[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (4.9.240-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Nov 19 18:31:59 PST 2020
Synopsis: 4.9.240-1 can now be patched using Ksplice
CVEs: CVE-2019-18808 CVE-2019-19054 CVE-2019-19073 CVE-2019-19074 CVE-2019-19448 CVE-2019-9445 CVE-2020-12351 CVE-2020-12352 CVE-2020-12655 CVE-2020-12771 CVE-2020-12888 CVE-2020-14305 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-15393 CVE-2020-16166 CVE-2020-24490 CVE-2020-25211 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643
Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian kernel update, 4.9.240-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-9445: Out-of-bounds access in directory reads of F2FS filesystem.
An Out-of-bounds access could happen in directory reads of F2FS
filesystem when passing an invalid directory name length value.
A local user could use this flaw to cause a denial-of-service.
* CVE-2020-15393: Memory leak when in USB test driver.
A missing free of resources when a USB test device is disconnected could
lead to a memory leak. A physically proximate attacker could use this
flaw to exhaust kernel memory and cause a denial-of-service.
* Denial-of-service in the ALSA info subsystem.
A too verbose debug print could be triggered from user space in the ALSA
info subsystem. A local attacker could use this flaw to cause a denial-
of-service.
* Out-of-bounds access in Minix filesystem when mapping a large logical block number.
Out-of-bounds memory access could happen in Minix filesystem when
mapping a very large logical block number to its on-disk location.
A local user could use this flaw to cause a denial-of-service.
* CVE-2019-19073, CVE-2019-19074: Denial-of-service in the ath9k wireless driver.
A memory leak during driver initialization in the Atheros HTC-based
wireless subsystem could cause kernel memory exhaustion. An attacker
could exploit this flaw to cause a denial-of-service.
* Integer overflow of KVM zero page reference count causes DoS.
The KVM virtual machine infrastructure erroneously takes references on
the shared zero page when creating virtual machines, and this reference
count is not sanitized from integer overflow. A malicious user with the
ability to create virtual machines on the system might exploit this to
cause a denial-of-VM-service.
* Network traffic leak from i40e Virtual Functions.
Improper hanlding of certain capability flags can allow a trusted i40e
virtual function with unicast promiscuous mode set to listen to traffic
transmitted by other virtual functions. This could allow sensitive
transmitted data to be examined by the trusted VF.
* Information leak in ioctls of AMDGPU Graphics driver.
A flaw in ioctl implementation of AMDGPU Graphics driver could cause
a leak of kernel memory to userspace. An local attacker could use this
flaw to leak information.
* Use-after-free in ioctls of Advanced Linux Sound Architecture.
Use-after-free could happen in ioctls of Advanced Linux Sound
Architecture when multiple ioctl issued simultaneously. A local
attacker could use this flaw to cause a denial-of-service or
potentially escalate privileges.
* Out-of-bounds access when using Amateur Radio AX.25 Level 2 protocol socket.
Logic errors when connecting or sending messages over Amateur Radio
AX.25 Level 2 protocol socket could lead to out-of-bounds accesses. A
local attacker could use this flaw to cause a denial-of-service.
* Denial-of-service when using Virtual terminal ioctl.
A logic error when using Virtual terminal ioctl could lead to general
protection fault. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2020-12352: Information leak when handling AMP packets in Bluetooth stack.
A missing zeroing of stack memory when handling AMP packets in Bluetooth
stack could lead to an information leak. A remote attacker could use this
flaw to leak information about running kernel and facilitate an attack.
* Denial-of-service in Generic Hypervisor Virtual Console due to a race condition.
A race condition in Generic Hypervisor Virtual Console infrastructure
implementation could happen when performing a sequence of open and
close operations on console device. A local user could use this flaw
to cause a kernel crash and denial-of-service.
* Integer underflow in ioctl of frame buffer devices.
A logic error while computing user input in FBIOPUT_VSCREENINFO ioctl of
frame buffer devices could lead to an integer underflow. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2020-12771: Deadlock during BCache node coalesce failure.
A logic error when taking locks during a coalesce of notes in the BCache
driver can result in a deadlock.
* CVE-2020-25285: Denial-of-service in sysctls of Linux Memory Manager.
A race condition in sysctls of Linux Kernel Virtual Memory Manager
could lead to NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Memory corruption in key material handling of Marvell WiFi-Ex Driver.
An out-of-bounds write could happen in 802.11 key material handling
of Marvell WiFi-Ex Driver when a badly formatted network packet arrives
on the network interface. A remote attacker could use this flaw to
cause a denial-of-service or code execution.
* CVE-2020-12351: Denial-of-service in L2CAP bluetooth driver.
Logic errors in L2CAP bluetooth driver could let a remote attacker cause
a denial-of-service or potentially execute arbitrary code on the system.
* Denial-of-service in 802.11 mesh network join of Generic IEEE 802.11 Networking Stack.
A flaw in 802.11 mesh network join implementation of Generic IEEE
802.11 Networking Stack could cause a memory leak. A local user
could exploited this flaw by repeatedly joining and leaving 802.11
mesh network and cause a denial-of-service.
* Use-after-free when creating a ANSI/IEEE 802.2 LLC type 2 socket.
A logic error when creating a ANSI/IEEE 802.2 LLC type 2 socket could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2020-25212: Out-of-bounds writes in RPC operations of Network File System.
Out-of-bounds writes in RPC operations of Network File System
could cause a system crash. This flaw could allow a local user
to crash the system and cause a denial-of-service or potentially
escalating their privileges on the system.
* NULL pointer dereference when receiving packet over a tunnel device.
A logic error when receiving packet over a tunnel device could lead to a
NULL pointer dereference. A remote attacker could use this flaw to cause
a denial-of-service.
* CVE-2020-12655: Denial-of-service when syncing data on XFS filesystem.
On logic error when syncing data on a specially crafted XFS filesystem
could let an attacker cause a denial-of-service.
* CVE-2019-19054: Denial-of-service in the cx2388x tv card driver.
Failure to handle error during initial setup on in the cx2388x tv card
driver causes memory leak. An attacker could exploit this to cause a
denial-of-service.
* CVE-2020-14314: Denial-of-service in ext4 file system due to a broken indexing.
A memory out-of-bounds reads could happen in ext4 file system due to
a broken indexing. This flaw could allow a local user to crash the
system and cause a denial-of-service.
* Use-after-free in ioctls of Direct Rendering Manager.
A flaw in ioctls implementation of Direct Rendering Manager could lead
to use-after-free. A local attacker could use this flaw to cause
a denial-of-service or potentially escalate privileges.
* CVE-2020-14331: Out-of-bounds writes in ioctls of Console display driver.
Out-of-bounds writes in ioctls of Console display driver could happen
when calling an ioctl VT_RESIZE in order to resize the console. This
flaw could allow a local user with access to the VGA console to crash
the system or potentially escalating their privileges on the system.
* Use-after-free in Serial ATA and Parallel ATA driver.
A logic error in Serial ATA and Parallel ATA driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.
* Information leak in receives of Reliable Datagram Sockets protocol.
A flaw in receives of Reliable Datagram Sockets protocol implementation
could cause kernel memory leak to userspace. An local attacker could
use this flaw to leak information from kernel memory.
* Denial-of-service in Internet Protocol when converting IPv6 to IPv4 socket.
A flaw in Internet Protocol implementation can cause a memory leak when
performing an certain sequence of socket operations in userspace.
A local user could use this flaw to cause a denial-of-service.
* Use-after-free in Bluetooth subsystem due to missing synchronization.
A missing locking mechanism in Bluetooth subsystem implementation
could result in use-after-free. A local attacker could use this
flaw to cause a denial-of-service or the execution of arbitrary
code.
* Information leak in the AdLib FM cards driver.
A missing zeroing of on stack data in the AdLib FM cards driver could
lead to an information leak. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.
* Use-after-free when setting TCP_CONGESTION tcp socket option.
A logic error when setting TCP_CONGESTION tcp socket option and later on
freeing it could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2020-25284: Permission bypass when creating or removing a Rados block device.
A non-comprehensive privilege check may allow to create or remove Rados
block devices. A privileged in a user namespace with user id zero could
use this flaw to cause a denial-of-service.
* Denial-of-service in ADDI-DATA APCI_1500 COMEDI driver.
A missing check on user input when using ADDI-DATA APCI_1500 COMEDI
driver could lead to an out-of-bounds access. A local attacker could use
this flaw to cause a denial-of-service.
* CVE-2020-25211: Denial-of-service in Netfilter due to out-of-bounds memory access.
A flaw in Netfilter framework implementation could lead to
a out-of-bounds memory access. A local user could use this flaw to cause
a system crash and a denial-of-service.
* CVE-2020-25643: Memory corruption in WAN HDLC-PPP due to missing error checking.
A missing error handling code in WAN HDLC-PPP implementation could lead
to a memory corruption. A local user could use this flaw to cause
a denial-of-service or an arbitrary code execution.
* CVE-2020-25641: Denial-of-service in biovec when zero-length biovec is issued.
A flaw in biovec implementation could cause the system to enter
an infinite loop when a zero-length biovec request is issued to
the block subsystem. A local, non privileged user could exploit
this vulnerability to cause a denial-of-service.
* CVE-2019-19448: Use-after-free in Btrfs filesystem with a crafted btrfs filesystem image.
Mounting a crafted btrfs filesystem image, performing some operations
and making syncfs system call could lead to a use-after-free in Btrfs
filesystem. A local user with physical access to the system and
a malicious device could use this flaw to cause a system crash or
execution of arbitrary code on the system.
* Out of bounds write in ioctl of Turtle Beach Maui and Tropez soundcards driver.
Out of bounds write in ioctl of Turtle Beach Maui and Tropez soundcards
driver could happen when issuing Wavefront synth commands from
userspace. A local, unprivileged user could use this flaw to cause
a denial-of-service or potentially escalate privileges.
* Denial-of-service in Prism2.5/3 USB driver.
A missing check on endpoint type of a plugged USB device could lead to
an invalid memory access. A local attacker could use this flaw and a
malicious USB device to cause a denial-of-service.
* CVE-2019-18808: Memory leak in the cryptographic subsystem.
Failure to release allocate memory when running a SHA command from the
Cryptographic Coprocessor device driver leads to a memory leak. A local
user could use this flaw to exhaust the memory on the system and cause a
denial-of-service.
* CVE-2020-16166: Confidentiality vulnerability in the generation of the device ID.
A flaw in the generation of the device ID from the network RNG could
result in a potential issue allowing remote attackers to make
observations that help to obtain sensitive information about
the internal state of the network RNG and compromise the data
confidentiality.
* CVE-2020-14356: NULL-pointer dereference in cgroupv2.
Invalid reference counting when allocating cgroup data for a socket
could result in a NULL-pointer dereference. A malicious user might
exploit this to create a denial-of-service.
* Out-of-bounds access in USB Infinity USB Unlimited Phoenix driver.
A missing check on user input when using USB Infinity USB Unlimited
Phoenix driver could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2020-14386: Buffer overflow when receiving packet socket messages.
An incorrect calculation in the code responsible for receiving packet
socket messages could lead to a buffer overflow. A malicious local user
could potentially use this to escalate privileges.
* CVE-2020-14305: Remote out-of-bounds memory access in voice over IP connection tracking.
A failure to properly initialize the data length for the netfilter helper
in the voice over IP "Q.931" module could lead to out-of-bounds memory
writes. A remote attacker with the ability to connect on 1720 could use
this flaw to potentially gain kernel execution.
* CVE-2020-24490: Privilege escalation in Bluetooth subsystem due to heap buffer overflow.
A flaw in Bluetooth implementation could lead to a heap buffer overflow
when processing extended advertising report events. A remote attacker
could use this flaw to cause a denial of service or to potentially
execute arbitrary code on the system by sending a specially crafted
Bluetooth packet.
* Note: Our internal audit shows our legacy customers are not impacted by CVE-2020-12888.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-9.0-Updates
mailing list