[Ksplice][RHEL8-Updates] New Ksplice updates for RHEL 8 (ELSA-2023-5244)

Oracle Ksplice quentin.casasnovas at oracle.com
Thu Sep 28 07:25:02 UTC 2023 

Synopsis: ELSA-2023-5244 can now be patched using Ksplice
CVEs: CVE-2023-2002 CVE-2023-3090 CVE-2023-35001 CVE-2023-35788 CVE-2023-3776 CVE-2023-4004

Systems running Red Hat Enterprise Linux 8 can now use Ksplice to
patch against the latest Red Hat kernel update, ELSA-2023-5244.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-5244.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHEL 8 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.

Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.


* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.

A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.


* CVE-2023-4004: Privilege escalation in netfilter PIPAPO.

A use-after-free when removing a policy from the netfilter Pile Packet
Policies subsystem might result in a denial-of-service or arbitrary code
execution.


* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount error.

Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a
denial-of-service.


* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.

A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack.  This flaw could be exploited by a
local attack to cause a denial of service, or other undefined behavior.


* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.

An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted.  This can allow
escalation of privileges, denial-of-service and information leak.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-RHEL8-Updates mailing list