[Ksplice][Ubuntu-24.04-Updates] New Ksplice updates for Ubuntu 24.04 Noble (USN-7764-1)

[Oracle Ksplice]

Synopsis: USN-7764-1 can now be patched using Ksplice
CVEs: CVE-2025-21892 CVE-2025-21905 CVE-2025-21920 CVE-2025-21926 CVE-2025-21927 CVE-2025-21945 CVE-2025-21959 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21966 CVE-2025-21991 CVE-2025-21997 CVE-2025-22004

Systems running Ubuntu 24.04 Noble can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-7764-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 24.04
Noble install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2025-21892: Deadlock in Mellanox 5th generation network adapters (ConnectX series) driver.

* CVE-2025-21905: Out-of-bounds memory access in Intel Wireless WiFi Next Gen AGN (iwlwifi) driver.

* CVE-2025-21920: Information leak in ethernet VLAN stack.

* CVE-2025-21926: Denial-of-service in UDPv4 Generic Segmentation Offload support.

* CVE-2025-21927: Memory corruption in NVM Express over Fabrics FC driver.

* CVE-2025-21945: Use-after-free in SMB3 server driver.

* CVE-2025-21959: Use of uninitialised value in netfilter subsystem.

* CVE-2025-21962, CVE-2025-21963, CVE-2025-21964: Integer overflow in SMB3/CIFS driver.

* CVE-2025-21966: Denial-of-service in Flakey target driver.

* CVE-2025-21991: Denial-of-service in AMD microcode loading driver.

* CVE-2025-21997: Memory corruption in XDP sockets driver.

* CVE-2025-22004: Use-after-free in LAN Emulation (LANE) driver.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2025-21977


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.