[Ksplice][EL8-Updates] New Ksplice updates for OL 8 and RHEL 8 (RHSA-2020:0328)

Wed Feb 5 08:45:23 PST 2020

Synopsis: RHSA-2020:0328 can now be patched using Ksplice
CVEs: CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17133 CVE-2019-17666 CVE-2019-19338

Systems running RHCK on Oracle Linux 8 and Red Hat Enterprise Linux 8
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2020:0328.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 8 and RHEL 8
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Denial-of-service when parsing access point settings in Marvell WiFi-Ex driver.

Logic errors when parsing access point settings in Marvell WiFi-Ex
driver could lead to buffer overflows. A local attacker could use this
flaw to cause a denial-of-service.

* CVE-2019-17666: Remote code execution in Realtek peer-to-peer Wifi.

Missing validation could result in a kernel buffer overflow and
potentially code-execution.  A remote attacker in proximity to the
device could use this flaw to crash the system or potentially, execute
code.

* CVE-2019-14901: Denial-of-service when parsing TDLS action frame in Marvell WiFi-Ex driver.

Missing checks when parsing TDLS action frame in Marvell WiFi-Ex driver
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2019-14898: Denial-of-service when handling page fault in userspace.

A double-free bug in the userfaultfd subsystem could lead to kernel
crash. An attacker with privilege to perform userfaultfd could exploit
this to cause a denial-of-service and possibly escalate privilege.

* CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver.

A logic error when receiving Country WLAN element in Marvell WiFi-Ex
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2019-17133: Denial-of-service in WiFI SIOCGIWESSID ioctl().

Missing bounds checks when copying an SSID in the SIOCGIWESSID ioctl()
for an 802.11 WiFi device could result in a buffer overflow and kernel
crash.

* CVE-2019-19338: Missing Intel TAA mitigation in KVM guests.

The original vendor fix for CVE-2019-11135 did not correctly pass
through migitation status to KVM guests which could result in guests not
fully mitigating against TAA.  This update forcibly disables TSX on
affected hosts so that guests do not need runtime changes.  A new
control, /sys/kernel/debug/x86/tsx_force_abort is added to disable TSX,
defaulting to 1 on vulnerable systems, writing 0 to this file will
re-enable TSX but potentially leave guests vulnerable.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.