[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2016-14c4187e3a)

Thu Nov 17 02:34:02 PST 2016

Synopsis: FEDORA-2016-14c4187e3a can now be patched using Ksplice
CVEs: CVE-2016-7042 CVE-2016-8630 CVE-2016-8633

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-14c4187e3a.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2016-7042: Stack corruption when reading keys from proc filesystem.

An on-stack buffer is not big enough to hold the data being written to it
when reading keys from the proc filesystem, potentially leading to a kernel
panic when the stack protector is in use.  A local, unprivileged user could
use this flaw to cause a denial-of-service.

* Multiple errors in GPIOLIB ioctls.

Off-by-one, data leak, out-of-bound access and use-after-free errors
in GPIO_GET_CHIPINFO_IOCTL, GPIO_GET_LINE{HANDLE, EVENT}_IOCTL and
GPIOHANDLE_GET_LINE_VALUES_IOCTL could allow a local user to leak
information about running kernel or cause a denial-of-service.

* Use-after-free in error path when mounting file systems.

An incorrect error handling when mounting filesystem could lead to
use-after-free. A local user with mount permissions could cause a
denial-of-service by using this flaw.

* Denial-of-service when syncing log of BTRFS filesystem.

A locking error when syncing logs of BTRFS could lead to a list
corruption. An attacker could use this flaw to cause a
denial-of-service.

* Infinite loop in getdents() syscall from UBI filesystem.

An incorrect error handling in the getdents() syscall path for UBI
filesystem could lead to an infinite loop in the LIBC. An attacker
could use this flaw to cause a denial-of-service.

* Data leak in TIOCMGET ioctl for CP210X UART to USB bridge.

An incorrect error handling in TIOCMGET ioctl for CP210X driver could
lead to a leakage of 8 bits from the kernel stack. An attacker could
use this flaw to gain information about the running kernel and
facilitate an attack.

* Double-free in GenWQE PCIe Accelerator driver.

An incorrect error handling in GENWQE_EXECUTE_DDCB ioctl() flaw could
lead to a double-free. A local user with the ability to use this ioctl
could cause a denial-of-service.

* Denial-of-service when resizing a virtual terminal.

Missing check during Virtual Terminal resizing could lead to an
invalid memory access. A local user could use this flaw to cause a
denial-of-service.

* Memory leak when resizing a virtual terminal.

Error in arguments sanitizing during Virtual Terminal resizing could
lead to a memory leak. A local user could use this flaw to exhaust
memory and cause a denial-of-service.

* NULL pointer dereference when destroying a device mapper.

A logic error in DM_DEV_REMOVE and DM_REMOVE_ALL ioctls path could lead
to a NULL pointer dereference. A local user with the capabilities to
use those ioctls could cause a denial-of-service.

* Use-after-free when removing a KVM Virtual Machine.

An incorrect logic while clearing Virtual CPU related data could cause
a use-after-free. An attacker able to load and unload VMs could use
this flaw to cause a denial-of-service.

* Permission bypass in Overlay filesystem when setting POSIX ACLs.

A logic error when setting POSIX ACLs in the Overlay filesystem causes
the set-group-ID to not be cleared.  A local, unprivileged user could
use this flaw to escalate privileges.

* Data corruption during copy-up in Overlay Filesystem.

A missing cache flush after a copy-up in Overlayfs could lead to data
corruption in case of a crash.

* CVE-2016-8633: Multiple error in DM_TABLE_LOAD ioctl of device mapper.

Multiple incorrect error handling in DM_TABLE_LOAD ioctl could lead to
reference count leak or NULL pointer dereference. A local user with
access to this ioctl could use this flaw to cause a denial-of-service.

* Buffer overflow in firewire net driver.

A logic error on incoming packets checks could lead to a rx buffer
overflow. A remote attacker could use this flaw to cause a
denial-of-service.

* Memory leak on setting property in drm_atomic driver.

An incorrect resource handling could lead to a memory leak when using
DRM_IOCTL_MODE_ATOMIC ioctl. A local user with permissions to use this
ioctl could use this flaw to cause a denial-of-service.

* CVE-2016-8630: NULL pointer dereference in KVM instruction decoding.

A missing check during instruction decoding operations could lead to a
NULL pointer dereference. An attacker from a Virtual Machine could
inject instructions with specific properties to cause a
denial-of-service of the host.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.