[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (5.0.7-100.fc28)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed May 8 08:13:59 PDT 2019
Synopsis: 5.0.7-100.fc28 can now be patched using Ksplice
CVEs: CVE-2019-3887
Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, 5.0.7-100.fc28.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference when registering NVMe over Fabrics FC Transport Loopback Test driver.
A missing check when registering NVMe over Fabrics FC Transport Loopback
Test driver could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.
* Use-after-free when unpacking Apparmor policy fails.
A logic error when unpacking Apparmor policy loaded from userspace fails
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.
* Out-of-bounds access when changing channels number on Mellanox 5th generation network interface.
A missing check when changing channels number on Mellanox 5th generation
network interface while it is down could lead to an out-of-bounds
access. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access when setting vport rate in Mellanox Technologies MLX5 SRIOV E-Switch driver.
A logic error when setting vport rate in Mellanox Technologies MLX5
SRIOV E-Switch driver could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.
* Use of uninitialized memory when migrating NUMA memory policy.
A missing check when migrating NUMA memory policy could lead to use of
uninitialized memory and thus to unpredictable behavior.
* NULL pointer dereference on node creation of OCFS2 file system.
A logic error on node creation of OCFS2 file system could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when using device mapper with Thin provisioning support.
A missing check when using device mapper with Thin provisioning support
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* NULL pointer dereference when mounting a CIFS filesystem with invalid mount option.
A missing check when mounting a CIFS filesystem with an invalid devname
as a mount option could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when using Netfilter nf_tables chains.
A missing check when using Netfilter nf_tables chains could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* Permission bypass when using IOMMU with Address Translation Service.
A missing check when using IOMMU with Address Translation Service could
let a malicious peripheral device access restricted memory.
* NULL pointer dereference when merging extra information element in Wilocity 60g WiFi card wil6210 driver.
A missing check when merging extra information element in Wilocity 60g
WiFi card wil6210 driver could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.
* Use-after-free when removing VLANs in Intel(R) Ethernet Connection E800 Series driver.
A logic error when removing VLANs in Intel(R) Ethernet Connection E800
Series driver could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.
* NULL pointer dereference when suspending ALSA PCM drivers.
A missing check when suspending ALSA PCM drivers could lead to a NULL
pointer dereference for some of the PCM drivers. A local attacker could
use this flaw to cause a denial-of-service.
* Out-of-bounds access when trying to display a logo bigger than screen size.
A missing check when trying to display a logo bigger than screen size in
the framebuffer driver could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2019-3887: Denial-of-service when running a nested guest in KVM.
A missing check when running a nested guest in KVM could let a L1 guest
access x2APIC Machine Specific Register (MSR) using a L2 guest. A local
attacker running from a L1 guest could use this flaw to cause a
denial-of-service.
* Log spam when punching holes in ext4 bigalloc filesystems.
When fallocating on an ext4 bigalloc filesystem, incorrect code when
freeing clusters might result in a flood of error responses, potentially
resulting in a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-28-Updates
mailing list