[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (5.1.16-200.fc29)

[Oracle Ksplice]

Synopsis: 5.1.16-200.fc29 can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, 5.1.16-200.fc29.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Out-of-bounds memory access when probing in Qualcomm MSM based 3G and LTE modems drivers.

A type confusion in the logic to select special quirks in the Qualcomm MSM
based 3G and LTE modems drivers could lead to reading invalid memory.  A
local attacker could use this flaw to cause a denial-of-service.


* Integer overflow when building the bitmap of idle pages.

An integer overflow when aligning the last page frame number of a file
mapped in memory when building the bitmap of idle pages could lead to
undefined behaviour.  A local attacker could use this flaw to cause a
kernel crash or potentially access memory otherwise protected.


* Invalid memory access in the IO uring library kernel submission thread.

Failure to initialize the request file member before the kernel submission
thread is started in the IO uring library could lead to dereferencing
invalid memory.  A local user could use this flaw to cause a
denial-of-service or potentially escalate privileges.


* Use-after-free in the VMWare para virtualized SCSI when locking a queue.

A race condition in the VMWare para virtualized SCSI driver when locking a
queue could lead to a use-after-free.  A local user with the ability to
cause events in this driver could use this flaw to get read or write
primitives, facilitating an attack.


* Properly allow guests to use the Speculative Store Bypass Disable hardware mitigation.

A logic error when calculating the CPU features that the guest is allowed
to use prevented guests to use the Speculative Store Bypass Disable
hardware mitigation when the host had it disabled.


* Out-of-bounds memory access in the Intel resource controller.

Incorrect type selection when operating on bitmaps in the Intel resource
controller could lead to overflows and undefined behaviours.  A local user
could use this flaw to cause a denial-of-service.


* Memory leak in the Unix sockets when setting up the packet ring.

A failure to release memory for the pages allocated when setting up the
packet ring leads to a memory leak.  A local attacker can use this flaw to
cause a denial-of-service through memory starvation.


* Use-after-free in the network TLS protocol when closing a socket with partial records.

A logic error in the TLS protocol implementation could lead to a
use-after-free when closing a TLS socket with partial records.  An attacker
could use this flaw to cause a denial-of-service.


* Memory leak in the SCTP protocol when initializing an endpoint.

Incorrect ordering when initializing the fields of an SCTP endpoint could
lead to a memory leak on error.  A local attacker could use this flaw to
cause a denial-of-service through memory starvation.


* Denial-of-service in the TIPC protocol netlink compat interface.

Type confusion in the TIPC protocol netlink compat interface could lead to
read uninitialized memory and potentially lead to an information leak.  A
local attacker could use this flaw to gain information about a running
kernel further facilitating an attack.


* Invalid memory write when transmitting data over TIPC.

A logic error when transmitting data in the TIPC protocol over UDP could
lead to invalid memory writes in the kernel per-cpu area.  A local attacker
could use this flaw to cause a denial-of-service or escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.