[Ksplice][EL8-Updates] New Ksplice updates for OL 8 and RHEL 8 (ELSA-2020-4685)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Dec 2 16:26:42 PST 2020 

Synopsis: ELSA-2020-4685 can now be patched using Ksplice
CVEs: CVE-2020-24490 CVE-2020-25661 CVE-2020-25662

Systems running RHCK on Oracle Linux 8 and Red Hat Enterprise Linux 8
can now use Ksplice to patch against the latest Red Hat kernel update,
ELSA-2020-4685.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-4685.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 8 and RHEL 8
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-25662: Information leak when handling AMP packets in Bluetooth stack.

A missing zeroing of stack memory when handling AMP packets in Bluetooth
stack could lead to an information leak. A remote attacker could use this
flaw to leak information about running kernel and facilitate an attack.


* CVE-2020-25661: Denial-of-service in L2CAP bluetooth driver.

Logic errors in L2CAP bluetooth driver could let a remote attacker cause
a denial-of-service or potentially execute arbitrary code on the system.


* CVE-2020-24490: Buffer overflow when processing Bluetooth report events.

A flaw in the kernel's handling of Bluetooth report events could result
in a buffer overflow if incorrect data was received. A malicious device
in range while the system was scanning for Bluetooth connections could
exploit this to cause a Denial-of-Service or potentially execute code.


* Add ftrace safety guard for existing Ksplice updates.

Ftrace is generally incompatible with Ksplice's patching process; it must
be disabled when patches are applied. Prevent crashes in patching due to
functions under active ftrace while patching.


* Clean up ftrace safety guard for existing Ksplice updates.

Ftrace is generally incompatible with Ksplice's patching process; it must
be disabled when patches are applied. Prevent crashes in patching due to
functions under active ftrace while patching.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL8-updates mailing list