[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2016-5cb5b4082d)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Dec 15 05:04:58 PST 2016
Synopsis: FEDORA-2016-5cb5b4082d can now be patched using Ksplice
CVEs: CVE-2016-8655 CVE-2016-9576 CVE-2016-9793
Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-5cb5b4082d.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in Transparent Huge Page remapping.
Incorrect logic in the Transparent Huge Page unlocking could allow a
local user to cause an assertion failure in the kernel.
* Denial-of-service during zram hot removal.
Failure to a check a return value can cause a zram device to remain
available after unloading the zram module. Attempting the mount the
remaining device after the module has been unloaded can cause an
assertion failure in the kernel.
* NULL pointer dereference in memory cgroup controller.
A race condition between memory reclamation and the memory cgroup can
cause a NULL pointer dereference.
* Information leak in mwifiex driver.
Incorrect logging of SSID strings in the mwifiex driver can leak kernel
stack information to userspace. A local attacker could use this flaw to
gain information about the running kernel.
* NULL pointer dereference in i915 DMA error handling.
Failing to handle a DMA mapping error in the i915 driver can cause a
NULL pointer dereference.
* Use-after-free in KVM device creation.
Incorrect ordering when creating a KVM device can result in a
use-after-free. A local user could use this flaw to cause an assertion
failure in the kernel.
* Out-of-bounds memory access in perf callchain processing.
An incomplete optimization to perf user stack walking can result in the
kernel attempting to access invalid memory.
* CVE-2016-8655: Privilege escalation in af_packet implementation.
A race condition in af_packet processing could allow a local
unprivileged user to cause a kernel crash or execute arbitrary code
with elevated privileges.
* CVE-2016-9793: Denial-of-service in socket configuration.
Incorrect validation of arguments for the setsockopt ioctl could allow
a local user with CAP_NET_ADMIN privileges to cause memory corruption
or crash the kernel.
* CVE-2016-9576: Use-after-free in SCSI device interface.
Incorrect validation of sendfile arguments can cause a use-after-free in
the SCSI subsystem. A local user with access to /dev/sg* devices could
use this flaw to read kernel memory or escalate privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-24-Updates
mailing list