[Ksplice][EL8-Updates] New Ksplice updates for OL 8 and RHEL 8 (RHSA-2021:1578)

Gregory Herrero gregory.herrero at oracle.com
Thu Jun 3 06:10:02 PDT 2021 

Synopsis: RHSA-2021:1578 can now be patched using Ksplice
CVEs: CVE-2019-19523 CVE-2019-19528 CVE-2020-0431 CVE-2020-12114 CVE-2020-12464 CVE-2020-14314 CVE-2020-14356 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25704 CVE-2020-27786 CVE-2020-27835 CVE-2020-28974 CVE-2020-36322 CVE-2021-0342 CVE-2021-28950

Systems running RHCK on Oracle Linux 8 and Red Hat Enterprise Linux 8
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2021:1578.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 8 and RHEL 8
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-25285: Denial-of-service in sysctls of Linux Memory Manager.

A race condition in sysctls of Linux Kernel Virtual Memory Manager
could lead to NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2020-25284: Permission bypass when creating or removing a Rados block device.

A non-comprehensive privilege check may allow to create or remove Rados
block devices.  A privileged in a user namespace with user id zero could
use this flaw to cause a denial-of-service.


* CVE-2020-12114: Race condition in mountpoint counter causes DoS.

A race condition in synchronization surrounding the reference counter of
a filesystem mount point could allow a malicious user to corrupt the
counter, causing a kernel assertion failure and denial-of-service.


* CVE-2020-25643: Memory corruption in WAN HDLC-PPP due to missing error checking.

A missing error handling code in WAN HDLC-PPP implementation could lead
to a memory corruption. A local user could use this flaw to cause
a denial-of-service or an arbitrary code execution.


* CVE-2021-0342: Use-after-free when using TUN/TAP device driver.

A logic error when using TUN/TAP device driver could  lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service or escalate privileges.


* CVE-2019-19523: Use-after-free when disconnecting ADU USB devices.

Logic errors when disconnecting ADU USB devices could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19528: Denial-of-service when disconnecting IO Warrior USB device.

Logic errors when disconnecting IO Warrior USB device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2020-14314: Denial-of-service in ext4 file system due to a broken indexing.

A memory out-of-bounds reads could happen in ext4 file system due to
a broken indexing. This flaw could allow a local user to crash the
system and cause a denial-of-service.


* CVE-2020-12464: Use-after-free in USB scatter-gather library.

Use-after-free could happen in usb_sg_cancel() of USB core scatter
gather implementation when cancellation of the S-G transfer races
with the transfer completion and could result in a system crash.


* CVE-2020-24394: Information leak when exporting a filesystem over NFS.

A logic error when exporting a filesystem without ACL support over NFS
could lead to wrong permissions being used for newly created files. An
attacker could use this flaw to leak information stored in this
filesystem.


* CVE-2020-27786: Use-after-free when resizing buffer in RAWMidi driver.

A logic error when resizing buffer in RAWMidi driver while read and write
are on-going could lead to a use-after-free. A local unprivileged user
could use this flaw to cause a denial-of-service or potentially escalate
privileges.


* CVE-2020-25704: Denial-of-service in the performance monitoring subsystem.

A possible memory leak when setting performance monitoring filter could lead to
kernel memory exhaustion. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2020-28974: Invalid memory access when manipulating framebuffer fonts.

A logic error when manipulating framebuffer console fonts may cause an
out-of-bounds memory read. A local attacker could use this flaw to read
privileged information or potentially cause a denial-of-service.


* CVE-2020-0431: USB keyboard device with invalid keycodes causes out-of-bounds write.

The USB HID input driver looks up keys in an array-indexed table. A
malicious device with invalid keycodes could therefore trigger an
out-of-bounds write, potentially causing memory corruption or a
denial-of-service.


* CVE-2020-25212: Out-of-bounds writes in RPC operations of Network File System.

Out-of-bounds writes in RPC operations of Network File System
could cause a system crash. This flaw could allow a local user
to crash the system and cause a denial-of-service or potentially
escalating their privileges on the system.


* Note: Oracle will not provide a zero-downtime update for CVE-2020-36322 and CVE-2021-28950.

Oracle has determined that patching CVE-2020-36322 and CVE-2021-28950
on a running system would not be safe and recommends rebooting to avoid
the vulnerability.


* CVE-2020-14356: NULL-pointer dereference in cgroupv2.

Invalid reference counting when allocating cgroup data for a socket
could result in a NULL-pointer dereference. A malicious user might
exploit this to create a denial-of-service.


* Note: Oracle will not provide a zero-downtime mitigations for CVE-2020-27835.

CVE-2020-27835 is a use-after-free in Infiniband Intel OPA Gen1 driver
which could let a local user crash the system. We recommend to reboot
system impacted by this issue into a newer kernel.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL8-updates mailing list