[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (DLA 2068-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Jan 23 05:29:39 PST 2020 

Synopsis: DLA 2068-1 can now be patched using Ksplice
CVEs: CVE-2019-10220 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15098 CVE-2019-15217 CVE-2019-15291 CVE-2019-15505 CVE-2019-16746 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18806 CVE-2019-19051 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19062 CVE-2019-19066 CVE-2019-19227 CVE-2019-19332 CVE-2019-19523 CVE-2019-19524 CVE-2019-19527 CVE-2019-19528 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767 CVE-2019-19807 CVE-2019-19922 CVE-2019-19947 CVE-2019-19965 CVE-2019-19966

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, DLA 2068-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-15098: NULL pointer dereference when using Atheros ath6kl usb driver.

A missing check when using Atheros ath6kl usb driver with a malicious
usb device could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver.

A missing check when querying capabilities of USB ZR364XX Camera device
from user space could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2019-15505: Out-of-bounds access in Technisat DVB-S/S2 USB2.0 driver.

A logic error when receiving data over Technisat DVB-S/S2 USB2.0 driver
could lead to an out-of-bounds access. A remote attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-17052: Permission bypass when creating a Amateur Radio AX.25 Level 2 socket.

A missing check on user capabilities when creating a Amateur Radio AX.25
Level 2 socket could lead to a permission bypass.


* CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket.

A missing check on user capabilities when creating a IEEE 802.15.4
socket could lead to a permission bypass.


* CVE-2019-17054: Permission bypass when creating a Appletalk socket.

A missing check on user capabilities when creating a Appletalk socket
could lead to a permission bypass.


* CVE-2019-17055: Permission bypass when creating a Modular ISDN socket.

A missing check on user capabilities when creating a Modular ISDN socket
could lead to a permission bypass.


* CVE-2019-17056: Permission bypass when creating a NFC socket.

A missing check on user capabilities when creating a NFC socket could
lead to a permission bypass.


* CVE-2019-17133: Denial-of-service in WiFI SIOCGIWESSID ioctl().

Missing bounds checks when copying an SSID in the SIOCGIWESSID ioctl()
for an 802.11 WiFi device could result in a buffer overflow and kernel
crash.


* CVE-2019-17666: Out-of-bounds access when using Realtek Wireless Network driver in P2P mode.

A logic error when using Realtek Wireless Network driver in P2P mode
could lead to an out-of-bounds access. A remote attacker within the
wireless radio range of the victim could use this flaw to cause a
denial-of-service.


* Use-after-free when closing PEAK PCAN-USB connection.

A logic error when closing PEAK PCAN-USB connection when transfers are
on-going could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* Denial-of-service when dequeueing packet in network scheduler.

A null-pointer dereference in the CODEL network packet scheduler could
lead to a kernel crash. A local attacker could exploit this to cause a
denial-of-service if CODEL scheduler is enabled.


* Denial-of-service when removing network namespace.

A name conflict in the network namespace subsystem could trigger a
kernel safety violation. An attacker capable of creating and removing
network namespaces could exploit this to cause a denial-of-service.


* Memory corruption during Xen Software I/O TLB unregistration.

A logic error when unregistering Xen Software I/O TLB memory could cause
memory to be unmapped incorrectly. An attacker might be able to use this
to cause crashes or memory corruption.


* CVE-2019-19531: Denial-of-service when removing a Yurex USB device.

Incorrect reference counting when removing a Yurex device could lead to
a use-after-free. An attacker could exploit this vulnerability to cause
a denial-of-service.


* Denial-of-service when reconnecting to a SMBv3 server.

A deadlock in the SMB / CIFS subsystem could lead to the kernel thread
hanging indefinitely. An attacker could exploit this bug to cause a
denial-of-service.


* Memory leak when registering a sound device fails.

A logic error when registering a sound device fails could lead to a
memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* Denial-of-service in sendmsg when using TX_RING.

A null pointer dereference in the sendmsg system call path when TX_RING
is used could lead to a GPF. An attacker could exploit this to cause a
denial-of-service.


* Use-after-free in sound sequencer driver when deleting pools.

A missing locking when deleting pools in sound sequencer driver from
user space could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free when disconnecting USB Wireless device.

A race condition when disconnecting USB Wireless device while transfers
are on-going could lead to a use-after-free. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* Memory leak when setting IPv6 multicast socket options.

A logic missing free of resources when setting IPv6 multicast socket
options could lead to a memory leak. A local attacker could use this
flaw to exhaust kernel memory and cause a denial-of-service.


* NULL pointer dereference when accessing a revoked key.

A missing check when accessing a revoked key could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Information leak when emulating VMPTRST in KVM.

A missing zeroing of on-stack data on host side when emulating VMPTRST
in KVM could lead to an information leak. A local attacker from a guest
could use this flaw to leak information about the host an facilitate an
attack.


* Double free when disconnecting TV Master TM5600/6000/6010 USB device.

A logic error when disconnecting TV Master TM5600/6000/6010 USB device
while transfers are on-going could lead to a double free. A local
attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds read in Raw HID driver ioctl causes denial-of-service.

The hidraw_ioctl() function for raw access to generic Human Interface
Devices has missing sanitation of whether the specified device has been
removed. When used on a non-existent device, the ioctl can read memory
out of bounds and cause a denial-of-service.


* Out-of-bounds access during USB device reset.

A logic error during USB device reset could lead to an out-of-bounds
access. A local attacker could use this flaw to cause a
denial-of-service.


* Permission bypass when LSM_UNSAFE_PTRACE is set using smack.

A logic error when LSM_UNSAFE_PTRACE is set using smack could lead to a
permission bypass. A local attacker could use this flaw to facilitate an
attack.


* Deadlock when creating a file on ext4 filesystem with smack enabled.

A logic error when creating a file on ext4 filesystem with smack enabled
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* Invalid memory access when probing Prodikeys MIDI device.

When connecting a Prodikeys MIDI keyboard device, the device's output is
not properly validated. A malicious device could exploit this flaw to
cause a system denial-of-service.


* Use-after-free when using BTRFS tree.

A logic error when using BTRFS tree could lead to a use-after-free. A
local attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when using Network emulator driver.

A missing check when using Network emulator driver could lead to a
divide by zero error. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-16746: Potential buffer overflow when processing IEEE80211 beacon head.

A failure to validate the beacon frame header along with other beacon
frame attributes can lead to malformed data eventually being processed.
This can potentially be exploited by a remote attacker to cause a buffer
overflow, which can be leveraged to perform other types of attacks.


* CVE-2019-19051: Memory leak when changing power status of Intel Wireless WiMAX Connection 2400 driver.

A missing free of resources when changing power status of Intel Wireless
WiMAX Connection 2400 driver could lead to a memory leak. A local
attacker could use this flaw to leak information about running kernel
and facilitate an attack.


* CVE-2019-19052: Memory leak when opening USB Socket CAN device driver.

A missing free of resources when opening USB Socket CAN device driver
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19056, CVE-2019-19057: Denial-of-service in the Marvell mwifiex PCIe driver.

Failure to handle error during initialization of Marvell mwifiex PCIe
driver leads to memory leak. An attacker could exploit this to exhaust
kernel memory that eventually may cause a denial-of-service.


* CVE-2019-19066: Denial-of-service int SCSI bfa driver.

While querying port statistics in the SCSI bfa driver, incorrect error
handling causes a memory leak. An attacker could possibly exploit this
to cause a denial-of-service.


* CVE-2019-19227: Denial-of-service during AppleTalk protocol registration.

A failure to correctly handle memory allocation failures can result in a
NULL pointer dereference, leading to a kernel crash. A local user with
the ability to trigger a load of the AppleTalk protocol could use this
flaw to cause a denial-of-service.


* CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting.

A failure to correctly validate a request for KVM cpuid emulation
information a can lead to an out-of-bounds memory access, leading to a
kernel crash. A local user with the ability to use KVM could use this
flaw to cause a denial-of-service.


* CVE-2019-19523: Use-after-free when disconnecting ADU USB devices.

Logic errors when disconnecting ADU USB devices could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19524: Use-after-free when unregistering memoryless force-feedback driver.

A missing free of a timer when unregistering memoryless force-feedback
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-19528: Denial-of-service when disconnecting IO Warrior USB device.

Logic errors when disconnecting IO Warrior USB device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19532: Denial-of-service when initializing HID devices.

A failure to properly check a device-controlled parameter in the USB
HID (bluetooth) subsystem lead to reading or writing past memory
bounds. An attacker can exploit this bug with a specially crafted USB
device to escalate privileges or cause a denial-of-service.


* CVE-2019-19533: Information leak in Technotrend/Hauppauge USB DEC driver.

A missing zeroing of memory when doing transfers in Technotrend /
Hauppauge USB DEC driver could lead to an information leak.  A local
attacker could use this flaw to gain information about running kernel
and facilitate an attack.


* CVE-2019-19534: Information leak using PEAK PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD.

A missing zeroing of heap buffer passed to user space in PEAK
PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD driver could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* NULL pointer deference when using the Class-Based Queueing (CBQ) packet scheduling algorithm.

A missing validation of user input when using the Class-Based Queueing
(CBQ) packet scheduling algorithm could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when using Option USB device.

A missing check on device endpoint when using Option USB device could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* Invalid memory access when handling v4mapped packets on IPV6 socket.

A missing check when handling v4mapped packets on IPV6 socket could lead
to an invalid memory access. A local attacker could use this flaw to
cause a denial-of-service.


* NULL pointer dereference when using USB Keyspan USA-xxx Serial driver.

A missing check on endpoints when using USB Keyspan USA-xxx Serial
driver could lead to a NULL pointer dereference. A local attacker could
use a malicious USB device to cause a denial-of-service.


* Information leak when registering Microtek X6USB scanner driver.

A missing check when registering Microtek X6USB scanner driver could
lead to an information leak. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.


* Denial-of-service when scanning APs in mac80211 subsystem.

Missing SSID length validation in mac80211 subsystem could lead to
out-of-bound read in the kernel when scanning access points. A malicious
AP could exploit this to cause a denial-of-service.


* Information leak when registering USB Lego Infrared Tower driver.

A missing check when registering USB Lego Infrared Tower driver could
lead to an information leak. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.


* NULL pointer dereference when initializing Differentiated Services marker driver.

A missing check when initializing Differentiated Services marker driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Memory leak when binding a NFC socket fails.

A logic error when binding a NFC socket fails could lead to a memory
leak. A local attacker could use this flaw to exhaust kernel memory and
cause a denial-of-service.


* Denial-of-service when adding packet action.

An infinite loop during sendmsg in Packet Action API interface could
block a kernel thread indefinitely. An attacker with permission to add
packet action could exploit this bug to cause a denial-of-service.


* Denial-of-service when removing TUSB3410 USB device.

Incorrect locking when closing a port leads to a use-after-free bug when
removing TUSB3410 serial USB device. A malicious device could exploit
this bug to cause a denial-of-service or possibly to escalate privilege.


* Information leak when reading from LD Didactic USB device.

Incorrect read implementation in LD Didactic USB driver leads to
uninitialized kernel memory leaked to the device. A malicious device
could exploit this to escalate privilege.


* Data corruption when opening a file from a FUSE mount.

When opening a file with O_TRUNC flag from a FUSE mounted path, incorrect
locking could lead to operation reordering. This could cause inadvertent
data loss.


* Memory corruption when reading from a USB device.

Inadequate locking when reading from an LD Didactic-based USB device
could corrupt kernel memory. An attacker could exploit this bug to cause
a denial-of-service.


* Use-after-free when clearing capabilities of a freed inode in Ceph distributed file system.

A logic error when clearing capabilities of a freed inode in Ceph
distributed file system could lead to a use-after-free. A local attacker
could use this flaw to cause a denial-of-service.


* Denial-of-service in whiteheat USB to serial converter.

Failing to sanitize user input in the whiteheat driver causes kernel
memory corruption. An attacker can craft a malicious device that
exploits this bug to cause a denial-of-service and possibly escalate
privilege.


* CVE-2019-19807: Use-after-free when registering timer in ALSA driver.

A logic error when registering timer in ALSA driver fails could lead to
a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Privileged information leak in the socket subsystem.

Some kernel subsystems and userspace programs use "jiffies" (number of
ticks occurred since system start-up) to seed pseudorandom number
generator. This information is thus considered privileged. A bug in the
socket subsystem leaks jiffies on the wire, which could allow a remote
attacker to weaken some data-concealment measures.


* Use-after-free when disconnecting USB2CAN "8 devices".

A logic error when disconnecting USB2CAN "8 devices" could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.


* Denial-of-service by accessing /proc/pagetypeinfo.

Incorrect permission of /proc/pagetypeinfo could let an attacker read
this file in a loop and cause a denial-of-service.


* Invalid memory accesses when looking up dentries in ecryptfs driver.

Logic errors when looking up dentries in ecryptfs driver could lead to
invalid memory accesses. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when creating extra attributes on an ext4 inode.

Creating a directory on an ext4 filesystem causes a null pointer
dereference when SMACK security rule is attached. An attacker could
exploit this bug to cause a denial-of-service.


* CVE-2019-18806: Memory leak when allocating large buffers in QLogic QLA3XXX Network driver.

A missing free of resources when allocating large buffers in QLogic
QLA3XXX Network driver could lead to a memory leak. A local attacker
could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Denial-of-service during block cipher encryption.

Out-of-bound access in the crypto subsystem when encrypting a block
leads to a kernel crash. An unprivileged local user could exploit this
using the userspace crypto API and cause a denial-of-service.


* Denial-of-service when unlinking anonymous VMAs.

A kernel assert when unlinking anonymous VMAs with existing childs could
lead to a denial-of-service.


* CVE-2019-14896, CVE-2019-14897: Denial-of-service when parsing BSS in Marvell 8xxx Libertas WLAN driver.

A missing check when parsing BSS in Marvell 8xxx Libertas WLAN driver
could lead to buffer overflows. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-19536: Information leak when initializing PCAN-USB device.

When loading a PCAN-USB driver, kernel passes an uninitialized buffer
to the device. This could leak privileged kernel memory to the device
and allow a malicious device to escalate privilege.


* CVE-2019-19062: Denial-of-service in the crypto subsystem.

Incomplete error handling while reporting statistics through procfs
in the crypto subsystem leads to memory leak. An unprivileged local
user could exploit this to exhaust kernel memory and cause a
denial-of-service.


* Denial-of-service when allocating page fragment for socket buffer.

Out-of-bound write due to incorrect page fragment allocation in the socket
subsystem leads to kernel memory corruption. An attacker could exploit
this to cause a denial-of-service and possibly escalate privilege.


* CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver.

A logic error when receiving Country WLAN element in Marvell WiFi-Ex
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service in ALSA Firewire initialization.

Incorrect error handling when initializing an ALSA Firewire audio device
could result in a memory leak and eventual system memory exhaustion.


* Denial-of-service in CIFS file iteration.

Incorrect locking could result in a use-after-free when iterating over
CIFS files.  A local user could use this flaw to crash the system.


* Denial-of-service in CIFS SMB2_set_info_init.

Incorrect range changes could result in an out-of-bounds memory access
and subsequent kernel crash.  A local user could use this flaw to crash
the system or potentially, escalate privileges.


* CVE-2019-19947: Information leak in CAN Kvaser memory allocations.

Missing clearing of memory allocations could result in an information
leak of kernel heap memory to user-space.


* CVE-2019-19966: Denial-of-service in CPiA2 driver.

Missing error handling in the CPiA2 driver initialization function could
result in use of uninitialized memory and subsequent kernel crash.


* CVE-2019-19965: Denial-of-service in SCSI device removal.

A race condition when probing SCSI devices could result in a NULL
pointer dereference and kernel crash.  A local user with privileges to
add or remove SCSI devices could use this flaw to crash the system.


* CVE-2019-19767: Use-after-free in with malformed ext4 filesystems.

Missing error handling in the ext4 inode size handling code could result
in a use-after-free and kernel crash.  A malformed ext4 filesystem could
crash the system at mount time.


* CVE-2019-10220: Privileges escalation when parsing directory from a bad SMB server.

A logic error in the way path are parsed in SMB client could let an
attacker running a SMB server manipulating files outside shared mount
point on the client side.


* CVE-2019-19537: Denial-of-service in USB character device registration.

Incorrect locking when registering and deregistering a USB character
device could result in a use-after-free and kernel crash.  A local user
with the ability to insert USB devices could use this flaw to crash the
system.


* CVE-2019-19530: Denial-of-service in USB CDC-ACM probing.

Incorrect reference counting when probing a USB CDC-ACM device could
result in a use-after-free and kernel crash.  A local user with the
ability to insert USB devices could use this flaw to crash the system.


* CVE-2019-15291: Denial-of-service in B2C2 FlexCop driver probing.

Incorrect device validation when probing a B2C2 FlexCop driver could
result in a NULL pointer dereference and kernel crash.  A local user
with the ability to insert USB devices could use this flaw to crash the
system.


* CVE-2019-19922: Denial-of-service using specific workloads.

A logic error in the kernel scheduler could lead to a mismanagement of
userspace processes under a specific workload. A local attacker could
use this flaw to cause a denial- of-service.


* CVE-2019-14901: Privilege escalation in Marvell WiFi TDLS frame handling.

Missing validation in the Marvell WiFi driver when processing TDLS
frames could result in a kernel heap overflow.  A malicious user could
use this flaw to crash the system or potentially, escalate privileges.


* CVE-2019-19527: Denial-of-service in USB HID device open.

A race condition when opening a USB HID device could result in a
use-after-free and kernel crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-8.0-Updates mailing list