[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (DLA-1862-1)

[Oracle Ksplice]

Synopsis: DLA-1862-1 can now be patched using Ksplice
CVEs: CVE-2019-13272 CVE-2019-2101

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, DLA-1862-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Potential out-of-bounds access in Infiniband Emulex One Connect HCA driver.

An improper length check on an array index can lead to an out of bounds
access in the Emulex One Connect HCA driver's partition key query path.
This could cause a system to exhibit unexpected behavior, including a
potential denial-of-service.


* Improved fix for Spectre v1: Information leak in the Applicom driver.

Multiple missing sanitizations of user-controlled buffer indices in the
Applicom driver could lead to an information leak.  This flaw could be
exploited by a local attacker to leak information about the running
system.


* Potential failure to start RCU grace periods.

A logic error in the core RCU code can lead to grace periods failing
to start, which can eventually cause out-of-memory errors.  This could
potentially be exploited to degrade system performance or cause a
denial-of-service.


* NULL dereference in IPWireless driver.

A failure to check for an error condition in the IPWireless driver's
setup packet send path can lead to a NULL dereference and subsequent
kernel panic.  This could potentially be exploited to cause a
denial-of-service.


* Denial-of-service in the UVC driver's stream cleanup path.

A logic error in the UVC driver code responsible for cleaning up and
freeing memory at the end of streaming can lead to a NULL pointer
dereference and subsequent kernel panic.  This could potentially
cause a denial-of-service.


* Multiple denial-of-service vectors in bcache driver.

Various logic errors in the bcache driver can lead to kernel panics.
These flaws could potentially be exploited by a local attacker to cause
a denial-of-service.


* Data corruption in jbd2 transaction handling.

Improper handling of certain transactions in the jbd2 driver can lead to
filesystem data corruption.  This could cause a system to exhibit
unexpected behavior, and could lead to the loss of vital data.


* Denial-of-service during ext4 online resizing.

A mathematical error in the code that handles ext4 online resizing can
cause a kernel assertion to fail, resulting in a system panic.  A local
attacker with sufficient privileges could potentially exploit this flaw
to cause a denial-of-service.


* Potential NULL dereference in btrfs scrub path.

Under certain conditions, the btrfs driver can attempt to access
uninitialized data while performing a filesystem scrub, which will
result in a system panic.  This could potentially be exploited by a
local attacker to cause a denial-of service.


* Data corruption in btrfs driver when reading shared compressed extents.

A logic error in the btrfs read path can lead to data corruption under
certain circumstances.  This could cause a system to exhibit unexpected
behavior, and could lead to the loss of vital data.


* Memory corruption in NFSv3 directory read path.

A logic error in the NFSv3 directory read path can cause silent memory
corruption or a system panic.  This could cause a system to behave
unexpectedly, and may lead to a denial-of-service or the loss of vital
data.


* Denial-of-service in mmap path.

A mathematical error in the mmap memory remap path can cause a system
panic.  This flaw could be exploited by a local attacker to cause a
denial-of-service.


* NULL dereference in swap core.

A failure to check if a pointer is NULL before use in
get_swap_page_of_type can lead to a NULL dereference and subsequent
kernel panic.  This could potentially be exploited to cause a
denial-of-service.


* Mathematical error in 64-bit division code.

An off-by-one error in the code that handles 64-bit division can cause
certain division operations to return incorrect results.  This could
cause a system to exhibit unexpected behavior.


* Denial-of-service in VXLAN packet receive path.

A logic error in the VXLAN packet receive path can lead to a
use-after free scenario and potential system panic.  This could cause
a system to exhibit unexpected behavior, and could potentially be used
to cause a denial-of-service.


* Denial-of-service in IP tunneling core.

Missing checks to ensure that some functions are called in the proper
order in the gro_cells_receive function can lead to a bad paging
request, and subsequent kernel panic.  This flaw could potentially
be exploited to cause a denial-of-service.


* Filesystem data corruption in md RAID10 driver.

A mathematical error in the MD RAID10 driver's sync path can lead to
filesystem data corruption.  This could cause a system to behave
unexpectedly and could lead to the loss of vital data.


* Use-after-free in mlx4 command handling code.

Improper locking in the Mellanox driver's command handling path can
lead to a use-after-free scenario.  This could cause a system to exhibit
unexpected behavior, and may lead to a denial-of-service.


* Undefined behavior in mlx4 MTT size calculation.

A mathematical error in the Mellanox driver core causes an MTT size
calculation to yield an unpredictable result.  This could cause a
system to behave unexpectedly.


* Information leak in L2TP driver while receiving messages.

A logic error in the L2TP driver's message receive path can lead to
kernel memory being leaked to userspace.  A local attack could exploit
this flaw to leak information about the running system.


* Memory leak in PPTP socket destroy path.

When tearing down PPTP sockets, a failure to drop all references on
certain objects can lead to a memory leak.  This could potentially be
exploited to waste system resources and degrade performance.


* CVE-2019-2101: Buffer overflow in uvcvideo driver.

When testing certain fields of a Camera Type Descriptor in
uvc_parse_standard_control no bitmask is used to ensure that unused
bits are not set.  Using a specially crafted descriptor and a very
large buffer, it is possible for a local attacker to cause a buffer
overflow.  This flaw could potentially be exploited by a local attacker
to execute arbitrary code and escalate privilege.


* CVE-2019-13272: Privilege escalation in ptrace implementation.

A logic error in the ptrace implementation core can allow a malicious
user process to gain unintended privileges, which could be further
abused to ptrace an suid binary and gain root privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.