[Ksplice-Fedora-23-updates] New Ksplice updates for Fedora 23 (FEDORA-2016-5aff4a6bbc)

[Oracle Ksplice]

Synopsis: FEDORA-2016-5aff4a6bbc can now be patched using Ksplice
CVEs: CVE-2016-8655 CVE-2016-9576 CVE-2016-9793

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-5aff4a6bbc.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 23
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service in Transparent Huge Page remapping.

Incorrect logic in the Transparent Huge Page unlocking could allow a
local user to cause an assertion failure in the kernel.


* Denial-of-service during zram hot removal.

Failure to a check a return value can cause a zram device to remain
available after unloading the zram module. Attempting the mount the
remaining device after the module has been unloaded can cause an
assertion failure in the kernel.


* NULL pointer dereference in memory cgroup controller.

A race condition between memory reclamation and the memory cgroup can
cause a NULL pointer dereference.


* Information leak in mwifiex driver.

Incorrect logging of SSID strings in the mwifiex driver can leak kernel
stack information to userspace. A local attacker could use this flaw to
gain information about the running kernel.


* NULL pointer dereference in i915 DMA error handling.

Failing to handle a DMA mapping error in the i915 driver can cause a
NULL pointer dereference.


* Use-after-free in KVM device creation.

Incorrect ordering when creating a KVM device can result in a
use-after-free. A local user could use this flaw to cause an assertion
failure in the kernel.


* Out-of-bounds memory access in perf callchain processing.

An incomplete optimization to perf user stack walking can result in the
kernel attempting to access invalid memory.


* CVE-2016-8655: Privilege escalation in af_packet implementation.

A race condition in af_packet processing could allow a local
unprivileged user to cause a kernel crash or execute arbitrary code
with elevated privileges.


* CVE-2016-9793: Denial-of-service in socket configuration.

Incorrect validation of arguments for the setsockopt ioctl could allow
a local user with CAP_NET_ADMIN privileges to cause memory corruption
or crash the kernel.


* CVE-2016-9576: Use-after-free in SCSI device interface.

Incorrect validation of sendfile arguments can cause a use-after-free in
the SCSI subsystem. A local user with access to /dev/sg* devices could
use this flaw to read kernel memory or escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.