[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-0ba1e6642f)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Mar 29 06:13:25 PDT 2019 

Synopsis: FEDORA-2019-0ba1e6642f can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-0ba1e6642f.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory leak when creating client in Plan 9 Resource Sharing Support driver.

A wrong error handling when creating client in Plan 9 Resource Sharing
Support driver could lead to a memory leak. A local attacker could use
this flaw to cause a denial-of-service.


* Memory leak when using mount namespace with cgroup.

A missing initialization of on stack variable when using mount namespace
with cgroup could lead to a memory leak. A local attacker could use this
flaw to exhaust kernel memory and lead to a denial-of-service.


* NULL pointer dereference when using Intel AES-NI instructions for AES algorithm.

A missing check when encrypting an empty plaintext with Intel AES-NI
instructions for AES algorithm driver could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when opening trace_pipe in trace filesystem.

A logic error in error path when opening trace_pipe in trace filesystem
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* Memory leak when using Kernel performance events and counters.

A logic error when using Kernel performance events and counters could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.


* Deadlock when resetting VMware Balloon driver.

A logic error when resetting VMware Balloon driver could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* Deadlock when releasing commands in Linux-iSCSI.org iSCSI Target Mode Stack driver.

A locking error when releasing commands in Linux-iSCSI.org iSCSI Target
Mode Stack driver could lead to a deadlock. A local attacker could use
this flaw to cause a denial-of-service.


* Deadlock in BTRFS when setting acl or creating trees.

A logic error when allocating data while creating trees or setting acl
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* Divide by zero error when mounting a corrupted BTRFS image.

A logic error when mounting a corrupted BTRFS image could lead to a
divide by zero error. A local attacker could use this flaw with a
crafted BTRFS image to cause a denial-of-service.


* NULL pointer dereference when scrubbing a BTRFS filesystem.

A missing initialization when scrubbing a BTRFS filesystem could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Deadlock while reflinking and renaming at the same time in BTRFS.

A locking error when reflinking and renaming at the same time in BTRFS
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* Denial-of-service when soft offlining a transparent huge page.

A refcount error when soft offlining a transparent huge page could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* Invalid memory access when mapping vmalloc pages to userspace.

A logic error when mapping vmalloc pages to userspace while guard page
is enabled could lead to an invalid memory access. A local attacker
could use this flaw to cause a denial-of-service.


* Invalid memory access when disabling irq in GPIO PCA95[357]x driver.

A logic error when disabling irq in GPIO PCA95[357]x driver could lead
to an invalid memory access. A local attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service during online resizing with EXT4 filesystems.

A missing check during online resizing with EXT4 filesystems could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when using Intel OPA Gen1 driver.

A refcount error when disabling and removing a receive context in Intel
OPA Gen1 driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* NULL pointer dereference in RDMA verbs transport library.

A refcount error in RDMA verbs transport library could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Out-of-bounds access when using Selinux hook to bind a socket.

A missing check when using Selinux hook to bind a socket could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* Permission bypass when mounting network filesystems.

A logic error when mounting network filesystems using Selinux wrapper
could lead to a NFSv4 Security Labels bypass. A local user could use
this flaw to leak information.


* Use-after-free when unloading IPMI System Interface handler.

A logic error when accessing /proc/ioports after unloading IPMI System
Interface handler could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* NULL pointer dereference when registering Silicon Motion SM501 driver.

A missing check when registering Silicon Motion SM501 driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Memory leak when failing to add NFS requests to the I/O queue.

Missing free of resources when failing to add NFS requests to the I/O
queue could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* Memory corruption during NFSv3 readdir request.

A logic error during NFSv3 readdir request could lead to a memory
corruption or an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* NULL pointer dereference when running fstrim on a bcache volume.

A missing check when running fstrim on a bcache volume could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* NULL pointer dereference when setting up fbdev fail.

A logic error when setting up fbdev fail could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Data corruption when using tee() between two pipes.

Two different pipes can affect each other when the tee system call was
used from one to the other.  Given one end of one pipe, an attacker
could manipulate what's read in the other pipe or read data that was not
supposed to be shared.  An attacker could use this flaw to eavesdrop
other processes or inject data.


* Permission bypass when copying up file in overlay filesystem.

A logic error when copying up file in overlay filesystem could clear
security capabilities attributes associated to a file in the the lower
filesystem. A local attacker could use this flaw to bypass permissions.


* Use-after-free when two threads works with same memory mapping.

A race condtion when one thread mmaps/writes/munmaps memory area while
another thread read from it could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* Permissions bypass when parsing /proc entries inputs.

A missing check in a generic function used to check /proc entries values
submitted by a user could lead to out-of-bounds accesses. A local
attacker could use this flaw to write targetted memory in the kernel and
bypass permissions.


* Speculative execution during a VM exit in KVM for Intel driver.

Lack of clearing registers during a VM exit could lead to a speculative
execution. A untrusted guest could use this flaw to leak information
about running kernel.


* Potential memory protection bypass in guest VM.

A logic error when computing displacements of VMX instructions's memory
operands could lead to a potential segment memory protection bypass from
a guest VM.


* Deadlock when replacing a BTRFS device by another one.

A locking error in error path when replacing a BTRFS device by another
one could lead to a deadlock. A local attacker could use this flaw to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-29-Updates mailing list