQ I/O scheduler subsystem.

A locking error when using the BFQ I/O scheduler subsystem could lead to
a use-after-free. A local attacker could use this flaw to cause memory
corruption.


* CVE-2024-53168: Memory corruption in SUNRPC networking stack.

Incorrect reference counting when using the SUNRPC networking stack
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption.


* CVE-2024-53171: Privilege escalation in UBIFS file system driver.

A logic error when using the UBIFS file system driver could lead to a
use-after-free. A local attacker could use this flaw to gain root
privileges.


* CVE-2024-53173: Privilege escalation in NFS client driver.

A logic error when opening multiple files concurrently in the NFS client
driver could lead to a use-after-free. A local attacker could use this
flaw to escalate privileges.


* CVE-2024-53209: Denial-of-service in Broadcom NetXtreme-C/E driver.

A logic error when using the Broadcom NetXtreme-C/E driver could lead to
an out-of-bounds memory access. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-53213: Privilege escalation in Microchip LAN78XX Based USB Ethernet Adapters driver.

A logic error when using the Microchip LAN78XX Based USB Ethernet
Adapters driver could lead to double free. A local attacker could use
this flaw to escalate privileges.


* CVE-2024-56551: Privilege escalation in AMD GPU driver.

A logic error when using the AMD GPU driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-56595, CVE-2024-56596, CVE-2024-56597, CVE-2024-56598: Code execution in JFS filesystem driver.

A missing check when using the JFS filesystem driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
execute arbitrary code in kernel mode.


* CVE-2024-56600: Privilege escalation in Networking subsystem.

A missing variable initialization when creating a socket fails in the
Networking subsystem could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.


* CVE-2024-56601: Privilege escalation in TCP/IP networking driver.

A missing variable initialization when creating a socket fails in the
TCP/IP networking driver could lead to a use-after-free. A local
attacker could use this flaw to escalate privileges.


* CVE-2024-56602: Privilege escalation in IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver.

A missing variable initialization when creating a socket fails in the
IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56605, CVE-2024-58009: Privilege escalation in Bluetooth subsystem driver.

A missing variable initialization when creating a l2cap socket fails in
the Bluetooth subsystem driver could lead to a use-after-free. A local
attacker could use this flaw to escalate privileges.


* CVE-2024-56606: Privilege escalation in packet protocol networking stack.

A logic error when using the packet protocol networking stack could lead
to a use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-56613: Denial-of-service in CFS scheduler.

A race condition when using the CFS scheduler could lead to a memory
leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-56626: Memory corruption in SMB3 server driver.

A missing check when using the SMB3 server driver could lead to an
out-of-bounds memory write. A local attacker could use this flaw to
cause memory corruption.


* CVE-2024-56627: Memory corruption in SMB3 server driver.

A missing check when using the SMB3 server driver could lead to an
out-of-bounds memory read. A local attacker could use this flaw to cause
memory corruption.


* CVE-2024-56631: Privilege escalation in SCSI generic driver.

A locking error when releasing data in the SCSI generic driver could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56644: Remote denial-of-service in IPv6 networking stack.

Incorrect reference counting when using the IPv6 networking stack could
lead to a memory leak. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-56650: Privilege escalation in netfilter driver.

A missing check when using the netfilter driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-56742: Denial-of-service in VFIO for MLX5 PCI devices driver.

Missing free when using the VFIO for MLX5 PCI devices driver could lead
to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-57843: Denial-of-service in Virtio network driver.

A missing check when using the Virtio network driver could lead to a
buffer overflow. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21700: Privilege escalation in QoS and/or fair queueing driver.

A logic error when using the QoS and/or fair queueing driver could lead
to a use-after-free. A local attacker could use this flaw to gain root
privileges.


* CVE-2025-21701: Denial-of-service in Networking driver.

A race condition when using the Networking driver could lead to a kernel
assertion failure. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2025-21702: Privilege escalation in QoS and/or fair queueing driver.

A logic error when using the QoS and/or fair queueing driver could lead
to a use-after-free. A local attacker could use this flaw to gain root
privileges.


* CVE-2025-21756: Privilege escalation in Virtual Socket protocol driver.

A logic error when using the Virtual Socket protocol driver could lead
to a use-after-free. A local attacker could use this flaw to escalate
privileges.


* Denial-of-service in XFS filesystem.

A logic error when using the XFS filesystem could lead to corruption of
filesystem.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-24.04-updates mailing list