[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-f9d5f8f03f)

Wed Sep 14 03:42:42 PDT 2016

Synopsis: FEDORA-2016-f9d5f8f03f can now be patched using Ksplice

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-f9d5f8f03f.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service in SLUB memory freeing.

Incorrect locking could result in deadlock when freeing memory.  A local
user could use this flaw to trigger a denial-of-service under specific
conditions.

* Denial-of-service in user-space VFIO driver interrupt setup.

Missing validation of user-supplied data could result in incorrectly
configuring interrupts.  A local, privileged user could use this flaw to
crash the system.

* Use-after-free in ACPI PCC channel request error handling.

Incorrect error handling could result in dereferencing an invalid
pointer and crashing the system under specific conditions.

* Memory leak in USB hub disconnection.

A race condition when handling removal of a USB hub could result in
leaking a memory allocation.  A local user with physical access to the
system could potentially use this flaw to exhaust memory and trigger a
denial-of-service.

* Denial-of-service in USB endpoint parsing.

Missing validation of the endpoint maximum packet size could result in a
denial-of-service when a user could attach malicious USB devices to the
system.

* NULL pointer dereference in USB XHCI disconnection.

A race condition when disconnecting XHCI devices could result in a NULL
pointer dereference and kernel crash.

* Kernel hang in XHCI PCI device disconnection.

Incorrect handling of device quirks could result in a kernel hang when
removing specific USB devices from the system.

* Memory leak in USB serial port driver registration failure.

Missing resource cleanup on registration failure could result in failure
to return allocated memory.  A malicious user with physical access to
the system could use this flaw to cause a denial-of-service.

* Denial-of-service in uprobes memory control group accounting.

Incorrect interaction with the memory control group subsystem could
result in an integer overflow and memory exhaustion.  A local,
privileged user could use this flaw to trigger a denial-of-service.

* Denial-of-service in AMD graphics connector detection.

Missing validation could result in an out-of-bounds access and kernel
crash when detecting a connector.

* Kernel crash in LSI MTP Fusion SAS 3.0 WarpDrive resume.

A logic error in the resume path for WarpDrive devices could result in
accessing a stale pointer and kernel crash on resume from suspend.

* Kernel crash in device mapper round-robin path selector.

Incorrect locking could result in accessing an invalid pointer during
preemption under specific conditions.

* NULL pointer dereference in Maxim MAX730X GPIO expanders.

Incorrect ordering of registering a MAX730X device could result in a
NULL pointer dereference and kernel crash when setting the GPIO
direction under specific conditions.

* Information leak in seq_file reading.

A logic error in the seq_file read implementation could result in
leaking information from beyond the end of the buffer.  A local,
unprivileged user could use this flaw to gain sensitive kernel
information.

* NULL pointer dereference in DAX persistent memory probing.

Incorrect handling of resource reservations could result in
dereferencing an invalid or NULL pointer and kernel crash.

* Denial-of-service in BTRFS quota group rescan.

Incorrect signal handling whilst waiting for quota group rescan to
complete could result in a NULL pointer dereference and kernel crash.

* Resource leak in BTRFS orphan cleanup.

Incorrect error handling during BTRFS orphan cleanup could result in a
resource leak.  A local, privileged user could use this flaw to cause a
denial-of-service.

* Denial-of-service in USB gadget DMA requests.

Missing resource releasing in the USB gadget driver could result in
failure to allocate DMA mappings.  A local, privileged user could use
this flaw to cause a denial-of-service under specific conditions.

* Denial-of-service in Moschip USB serial writing.

Incorrect memory allocations could result in deadlock and a kernel crash
when writing to the port.

* Use-after-free in Line6 USB volume controls.

Incorrect reference counting in the Line6 USB volume control could
result in prematurely freeing the USB device and causing a kernel crash.
A local user with privileges to access the device could use this flaw to
crash the system.

* Kernel crash in Line6 USB audio device stream stopping.

Missing locking in the Line6 USB audio device driver whilst stopping a
stream could result in recursive locking and a kernel crash.

* Kernel crash in Line6 USB audio device sysfs attributes.

Incorrect typecasting of pointers could result in a dereference of an
invalid pointer and kernel crash.  A local, unprivileged user could use
this flaw to crash the system or leak sensitive kernel data.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.