[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-0e3fc95979)

[Oracle Ksplice]

Synopsis: FEDORA-2019-0e3fc95979 can now be patched using Ksplice
CVEs: CVE-2019-3882

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-0e3fc95979.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory leak in CIFS file read path.

When SMB2_read encounters certain types of errors, small portions of
memory are not properly freed, leading to a memory leak.  This could
potentially be exploited by a local or remote attacker to waste system
resources and degrade performance.


* Denial-of-service to filesystem in CIFS rename code path.

If a path-based rename fails with EBUSY in cifs_do_rename on an SMB2+
mount, the kernel will attempt to fall back to using the SMB protocol,
which will force a session close.  This could be exploited by a
malicious attacker to disrupt service to the filesystem.


* Denial-of-service during CEPH request creation.

Improper locking in the CEPH filesystem's create_request_message path
can cause a kernel BUG to be triggered under certain conditions. This
could potentially be exploited to cause a denial-of-service.


* Deadlock in NFS4 RPC task callback handling.

A reference counting error in certain callbacks associated with RPC task
structures for NFS4 filesystems can lead to a deadlock.  This could
potentially be exploited by a local or remote attacker to cause a
denial-of-service.


* CVE-2019-3882: Denial-of-service when repeatedly DMA mapping device MMIO.

By repeatedly mapping device MMIO memory via mmap, a malicious user
could potentially consume unbounded system memory, resulting in resource
starvation and a denial-of-service.


* Multiple denial-of-service vectors in ext4 filesystem core.

Several logic errors in various ext4 error paths can cause the kernel
to attempt to treat certain error codes as pointers.  These flaws could
potentially be used to cause a denial-of-service.


* Use of uninitialized data during TIPC error handling.

Improper handling of an error case in tipc_nl_compat_dumpit can lead to
uninitialized data being accessed.  This could cause a bad paging
request, leading to a kernel panic and denial-of-service.


* Multiple denial-of-service vectors in TIPC command handler.

Improper length checks while handling certain TIPC commands can cause
uninitialized data to be accessed.  A remote attacker could potentially
exploit these flaws to cause a denial-of-service.


* Use of uninitialized data in RDS bind/connect paths.

An incorrect length check in the rds_bind/connect code paths can cause
the kernel to attempt to access uninitialized data.  This flaw could be
exploited by a malicious local user to cause unexpected behavior,
including a potential denial-of-service.


* Potential NULL pointer dereference in RxRPC packet receive path.

Missing RCU protections in rxrpc_input_packet can lead to a NULL
pointer dereference and subsequent kernel panic.  This could be used
to cause a denial-of-service.


* Out-of-bounds memory access in IPv4 link failure path.

Missing sanity checks in the ipv4_link_failure can lead to
out-of-bounds memory accesses.  This could cause a system to exhibit
unexpected behavior, and could potentially be exploited to cause a
denial-of-service.


* Multiple use-after-free scenarios in Mellanox driver while handling XDP packets.

Logic errors in the Mellanox driver's code paths which handle XDP traffic can
result in use-after-free scenarios.  These flaws could potentially be exploited
to cause a denial-of-service or other unexpected behavior.


* Potential deadlock in TLS device offload path.

Improper locking in the TLS driver's tls_set_device_offload_rx function
can lead to a deadlock.  This could potentially be used cause a
denial-of-service.


* Potential denial-of-service while processing loopback data in Rose driver.

A failure to properly rate-limit the processing of the ROSE driver's
loopback_queue can lead to CPU lockups when the queue grows large.
This flaw could potentially be exploited by an attacker to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.