Synopsis: ELSA-2026-50145 can now be patched using Ksplice CVEs: CVE-2022-49465 CVE-2023-53520 CVE-2024-36903 CVE-2024-36927 CVE-2024-46830 CVE-2025-38022 CVE-2025-38129 CVE-2025-40110 CVE-2025-68764 CVE-2025-68776 CVE-2025-68788 CVE-2025-68803 CVE-2025-68813 CVE-2025-68818 CVE-2025-71066 CVE-2025-71068 CVE-2025-71084 CVE-2025-71097 CVE-2025-71098 CVE-2025-71104 CVE-2025-71120 CVE-2025-71131 CVE-2025-71147 CVE-2025-71182 CVE-2025-71194 CVE-2026-22976 CVE-2026-22977 CVE-2026-22988 CVE-2026-22998 CVE-2026-23001 CVE-2026-23011 CVE-2026-23060 CVE-2026-23074 CVE-2026-23097 CVE-2026-23099 CVE-2026-23105 CVE-2026-23111 CVE-2026-23120 CVE-2026-23209
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2026-50145. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2026-50145.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on OL8 and OL9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-49465: Use-after-free in Block layer bio throttling driver. * CVE-2023-53520: Kernel crash in Bluetooth subsystem. * CVE-2024-36903: Information leak in IPv6 networking support. * CVE-2024-36927: Use of uninitialized memory in TCP/IP networking driver. * CVE-2024-46830: Memory corruption in Kernel-based Virtual Machine (KVM) driver. * CVE-2025-38022: Use-after-free in InfiniBand driver. * CVE-2025-38129: Use-after-free in Networking driver. * CVE-2025-40110: Null pointer dereference in DRM driver for VMware virtual GPUs. * CVE-2025-68764: Insufficient privilege checks in NFS client driver. * CVE-2025-68776: Null pointer dereference in High-availability Seamless Redundancy (HSR & PRP) driver. * CVE-2025-68788: Information leak in fsnotify. * CVE-2025-68803: Access control violation in NFS server driver. * CVE-2025-68813: Null pointer dereference in IP virtual server driver. * CVE-2025-68818: Null pointer dereference in QLogic QLA2XXX Fibre Channel driver. * CVE-2025-71066: Use-after-free in ETS network scheduler. * CVE-2025-71068: Out-of-bounds memory access in RPC-over-RDMA transport driver. * CVE-2025-71084: Reference count leak in InfiniBand driver. * CVE-2025-71097: Reference count leak in TCP/IP networking driver. * CVE-2025-71104: Hard lockup in KVM. * CVE-2025-71120: Null pointer dereference in SunRPC GSS. * CVE-2025-71131: Use-after-free in Sequence Number IV Generator driver. * CVE-2025-71147: Memory leak in TPM-based trusted keys driver. * CVE-2025-71182: Denial-of-service in SAE J1939 driver. * CVE-2025-71194: Deadlock in Btrfs filesystem driver. * CVE-2026-22976: Null pointer dereference in QFQ network scheduler. * CVE-2026-22977: Kernel panic in Networking driver. * CVE-2026-22988, CVE-2025-71098: Kernel panic in IPv6 GRE tunnel driver. * CVE-2026-22998: Null pointer dereference in NVME subsystem. * CVE-2026-23001: Use-after-free in MAC-VLAN driver. * CVE-2026-23011: Kernel panic in IP: GRE tunnels over IP driver. * CVE-2026-23060: Null pointer dereference in Authenc driver. * CVE-2026-23074: Use-after-free in TEQL network scheduler. * CVE-2026-23097: Deadlock in Page migration driver. * CVE-2026-23099: Out-of-bounds memory access in Bonding driver. * CVE-2026-23105: Undefined behavior in QFQ network scheduler. * CVE-2026-23111: Use-after-free in Netfilter driver. Orabug: 39057346 * CVE-2026-23120: Data race in Layer Two Tunneling Protocol (L2TP) driver. * CVE-2026-23209: Use-after-free in MAC-VLAN driver. Orabug: 39057366 * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2022-49635, CVE-2025-38408, CVE-2025-40082, CVE-2025-68257, CVE-2025-68258, CVE-2025-68266, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68365, CVE-2025-68727, CVE-2025-68728, CVE-2025-68733, CVE-2025-68765, CVE-2025-68767, CVE-2025-68769, CVE-2025-68773, CVE-2025-68774, CVE-2025-68777, CVE-2025-68787, CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68804, CVE-2025-68808, CVE-2025-68817, CVE-2025-71064, CVE-2025-71069, CVE-2025-71078, CVE-2025-71079, CVE-2025-71086, CVE-2025-71102, CVE-2025-71105, CVE-2025-71112, CVE-2025-71121, CVE-2025-71136, CVE-2025-71137, CVE-2025-71145, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71191, CVE-2025-71196, CVE-2025-71199, CVE-2026-22982, CVE-2026-23019, CVE-2026-23026, CVE-2026-23033, CVE-2026-23037, CVE-2026-23056, CVE-2026-23063, CVE-2026-23064, CVE-2026-23080, CVE-2026-23093, CVE-2026-23096, CVE-2026-23098, CVE-2026-23150, CVE-2026-23167, CVE-2026-23170 SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
