[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-c1faf6005c)

Fri Jun 10 02:02:05 PDT 2016

Synopsis: FEDORA-2016-c1faf6005c can now be patched using Ksplice
CVEs: CVE-2016-4951

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-c1faf6005c.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Use after free in Bluetooth VHCI device opening.

The kernel Bluetooth driver does not correctly handle opening VHCI
devices, used for emulating HCI devices, which can trigger a use after
free and kernel panic.

* Memory leak in Bluetooth VHCI device opening.

The kernel Bluetooth driver does not handle closing a VHCI device before
packets are delivered to userspace which leads to a kernel memory leak
and subsequent denial of service.

* Privilege escalation when probing Keyspan USB Serial devices.

A logic error when failing to probe a Keyspan USB Serial device can
trigger a use-after-free and possible privilege escalation.

* Privilege escalation when probing Quatech USB Serial devices.

A logic error when failing to probe a Quatech USB Serial device can
trigger a use-after-free and possible privilege escalation.

* Kernel panic when setting baud-rate on generic PCI serial devices.

Setting the baud-rate of a generic PCI serial device can trigger a
divide-by-zero error and subsequent kernel panic. A local user could
use this flaw to trigger a denial of service.

* Kernel panic when sending SCSI commands to a InfiniBand devices.

A logic error can trigger an assertion failure when sending SCSI
commands to an InfiniBand RDMA device with debugging enabled.

* Kernel panic when detaching Thunderbolt devices.

A logic error in the Thunderbolt kernel driver can trigger a double-free
and kernel panic when a Thunderbolt device is detaching while being
probed.

* CVE-2016-4951: NULL pointer dereference in TIPC nested attribute parsing.

A missing NULL pointer check could result in a NULL pointer dereference
when parsing nested attributes for a published socket.

* Privilege escalation when opening performance events.

A race condition between perf_event_open and execve can allow an
unprivileged user to trace a privileged process, potentially allowing an
unprivileged user to escalate privileges.

* Kernel panic in STMicroelectronics NFC I2C driver.

The kernel NFC I2C driver for STMicroelectronics devices incorrectly
handles memory on failing to probe a device which can trigger a kernel
panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.