[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2018-d92fde52d7)

[Oracle Ksplice]

Synopsis: FEDORA-2018-d92fde52d7 can now be patched using Ksplice
CVEs: CVE-2018-10840 CVE-2018-1118 CVE-2018-11412 CVE-2018-12633

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-d92fde52d7.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-10840: Denial-of-service when operating on ext4 filesystem.

Failure to sanitize input when creating extended attribute in an ext4
filesystem leads to kernel crash when removing the attribute. An
attacker can mount a maliciously crafted filesystem image and operate on
it to cause a denial-of-service.


* CVE-2018-1118: Information leak when creating a new message in vhost driver.

A missing initialization of a variable passed to user space when
creating a new message in vhost driver could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.


* Denial-of-service when registering a new binary type.

A logic error when registering a new binary type with a too big offset
could lead to an overflow. A local attacker could use this flaw to cause
a denial-of-service.


* Out-of-bounds access in Network Control Model communications driver.

A logic error when reserving space for a packet can result in an out of
bounds memory access, leading to memory corruption or a Kernel crash.


* Out-of-bounds memory access in simple network scheduler action driver.

A logic error when copying a string in the simple action network
scheduler driver can result in an out-of-bounds memory write, leading to
undefined behavior or a Kernel crash.


* Use-after-free in Transport Layer Security packet encryption.

A failure to handle a memory allocation failure during encryption of a
TLS packet can result in a use-after-free. A local user could use this
flaw to escalate privileges.


* CVE-2018-11412: Out-of-bounds memory access from ext4 inode inline data.

A logic error in ext4 can result in incorrectly interpreting inline
inode data as an extended attribute. A local user with the ability to
mount an ext4 filesystem could use this flaw to access Kernel memory.


* Denial-of-service in BTRFS invalid ioctl flag handling.

A failure to correctly manipulate a reference count in an error case can
result in the inability to unmount a BTRFS filesystem. A local user with
access to a BTRFS filesystem could use this flaw to cause a
denial-of-service.


* NULL pointer dereference in ALSA PCM stream attach.

A failure to correctly handle a memory allocation failure can result in
partial initialization of a PCM stream, leading to a subsequent NULL
pointer dereference.


* Use-after-free in Network Block Device unmount.

A logic error when unmounting a Network Block Device can result in the
access of freed memory, leading to a use-after-free. A local user with
the ability to mount or umount filesystems could use this flaw to
potentially escalate privileges.


* Soft lockup during block multiqueue free.

A logic error when freeing a queue in the block multiqueue
implementation can result in a soft lockup.


* Out-of-bounds memory access in iwlwifi firmware load.

A failure to validate a firmware image from userspace can result in an
out-of-bounds read or write of Kernel memory.


* CVE-2018-12633: Information disclosure in VirtualBox guest ioctl.

A failure to correctly validate information from userspace can result in
the out-of-bounds memory access, leading to information disclosure or
a Kernel crash. A local user could use this flaw to facilitate a further
attack.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.