[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2017-18ce368ba3)

[Oracle Ksplice]

Synopsis: FEDORA-2017-18ce368ba3 can now be patched using Ksplice
CVEs: CVE-2016-9191 CVE-2017-2583 CVE-2017-2584

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-18ce368ba3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when using CMDBUF ioctl in Savage video driver.

A logic error in Savage's CMDBUF ioctl could lead to a memory
corruption. An attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when using zram with stable page support.

A logic error in stable page handling with zram enabled could lead to a
memory corruption. An attacker with zram sysfs access could use this
flaw to cause a denial-of-service.


* Denial-of-service when read faults happens on DAX enabled filesystems.

A logic error in read faults handling with DAX (Direct access) enabled
filesystems could lead to a kernel panic. An attacker could
intentionally do read faults and cause a denial-of-service.


* Denial-of-service when setting attr in ocfs2 filesystems.

A locking error when setting attr in ocfs2 filesystem could lead to a
kernel BUG(). An attacker could use this flaw to cause a
denial-of-service.


* CVE-2017-2583: Denial-of-service due to incorrect segments configuration within VMs.

A logic error leads to an incorrect configuration of segment selector
within a Virtual Machine. An attacker could use this incorrect
configuration to cause a denial-of-service of the VM.


* Denial-of-service when registering two VMs concurrently.

A logic error in the way VMs sharing same eventfd are registered could
lead to a NULL pointer dereference. An attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service when enabling Hyper-V synthetic interrupt controller.

A missing check in KVM ENABLE_CAP ioctl could lead to a NULL pointer
dereference if used with KVM_CAP_HYPERV_SYNIC capability. An attacker
could use this flaw to cause a denial-of-service.


* CVE-2017-2584: Denial-of-service when emulating sgdt/sidt instructions.

A missing check in KVM when emulating sgdt and sidt x86 instructions
could lead to a kernel memory leak or cause a use-after-free. An
attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when scanning and closing nl80211 netlink socket.

A logic error when closing a nl80211 netlink socket could lead to a
memory leak if a scan was in progress. An attacker could use this flaw
to cause a denial-of-service.


* Denial-of-service in XFS when creating then deleting multiple files.

An error in handling of dirty pages could lead to shortage of memory. An
attacker could use this flaw to cause a denial-of-service.


* Information leak in USB Winchiphead CH341 driver when using TIOCMGET.

A logic error in USB CH341 Serial driver could lead to leaking heap
data to userspace by using TIOCMGET. An attacker could use this flaw
to leak sensitive data and facilitate an exploit.


* Information leak when using I2C_SMBUS ioctl.

A missing variable initialization could lead to kernel sensitive
information leak when using I2C_SMBUS ioctl. An attacker could use this
flaw to leak kernel information and facilitate an exploit.


* Information leak in io vectors library.

A logic error in iovec library could lead to a memory leak or a memory
exhaustion. An attacker could use this flaw to leak kernel information
or cause a denial-of-service.


* CVE-2016-9191: Denial-of-service when using sysctl concurrently.

A refcounting error in sysctl handling could lead to an infinite loop if
unregister_sysctl_table() is called concurrently with sysctl actions
from userspace. An attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.