[Ksplice][Ubuntu-17.04-Updates] New Ksplice updates for Ubuntu 17.04 Zesty (USN-3293-1)

[Oracle Ksplice]

Synopsis: USN-3293-1 can now be patched using Ksplice
CVEs: CVE-2017-2596 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7477 CVE-2017-7616

Systems running Ubuntu 17.04 Zesty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3293-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 17.04
Zesty install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service in XFS mount validation.

Multiple flaws in the XFS mount code can result in a kernel crash when
loading corrupted filesystem images. A local attacker with the ability
to mount filesystems could use this flaw to cause a denial-of-service.


* Denial-of-service in XFS inode alignment logic.

A failure to handle the case where the bock size is greater than the
inode cluster size can lead to an assertion failure. An attacker with
the ability to mount filesystems could use this flaw to cause a
denial-of-service.


* CVE-2017-7187: Denial-of-service in SCSI driver ioctl handler.

The ioctl handler function in SCSI driver allows local users to cause a
denial of service (stack-based buffer overflow) or possibly have
unspecified other impact via a large command size in an SG_NEXT_CMD_LEN
ioctl call, leading to out-of-bounds write access in the sg_write
function.


* Use-after-free in ALSA sequencer buffer resizing.

A race condition when resizing a FIFO in the ALSA sequencer
implementation can lead to a use-after-free. A local attacker with
access to an ALSA sequencer device could use this flaw to crash the
kernel.


* Out-of-bounds write in crypto subsystem.

A failure to check bounds for cryptographic operations can result in the
overrun of a buffer. A local attacker could use this flaw to crash the
kernel.


* Denial-of-service in USB URB submission.

A flaw in the error handling of sending URB packets can result in
memory corruption. A local attacker with access to USB devices could use
this flaw to crash the kernel.


* Use-after-free in KVM bus registration handling.

A failure to correctly handle unregistering devices from the KVM bus can
result in a use-after-free. A local attacker with access to virtual
machine management could use this flaw to crash the kernel or escalate
privileges.


* Information disclosure in /proc/[pid]/syscall output.

A failure to correctly sanitize information in the /proc/[pid]/syscall
handler can result in sensitive kernel memory being exposed to
userspace. A local attacker could use this flaw to facilitate a further
attack.


* Denial-of-service in hugetlb page manipulation.

A race condition in hugetlb page management in response to madvise hints
can result in a kernel crash. A local attacker with access to huge pages
could use this flaw to cause a denial-of-service.


* Denial-of-service in parallel data subsystem.

A race condition in the pdata subsystem can result in a kernel crash
when under heavy usage. A local attacker could use this flaw to cause a
denial-of-service.


* Malicious code injection in VMWare virtual GPU fence object.

Fence objects in the VMWare virtual GPU system were not properly
type-checked from userspace, potentially allowing a user to inject
malicious code.


* CVE-2017-7261: Denial-of-service when creating surface using DRM driver for VMware Virtual GPU.

A missing parameter check when using "surface define" ioctl of DRM
driver for VMware Virtual GPU could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.


* Information leak in VMWare virtual GPU capability sysctl.

A missing size check in the VMWare virtual GPU vmw_get_cap_3d_ioctl()
call could potentially expose kernel memory to userspace.


* CVE-2017-7294: Denial-of-service when defining surface using DRM driver for VMware Virtual GPU.

A missing parameter check when using "create surface" ioctl of DRM
driver for VMware Virtual GPU could lead to an integer overflow. A local
attacker could use this flaw to cause a denial-of-service.


* Denial-of-service/information leak due to error condition in sysfs ops->show().

Incorrectly sanitizing error output from sysfs ops->show() could cause the
next sysfs read or write to run out of bounds, potentially exposing
kernel memory or causing a denial-of-service.


* Denial-of-service in 80211 wireless resume callback.

A use-after-free in the generic 80211 wireless resume callback when
resuming an idle device could cause a kernel BUG and a
denial-of-service.


* Denial-of-service due to race condition in ptrace state.

A race condition in the ptrace signal handling can cause memory
corruption in the kernel, causing a kernel panic and denial-of-service.


* Denial-of-service due to race condition in DAX filesystem radix tree.

A race condition in the Direct-Access Filesystem radix tree could cause
memory corruption, causing a kernel panic and denial-of-service.


* Denial-of-service in Broadcom 802.11 virtual interface.

A use-after-free in the Broadcom 802.11 driver causes an invalid memory
access, potentially causing a kernel panic and denial-of-service.


* Denial-of-service caused by RAID1 device with missing metadata.

Invalid logic allowed device-mapper to create a RAID1 device with no
metadata devices. This could cause a kernel panic and denial-of-service.


* CVE-2017-7616: Information leak via set_mempolicy() and mbind().

Incorrect error handling in the set_mempolicy() and mbind() syscalls
allows local users to obtain sensitive information from uninitialized
stack data by triggering failure of a certain bitmap operation.


* CVE-2017-2596: Memory leak in KVM VMXON emulated instruction.

When processing a VMXON instruction for a guest machine, the reference
count of the emulated VMXON memory region could be over-incremented,
resulting in a leak of the region and eventual denial-of-service


* Denial-of-service in NFS flexfile layout driver.

Incorrect error handling in NFS flexfile layout driver could lead to a
NULL pointer dereference. An attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when loading Ralink rt2x00usb driver.

Incorrect error handling when loading Ralink rt2x00usb driver could lead
to a NULL pointer dereference in case of failure. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2017-7477: Remote Denial-of-service in 802.1AE implementation.

A flaw in the handling of memory allocation in the macsec driver can
result in a buffer overflow.  A remote attacker could use this flaw to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.