[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2019-1b986880ea)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue May 14 16:35:33 PDT 2019 

Synopsis: FEDORA-2019-1b986880ea can now be patched using Ksplice
CVEs: CVE-2019-9500

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-1b986880ea.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference during Echo Audio driver initialization.

A failure to ensure that an ioremap operation was successful can lead to
a NULL pointer dereference in snd_echo_create.  This could potentially
be used to cause a denial-of-service.


* Potential panic in Infiniband driver while handling inetdev event.

A failure to check if a pointer is set before attempting to dereference
it can lead to a NULL pointer dereference in the i40iw driver's inetdev
event processing path.  This flaw could potentially be used to cause a
denial-of-service.


* NULL pointer dereference in SCSI ioctl handler path.

Some incorrect assumptions about the existence of a SCSI request's CPU
pointer can lead to a NULL dereference when handling certain ioctl()s.
This could potentially cause a denial-of-service.


* Potential system crash in f2fs extended attribute code.

Several functions in the f2fs code related to extended file attributes
attempt to free memory improperly, which can lead to a kernel panic.
This flaw could potentially be exploited by a malicious local user
to cause a denial-of-service.


* Filesystem data corruption during certain ext4 operations.

Under certain conditions, it is possible for an ext4 filesystem to
attempt to clear out unused space using information gathered from stale
metadata.  This could lead to portions of filesystem data being erased
unexpectedly.


* CVE-2019-9500: Potential heap overflow in Broadcom FullMAC WLAN driver.

A missing length check in the brcmfmac driver can lead to a buffer
overflow on the heap.  This could cause a system to exhibit unexpected
behavior, and could potentially lead to a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-28-Updates mailing list