[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2017-8e7549fb91)

Tue Apr 25 09:07:50 PDT 2017

Synopsis: FEDORA-2017-8e7549fb91 can now be patched using Ksplice
CVEs: CVE-2017-7294 CVE-2017-7308 CVE-2017-7616

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-8e7549fb91.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Malicious code injection in VMWare virtual GPU fence object.

Fence objects in the VMWare virtual GPU system were not properly
type-checked from userspace, potentially allowing a user to inject
malicious code.

* Information leak in VMWare virtual GPU capability sysctl.

A missing size check in the VMWare virtual GPU vmw_get_cap_3d_ioctl()
call could potentially expose kernel memory to userspace.

* Denial-of-service/information leak due to error condition in sysfs ops->show().

Incorrectly sanitizing error output from sysfs ops->show() could cause the
next sysfs read or write to run out of bounds, potentially exposing
kernel memory or causing a denial-of-service.

* Denial-of-service in 80211 wireless resume callback.

A use-after-free in the generic 80211 wireless resume callback when
resuming an idle device could cause a kernel BUG and a
denial-of-service.

* Denial-of-service due to race condition in ptrace state.

A race condition in the ptrace signal handling can cause memory
corruption in the kernel, causing a kernel panic and denial-of-service.

* Denial-of-service due to race condition in DAX filesystem radix tree.

A race condition in the Direct-Access Filesystem radix tree could cause
memory corruption, causing a kernel panic and denial-of-service.

* Denial-of-service in Broadcom 802.11 virtual interface.

A use-after-free in the Broadcom 802.11 driver causes an invalid memory
access, potentially causing a kernel panic and denial-of-service.

* Denial-of-service caused by RAID1 device with missing metadata.

Invalid logic allowed device-mapper to create a RAID1 device with no
metadata devices. This could cause a kernel panic and denial-of-service.

* CVE-2017-7308: Memory corruption in AF_PACKET socket options.

Multiple integer overflows in the AF_PACKET setsockopt implementation can
trigger kernel memory corruption. A local user could use this flaw to elevate
privileges.

* CVE-2017-7294: Denial-of-service in virtual GPU define surface ioctl.

The vmw_service_define_ioctl() fails to sanitize its inputs, allowing an
attacker to trigger an out-of-bounds write, causing a denial-of-service
or privilege escalation.

* CVE-2017-7616: Information leak via set_mempolicy() and mbind().

Incorrect error handling in the set_mempolicy() and mbind() syscalls
allows local users to obtain sensitive information from uninitialized
stack data by triggering failure of a certain bitmap operation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.