[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-8219efa9f6)

[Oracle Ksplice]

Synopsis: FEDORA-2019-8219efa9f6 can now be patched using Ksplice
CVEs: CVE-2019-3900 CVE-2019-9503

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-8219efa9f6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Improved fix for Spectre v1: Information leak in ATM LAN emulation driver.

A failure to sanitize a user controlled array index in the Asynchronous
Transfer Mode LAN emulation driver can lead to kernel memory being
leaked to userspace.  A local attacker could exploit this flaw to leak
information about the running system.


* Use-after-free in the Foo-over-UDP driver's packet receive path.

In certain cases, it's possible for the FOU driver to attempt to access
packet header data which may have already been freed.  This can cause
a system to exhibit unexpected behavior, and could lead to a
denial-of-service.


* Memory leak during TLS context structure teardown.

A logic error in the code path that handles the freeing of certain
structures used for TLS transactions can result in a memory leak.  This
flaw could potentially be exploited to waste system resources and
degrade performance.


* Denial-of-service in Stream Parser receive path.

A flaw exists in the Stream Parser's receive path that can lead to a
stack overflow, and a potential kernel panic.  A remote attacker could
potentially exploit this flaw to cause a denial-of-service.


* Memory access violations during TLS transaction handling in Mellanox driver.

Several logic and locking errors in the Mellanox driver's handling of
TLS transactions can lead to use-after-free scenarios, or a potential
out-of-bounds memory access.  These flaws could cause a system to
behave unexpectedly, and could result in a denial-of-service.


* NULL dereference during IPv6 PMTU update.

A failure to check if a pointer is set before attempting to access it
can lead to a NULL pointer dereference in the IPv6 PMTU update path.
This could potentially cause a denial-of-service.


* Out-of-bounds access during CIFS mount.

A subtle error in handling certain combinations of mount options can
cause a out-of-bounds access in the CIFS mount path.  This could cause
a system to exhibit unexpected behavior, and may lead to a
denial-of-service.


* Memory leak in CIFS symlink query path.

A failure to close a file handle under certain conditions can lead to
a memory leak in the CIFS code path that deals with symlinks.  This
flaw could potentially be exploited by a malicious local user to waste
system resources and degrade performance.


* Guest VM leaks bits into host control register, causing host to panic.

In the event that a guest VM schedules out during a machine check error,
the host's XCR0 register may get populated with incorrect values.  This
will cause a general protection fault on the host, leading to a
denial-of-service.


* Potential deadlock in in MT76 driver's transmit path.

A lock ordering issue in the MT76 driver core can lead to a deadlock
in certain cases.  This could be used to cause a denial-of-service.


* CVE-2019-3900: Infinite loop in vhost_net driver under heavy load.

It is possible, under certain conditions, for the vhost_net driver to
get caught in a near-infinite loop while trying to process incoming
packets.  This flaw could be exploited by a malicious local or remote
attacker in order to cause a deny access to network services that rely
on the vhost_net driver.


* CVE-2019-9503: Denial-of-service when receiving firmware event frames over a Broadcom WLAN USB dongle.

A failure to validate firmware event frames received over a Broadcom
WLAN USB dongle could let a remote attacker cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.