[Ksplice][EL7-Updates] New Ksplice updates for OL 7, RHEL 7, CentOS 7, and Scientific Linux 7 (RHSA-2023:0399)

Oracle Ksplice quentin.casasnovas at oracle.com
Thu Feb 2 12:15:15 UTC 2023 

Synopsis: RHSA-2023:0399 can now be patched using Ksplice
CVEs: CVE-2021-26341 CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-2964

Systems running RHCK on Oracle Linux 7, Red Hat Enterprise Linux 7,
CentOS 7, and Scientific Linux 7 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2023:0399.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 7, RHEL 7,
CentOS 7, and Scientific Linux 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-2964: Out-of-bounds accesses in ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet.

Missing sanity checks in receive data path of ASIX AX88179/178A USB
3.0/2.0 to Gigabit Ethernet could result in out-of-bounds accesses.
A local, privileged user could use this flaw to cause a denial of
service or information disclosure.


* Note: Oracle will not provide a zero downtime update for CVE-2022-0001, CVE-2022-0002, CVE-2021-26401 and CVE-2021-26341.

On the 8th of March 2022, Vrije Universiteit (VU) Amsterdam
researchers, AMD, Ampere, ARM and Intel jointly reported new security
vulnerabilities based on Branch Target Injection (BTI) (commonly
called Spectre v2 variants).

The reporters recommend disabling unprivileged BPF to mitigate this
vulnerability as well as using generic retpoline even when eIBRS is
available on the platform or on special AMD/Hygon CPUs.

Unprivileged BPF can already be disabled at runtime by setting the
kernel.unprivileged_bpf_disabled sysctl.

If your CPU is affected and is not already using retpoline as the
Spectre V2 mitigation, a reboot into the newest kernel will be
required in order to get the full retpoline mitigations in place.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL7-updates mailing list