[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (DLA-2494-1)

[Oracle Ksplice]

Synopsis: DLA-2494-1 can now be patched using Ksplice
CVEs: CVE-2020-0427 CVE-2020-14351 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974 CVE-2020-8694

Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian kernel update, DLA-2494-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-27675: Race condition when reconfiguring para-virtualized Xen devices.

An event-channel removal when reconfiguring paravirtualized devices may cause a
race condition leading to a null pointer dereference. A local attacker could use
this flaw to cause a denial-of-service on a dom0.


* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.

A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.


* CVE-2020-25668: Race condition when sending ioctls to a virtual terminal.

A race condition can possibly occur when sending ioctls to a tty device may
cause a use-after-free. A local attacker may use this to cause memory
corruption or a denial-of-service.


* CVE-2020-25656: Use-after-free in console subsystem.

Specific ioctls sent to the console subsystem could lead to a use-after-free.
A local attacker could use this flaw to read confidential data.


* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.

The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.


* CVE-2020-28974: Invalid memory access when manipulating framebuffer fonts.

A logic error when manipulating framebuffer console fonts may cause an
out-of-bounds memory read. A local attacker could use this flaw to read
privileged information or potentially cause a denial-of-service.


* CVE-2020-8694: Platypus Attack Mitigation.

A side-channel attack utilizing the Intel RAPL subsystem driver may
cause an information leak.  This may allow an unprivileged user to
view confidential data.


* CVE-2020-25645: Possible information leak between encrypted geneve endpoints.

A logic error may end up inadvertently transmitting data between two
geneve endpoints unencrypted. This may allow unintended parties to view
confidential network data.


* Note: Oracle will not provide a rebootless update for CVE-2020-27673.

Oracle has determined that patching this vulnerability live on a running system
would not be safe and is recommending to reboot the vulnerable hosts.  Only Xen
dom0 hosts running untrusted VMs are affected by this vulnerability.


* Note: Oracle will not provide an update for CVE-2020-0427.

This security issue doesn't impact x86.


* CVE-2020-25704: Denial-of-service in the performance monitoring subsystem.

A possible memory leak when setting performance monitoring filter could lead to
kernel memory exhaustion. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2020-25669: Use-after-free in Sun Type 4 and Type 5 keyboard driver.

A logic error in Sun Type 4 and Type 5 keyboard driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of- service.


* Add ftrace safety guard for existing Ksplice updates.

Ftrace is generally incompatible with Ksplice's patching process; it must
be disabled when patches are applied. Prevent crashes in patching due to
functions under active ftrace while patching.


* Clean up ftrace safety guard for existing Ksplice updates.

Ftrace is generally incompatible with Ksplice's patching process; it must
be disabled when patches are applied. Prevent crashes in patching due to
functions under active ftrace while patching.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.