[Ksplice][Ubuntu-17.10-Updates] New Ksplice updates for Ubuntu 17.10 Artful (USN-3677-1)

Thu Jun 14 10:24:39 PDT 2018

Synopsis: USN-3677-1 can now be patched using Ksplice
CVEs: CVE-2018-1068 CVE-2018-1092 CVE-2018-3639 CVE-2018-7492 CVE-2018-8087 CVE-2018-8781

Systems running Ubuntu 17.10 Artful can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3677-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 17.10
Artful install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2018-8087: Memory leak when using Simulated radio testing tool for mac80211.

A missing release of resources when creating a new radio in Simulated
radio testing tool for mac80211 could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.

* CVE-2018-1068: Privilege escalation in bridging interface.

Lack of userspace parameter sanitization in the 32-bit syscall interface
for bridging allows a user with limited privilege to write into kernel
memory. This flaw could be exploited to escalate privilege.

* CVE-2018-1092: NULL pointer dereference when using unallocated root directory on ext4 filesystem.

A missing check when using unallocated root directory on ext4 filesystem
could lead to a NULL pointer dereference. A local attacker could mount a
crafted ext4 filesystem and cause a denial-of-service.

* CVE-2018-8781: Integer overflow when mapping memory in USB Display Link video driver.

A missing check on user input when mapping memory in USB Display Link
video driver could lead to an integer overflow. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2018-7492: Denial-of-service when setting options for RDS over Infiniband socket.

A missing check when setting RDS_GET_MR option for RDS over Infiniband
socket could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

* Kernel crash in AMD KVM CPU execution.

Incorrect handling of speculation restriction when running a KVM guest
on an AMD system could result in an invalid memory dereference and
reboot.

* Improved AMD fix to CVE-2018-3639: Speculative Store Bypass information leak.

The original vendor fix for CVE-2018-3639 did not expose the mitigation
to KVM guests on AMD or correctly handle symmetric multithreading (SMT)
systems.

This update enables the speculative store bypass mitigation full time to
protect guests and SMT systems by default on AMD systems and can be
manually enabled/disable by writing 1/0 to
/proc/sys/vm/ksplice_ssbd_control.  The /proc/sys/vm/ksplice_ssbd_status
file reports the current mitigation status.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.