[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (4.9.210-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Mar 19 10:44:54 PDT 2020 

Synopsis: 4.9.210-1 can now be patched using Ksplice
CVEs: CVE-2014-9900 CVE-2018-13093 CVE-2018-13094 CVE-2018-20976 CVE-2018-21008 CVE-2019-0136 CVE-2019-10220 CVE-2019-14615 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15098 CVE-2019-15217 CVE-2019-15291 CVE-2019-15505 CVE-2019-15917 CVE-2019-16231 CVE-2019-16232 CVE-2019-16746 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-17075 CVE-2019-17133 CVE-2019-17666 CVE-2019-18683 CVE-2019-18806 CVE-2019-18809 CVE-2019-19037 CVE-2019-19049 CVE-2019-19051 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19066 CVE-2019-19068 CVE-2019-19227 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19528 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767 CVE-2019-19947 CVE-2019-19965 CVE-2019-20096

Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian kernel update, 4.9.210-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-19527: Denial-of-service in USB HID device open.

A race condition when opening a USB HID device could result in a
use-after-free and kernel crash.


* CVE-2019-17055: Permission bypass when creating a Modular ISDN socket.

A missing check on user capabilities when creating a Modular ISDN socket
could lead to a permission bypass.


* CVE-2019-17054: Permission bypass when creating a Appletalk socket.

A missing check on user capabilities when creating a Appletalk socket
could lead to a permission bypass.


* CVE-2019-17052: Permission bypass when creating a Amateur Radio AX.25 Level 2 socket.

A missing check on user capabilities when creating a Amateur Radio AX.25
Level 2 socket could lead to a permission bypass.


* CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket.

A missing check on user capabilities when creating a IEEE 802.15.4
socket could lead to a permission bypass.


* CVE-2019-17056: Permission bypass when creating a NFC socket.

A missing check on user capabilities when creating a NFC socket could
lead to a permission bypass.


* Improved fix for CVE-2019-0136: Denial-of-service in Intel(R) wifi driver.

Insufficient access control in the Intel(R) PROSet/Wireless WiFi driver
may allow an unauthenticated user in the same network to cause a
denial-of-service.


* CVE-2019-19530: Denial-of-service in USB CDC-ACM probing.

Incorrect reference counting when probing a USB CDC-ACM device could
result in a use-after-free and kernel crash.  A local user with the
ability to insert USB devices could use this flaw to crash the system.


* CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Denial-of-service when parsing access point settings in Marvell WiFi-Ex driver.

Logic errors when parsing access point settings in Marvell WiFi-Ex
driver could lead to buffer overflows. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-15505: Out-of-bounds access in Technisat DVB-S/S2 USB2.0 driver.

A logic error when receiving data over Technisat DVB-S/S2 USB2.0 driver
could lead to an out-of-bounds access. A remote attacker could use this
flaw to cause a denial-of-service.


* CVE-2018-20976: Use-after-free when mounting XFS filesystem.

A logic error when mounting XFS filesystem fails during super block
creation, could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2019-15098: NULL pointer dereference when using Atheros ath6kl usb driver.

A missing check when using Atheros ath6kl usb driver with a malicious
usb device could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2019-17666: Remote code execution in Realtek peer-to-peer Wifi.

Missing validation could result in a kernel buffer overflow and
potentially code-execution.  A remote attacker in proximity to the
device could use this flaw to crash the system or potentially, execute
code.


* CVE-2014-9900: Information disclosure in Wake-On-LAN driver.

Due to a failure to correctly clear memory, sensitive kernel information
can be disclosed to userspace when information about Wake-On-LAN support
is requested. A local attacker could use this flaw to facilitate a
further attack on the kernel.


* CVE-2019-19052: Memory leak when opening USB Socket CAN device driver.

A missing free of resources when opening USB Socket CAN device driver
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19534: Information leak using PEAK PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD.

A missing zeroing of heap buffer passed to user space in PEAK
PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD driver could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* CVE-2019-16231: NULL pointer dereference when registering FUJITSU Extended Socket Network Device driver.

A missing check when registering FUJITSU Extended Socket Network Device
driver fails could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2019-19524: Use-after-free when unregistering memoryless force-feedback driver.

A missing free of a timer when unregistering memoryless force-feedback
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-18683: Privilege escalation in Virtual Video Test driver.

A locking error in Virtual Video Test driver could lead to a race
condition and use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2019-15291: Denial-of-service in B2C2 FlexCop driver probing.

Incorrect device validation when probing a B2C2 FlexCop driver could
result in a NULL pointer dereference and kernel crash.  A local user
with the ability to insert USB devices could use this flaw to crash the
system.


* CVE-2019-19062: Denial-of-service in the crypto subsystem.

Incomplete error handling while reporting statistics through procfs
in the crypto subsystem leads to memory leak. An unprivileged local
user could exploit this to exhaust kernel memory and cause a
denial-of-service.


* CVE-2019-19227: Denial-of-service during AppleTalk protocol registration.

A failure to correctly handle memory allocation failures can result in a
NULL pointer dereference, leading to a kernel crash. A local user with
the ability to trigger a load of the AppleTalk protocol could use this
flaw to cause a denial-of-service.


* CVE-2019-19063: Denial-of-service in the rtlwifi driver.

A bug in the error path during initialization in rtlwifi USB driver leads
to memory leak. An attacker with physical access may possibly exploit
this bug to cause a denial-of-service.


* CVE-2019-16232: NULL pointer dereference when registering Marvell Libertas 8385/8686/8688 SDIO 802.11b/g cards.

A missing check when registering Marvell Libertas 8385/8686/8688 SDIO
802.11b/g cards could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2019-19056, CVE-2019-19057: Denial-of-service in the Marvell mwifiex PCIe driver.

Failure to handle error during initialization of Marvell mwifiex PCIe
driver leads to memory leak. An attacker could exploit this to exhaust
kernel memory that eventually may cause a denial-of-service.


* CVE-2019-19037: Denial-of-service when handling empty directories in ext4 filesystem.

A logic error when handling empty directories in ext4 filesystem with
holes could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-10220: Privileges escalation when parsing directory from a bad SMB server.

A logic error in the way path are parsed in SMB client could let an
attacker running a SMB server manipulating files outside shared mount
point on the client side.


* CVE-2019-19965: Denial-of-service in SCSI device removal.

A race condition when probing SCSI devices could result in a NULL
pointer dereference and kernel crash.  A local user with privileges to
add or remove SCSI devices could use this flaw to crash the system.


* CVE-2019-18809: Memory leak when identifying state in Afatech AF9005 DVB-T USB1.1 driver.

A logic error when identifying state in Afatech AF9005 DVB-T USB1.1
driver fails could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19066: Denial-of-service int SCSI bfa driver.

While querying port statistics in the SCSI bfa driver, incorrect error
handling causes a memory leak. An attacker could possibly exploit this
to cause a denial-of-service.


* CVE-2019-19068: Denial-of-service in realtek wifi driver.

Incorrect error handling on some Realtek wifi drivers could cause memory
leak. A malicious device could trigger this to cause a denial-of-service.


* CVE-2018-13093: NULL-pointer dereference when reusing inodes in xfs.

If an XFS filesystem becomes corrupted, the local inode cache might
attempt to re-allocate in-use inodes. This can result in a deadlock or
NULL-pointer dereference and denial-of-service.


* CVE-2018-13094: NULL-pointer dereference when shrinking xfs inode.

When attempting to shrink an xfs inode for a file with corrupted
extended attributes, the non-existent attribute buffer might be
dereferenced, resulting in a denial-of-service.


* CVE-2019-14896, CVE-2019-14897: Denial-of-service when parsing BSS in Marvell 8xxx Libertas WLAN driver.

A missing check when parsing BSS in Marvell 8xxx Libertas WLAN driver
could lead to buffer overflows. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-14901: Denial-of-service when parsing TDLS action frame in Marvell WiFi-Ex driver.

Missing checks when parsing TDLS action frame in Marvell WiFi-Ex driver
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver.

A missing check when querying capabilities of USB ZR364XX Camera device
from user space could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2019-19051: Memory leak when changing power status of Intel Wireless WiMAX Connection 2400 driver.

A missing free of resources when changing power status of Intel Wireless
WiMAX Connection 2400 driver could lead to a memory leak. A local
attacker could use this flaw to leak information about running kernel
and facilitate an attack.


* CVE-2019-19947: Information leak in CAN Kvaser memory allocations.

Missing clearing of memory allocations could result in an information
leak of kernel heap memory to user-space.


* CVE-2019-19767: Use-after-free with malformed ext4 filesystems.

Missing error handling in the ext4 inode size handling code could result
in a use-after-free and kernel crash.  A malformed ext4 filesystem could
crash the system at mount time.


* CVE-2019-19531: Denial-of-service when removing a Yurex USB device.

Incorrect reference counting when removing a Yurex device could lead to
a use-after-free. An attacker could exploit this vulnerability to cause
a denial-of-service.


* CVE-2019-19535, CVE-2019-19536: Information leak when initializing PCAN-USB device.

When loading a PCAN-USB driver, kernel passes an uninitialized buffer
to the device. This could leak privileged kernel memory to the device
and allow a malicious device to escalate privilege.


* CVE-2019-19537: Denial-of-service in USB character device registration.

Incorrect locking when registering and deregistering a USB character
device could result in a use-after-free and kernel crash.  A local user
with the ability to insert USB devices could use this flaw to crash the
system.


* CVE-2019-19533: Information leak in Technotrend/Hauppauge USB DEC driver.

A missing zeroing of memory when doing transfers in Technotrend /
Hauppauge USB DEC driver could lead to an information leak.  A local
attacker could use this flaw to gain information about running kernel
and facilitate an attack.


* CVE-2019-19525: Use-after-free during ATUSB device disconnect.

The ATUSB driver attempts to access a previously freed structure in its
device disconnect path.  The flaw could potentially be exploited using
a specially crafted USB device to cause a system to exhibit unexpected
behavior, including a potential denial-of-service.


* CVE-2019-16746: Buffer overflow when receiving beacon over wireless network.

A missing check a beacon header received over wireless network could
lead to a buffer overflow. A remote attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-19523: Use-after-free when disconnecting ADU USB devices.

Logic errors when disconnecting ADU USB devices could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19528: Denial-of-service when disconnecting IO Warrior USB device.

Logic errors when disconnecting IO Warrior USB device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-17133: Denial-of-service in WiFI SIOCGIWESSID ioctl().

Missing bounds checks when copying an SSID in the SIOCGIWESSID ioctl()
for an 802.11 WiFi device could result in a buffer overflow and kernel
crash.


* CVE-2019-17075: Denial-of-service in Chelsio T4/T5 RDMA TPT entries.

Incorrect mapping of transfer buffers could result in performing DMA to
an incorrect physical address leading to memory corruption and use of
uninitialized values.  An attacker could use this flaw to crash the
system.


* CVE-2019-19532: Denial-of-service when initializing HID devices.

A failure to properly check a device-controlled parameter in the USB
HID (bluetooth) subsystem lead to reading or writing past memory
bounds. An attacker can exploit this bug with a specially crafted USB
device to escalate privileges or cause a denial-of-service.


* CVE-2019-15917: Use-after-free when registering Bluetooth HCI uart device.

A logic error when registering Bluetooth HCI uart device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting.

A failure to correctly validate a request for KVM cpuid emulation
information a can lead to an out-of-bounds memory access, leading to a
kernel crash. A local user with the ability to use KVM could use this
flaw to cause a denial-of-service.


* CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver.

A logic error when receiving Country WLAN element in Marvell WiFi-Ex
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-21008: Use-after-free when de-initializing mac80211 stack in Redpine Signals Inc 91x WLAN driver.

A logic error when de-initializing mac80211 stack in Redpine Signals Inc
91x WLAN driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-20096: Memory leak while changing DCCP socket SP feature values.

Under certain conditions, it is possible for the __feat_register_sp
function to leak small amounts of memory.  This could potentially be
exploited by a local attacker to waste system resources and degrade
performance, or to aid in another type of attack.


* CVE-2019-19447: Use-after-free when unmounting corrupt ext4 filesystem.

On an ext4 filesystem containing an inode with a corrupt link count,
deleting the inode's parent directory and then unmounting could result
in a use-after-free and memory corruption. Mounting a crafted filesystem
image could therefore result in a denial-of-service or other unspecified
impact.


* CVE-2019-18806: Memory leak when allocating large buffers in QLogic QLA3XXX Network driver.

A missing free of resources when allocating large buffers in QLogic
QLA3XXX Network driver could lead to a memory leak. A local attacker
could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Oracle will not provide zero-downtime update for CVE-2019-19049.

Oracle has determined that the vulnerability does not affect a
running system.


* CVE-2019-14615: Information leak in Intel i915 generation 9 devices.

Missing pipeline flushing when switching i915 contexts could lead to
information leaks between unrelated GPU contexts. A malicious user
could potentially use this to obtain sensitive information.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-9.0-Updates mailing list