[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-69c132b061)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Jul 9 02:50:07 PDT 2019 

Synopsis: FEDORA-2019-69c132b061 can now be patched using Ksplice
CVEs: CVE-2019-12984

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-69c132b061.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory leak when closing IO uring interface.

A logic error when releasing unix domain socket links to an io uring
interface could lead to a memory leak. A local attacker could use this
flaw to exhaust kernel memory and cause a denial-of-service.


* Memory leak in error path in LRU infrastructure.

A missing free of resources in error path when using LRU infrastructure
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* Use-after-free in dentry cache handling code of OCFS2 driver.

A race condition in dentry cache handling code of OCFS2 driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service on allocation path when using Contiguous Memory Allocator.

A logic error on allocation path when using Contiguous Memory Allocator
(CMA) could lead to a denial-of-service. A local attacker could use this
flaw to cause a denial-of-service.


* Information leak in ptrace when reading signal information from a process.

A missing initialization of on-stack data when reading signal
information from a process could lead to an information leak. A local
attacker could use this flaw to leak information about running kernel
and facilitate an attack.


* Information leak when changing credentials of a process while another one try to ptrace it.

A race condition could let a process ptrace another one it is not
allowed to if this other process is changing its credentials. A local
attacker could use this flaw to leak information about running process
and facilitate an attack.


* Stack corruption when inserting a key in Block device as cache driver.

A logic error when using Block device as cache driver could lead to
using corrupted stack data. A local attacker could use this flaw to
cause a denial-of-service.


* NULL pointer dereference when setting writeback property on a block device as cache not attached.

A logic error when user set writeback property on a block device as
cache not attached could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* Deadlock when a dying task tries to get a cgroup_subsys_state object.

A logic error when a dying task tries to get a cgroup_subsys_state object
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* Use-after-free in ALSA for SoC audio driver.

A logic error when cleaning up card resources in ALSA for SoC audio
driver could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free when retrieving ALSA port subscriber.

A locking error when retrieving ALSA port subscriber from "get
subscription info" ioctl could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds access when parsing extended attribute of F2FS filesystem.

A logic error when parsing extended attribute of a corrupted or
specially crafted F2FS filesystem could lead to an out-of-bounds access.
A local attacker could use this flaw to cause a denial-of-service.


* Use-after-free when freeing TCP BPF buffer in NET_SOCK_MSG framework.

A logic error when removing TCP BPF buffer in NET_SOCK_MSG framework
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* Out-of-bounds access in debug messages of QLogic QEDI 25/40/100Gb iSCSI Initiator driver.

A logic error in debug messages of QLogic QEDI 25/40/100Gb iSCSI
Initiator driver could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service.


* Deadlock when performing controller ioctls in NVMe driver.

A locking error when performing controller ioctls in NVMe driver could
lead to deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* Memory leak when uninitializing NVMe controller.

A logic error when uninitializing NVMe controller could lead to a memory
leak. A local attacker could use this flaw to exhaust kernel memory and
cause a denial-of-service.


* Undefined behavior when handling unsolicited event notification in QLogic FCoE offload driver.

A logic error when handling unsolicited event notification in QLogic
FCoE offload driver could lead to undefined behavior.


* NULL pointer dereference when using Histogram triggers in tracing framework.

A missing check when using Histogram triggers in tracing framework could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* Invalid memory access when setting nested guest state in KVM.

A logic error while reading the shadow VMCS when setting nested guest
state in KVM could lead to an invalid memory access. A local attacker
could use this flaw to cause a denial-of-service.


* Denial-of-service when setting an invalid process state in KVM.

A too verbose printing when setting an invalid process state in KVM from
user space could lead to spam of the kernel console. A local attacker
could use this flaw to cause a denial-of-service.


* Out-of-bounds access in DRM driver for VMware Virtual GPU when setting shader.

A missing check when setting shader in DRM driver for VMware Virtual GPU
could lead to an out-of-bounds access. A local attacker could use this
flaw to cause a denial-of-service.


* NULL pointer dereference when setting a view in DRM driver for VMware Virtual GPU.

A missing check when setting a view in DRM driver for VMware Virtual GPU
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* NULL pointer dereference when adding an uprobe event.

A logic error when adding a uprobe event could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference in x86 CPU resource control support.

A missing check when using x86 CPU resource control support on a cpu
without MBM enabled could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* Deadlock when connecting Amateur Radio AX.25 Level 2 protocol socket.

A locking error when connecting Amateur Radio AX.25 Level 2 protocol
socket could lead to a deadlock. A local attacker could use this flaw to
cause a denial-of-service.


* Use-after-free in IPV6 flowlabel socket lookup.

A refcount issue in IPV6 flowlabel socket lookup could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when dumping network neighbour table through /proc.

A missing lock when dumping network neighbour table through /proc could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* Use-after-free when registering a Open vSwitch fails.

A logic error when registering a Open vSwitch fails could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-12984: NULL pointer dereference when deactivating target in NFC subsystem.

A missing check on user input when deactivating target in NFC subsystem
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Memory leak when handling cookies in the SCTP protocol.

A missing free of resources when handling cookies in the SCTP protocol
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* Memory leak when deleting a group in The Transparent Inter Process Communication protocol.

A missing free of resources when deleting a group in The Transparent
Inter Process Communication (TIPC) protocol could lead to a memory leak.
A local attacker could use this flaw to exhaust kernel memory and cause
a denial-of-service.


* Memory leak when reloading Mellanox 5th generation network interface.

A logic error when reloading Mellanox 5th generation network interface
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* NULL pointer dereference when checking statistics on Microchip KSZ9477 ports.

A missing check when checking statistics on Microchip KSZ9477 ports
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free when detaching netdev in Mellanox 5th generation network adapters.

A missing check when detaching netdev in Mellanox 5th generation network
adapters could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* Use-after-free when dumping Netfilter nf_tables.

A logic error when dumping Netfilter nf_tables could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when unregistering IP virtual server module.

A logic error when unregistering IP virtual server module could lead to
a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when creating a XHCI debugfs for USB endpoint.

A missing check when creating a XHCI debugfs for USB endpoint could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Buffer overflow when getting device name in Modular ISDN driver.

A missing check on user input when getting device name in Modular ISDN
driver could lead to a buffer overflow. A local attacker could use this
flaw to cause a denial-of-service.


* Memory leak when using combined read/write transfer with an I2C device.

A missing free of resources when using combined read/write transfer with
an I2C device could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* Use-after-free when releasing dentry inode in Userspace-driven configuration filesystem.

A logic error when releasing dentry inode in Userspace-driven
configuration filesystem could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* Invalid memory access when using Distributed File System over CIFS.

An invalid free of resource when using Distributed File System over CIFS
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* Memory leak when allocating a queue in the Block multiqueue core driver.

A missing free of resources when allocating a queue in the Block
multiqueue core driver fails could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* NULL pointer dereference when checking routes in Chelsio iSCSI driver.

A missing check when checking routes in Chelsio iSCSI driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* NULL pointer dereference when unloading SPC-3 ALUA Device Handler driver.

A logic error when unloading SPC-3 ALUA Device Handler driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service when discovering expander in SAS Domain Transport Attributes fails.

A logic error when discovering expander in SAS Domain Transport
Attributes fails could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.


* Memory leak when creating sysfs in OCFS2 file system driver.

A missing free of resources when creating sysfs in OCFS2 file system
driver fails could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* NULL pointer dereference on I/O queue connect timeout in NVM Express over Fabrics TCP host driver.

A logic error on I/O queue connect timeout in NVM Express over Fabrics
TCP host driver could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds access when parsing apparmor user policy.

A logic error when getting apparmor user policy could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* Out-of-bounds access when unpacking apparmor policy.

A missing check on user input when unpacking apparmor policy could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.


* Memory leak when registering a parallel port fails.

A missing free of resources when registering a parallel port fails could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.


* Memory leak when using Keyed-Hashing for Message Authentication cryptographic driver.

A missing free of resources when  using Keyed-Hashing for Message
Authentication cryptographic driver could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Memory leak when unmapping a DMA buffer in userspace DMA driver.

A missing free of resources when unmapping a DMA buffer in userspace DMA
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* Integer overflow in namespace list calculation of NVMe driver.

A logic error in namespace list calculation of NVMe driver could lead to
an integer overflow. A local attacker could use this flaw to cause a
denial-of-service.


* Memory leak when creating a new wiphy in cfg80211 driver.

A missing free of resources when creating a new wiphy for use with
cfg80211 driver could lead to a memory leak.  A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* Memory leak when dumping stations in netlink-based wireless configuration interface.

A missing free of resources when dumping stations in netlink-based
wireless configuration interface fails could lead to a memory leak. A
local attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Invalid memory access when using AES-GMAC for IEEE 802.11 driver.

Use of on-stack variables when using AES-GMAC for IEEE 802.11 driver
could lead to an invalid memory access or a kernel assert. A local
attacker could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-29-Updates mailing list