[Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-5018-1)

Tue Jul 27 06:22:20 PDT 2021

Synopsis: USN-5018-1 can now be patched using Ksplice
CVEs: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26147 CVE-2020-26558 CVE-2021-0129 CVE-2021-23134 CVE-2021-29155 CVE-2021-31829 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-33909

Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5018-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 18.04
Bionic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Note: Oracle has determined that CVE-2021-33034 is not applicable.

Oracle has determined that CVE-2021-33034 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.

* CVE-2021-32399: Race condition when removing bluetooth HCI controller.

A race condition when removing bluetooth HCI controller could result in
race condition and out-of-bounds write. A malicious unprivileged user
might able to exploit this to cause a denial-of-service or escalate
their privileges.

* CVE-2021-29155, CVE-2021-33200, CVE-2021-31829: Information disclosure in eBPF due to out of bounds pointer arithmetic.

Out of bounds pointer arithmetic flaw in the eBPF implementation could
allow an attacker to bypass the protection and execute speculatively
out-of-bounds loads from the kernel memory leading to extraction of
the kernel memory contents via a side-channel. A local, special user
privileged (CAP_SYS_ADMIN) BPF program could use this flaw for sensitive
information disclosure.

* CVE-2020-26139: Remote denial-of-Wifi-service via malicious EAPOL frames.

When acting as an access point, the kernel WiFi driver might forward
EAPOL frames to other devices that have not successfully authenticated.
A malicious device might exploit this to cause a denial-of-service of
the WiFi connection towards legitimately connected clients.

* CVE-2020-26147: Information disclosure/packet injection over WEP/WPA WiFi.

The kernel 802.11 WiFi driver erroneously combines encypted and
plaintext fragments, potentially allowing an attacker to intercept or
inject into a legitimate encrypted WiFi connection.

* CVE-2021-23134: Privilege elevation in NFC subsystem when binding or connecting sockets.

A use-after-free flaw in NFC subsystem could happen when binding or
connecting sockets. A privileged local user with the CAP_NET_RAW
capability could use this flaw to elevate their privileges.

* CVE-2021-0129, CVE-2020-26558: Man-in-the-middle disclosure of bluetooth passkey.

The kernel bluetooth pairing process contains a flaw that might allow a
malicious nearby device to determine the passkey used to complete the
pairing, or potential pair itself instead.

* Note: Oracle will not provide a zero-downtime update for CVE-2020-24587 and CVE-2020-24586.

CVE-2020-24587 (CVSS v3 score of 2.6) and CVE-2020-24586 (CVSS v3 score of
3.5) might allow an attacker to inject L2 frames in a WiFi network using
WEP, WPA/CCMP or WPA/GCMP or to exfiltrate network data on certain
conditions.  Host machines that are not connected to a WiFi network are not
affected.

Oracle has determined that patching CVE-2020-24587 and CVE-2020-24586 would
not be safe and recommends affected hosts to reboot into the newest Ubuntu
kernel to mitigate the vulnerabilities.

* CVE-2020-24588: Mishandling of malformed A-MPDU frames in 802.11 Networking Stack.

Mishandling of malformed A-MPDU frames in 802.11 Wireless Networking
Stack could allow an attacker to inject network packets. A physically
proximate attacker could use this flaw to compromise the system
integrity.

* CVE-2021-33909: Code execution in the virtual file system.

An unsigned to signed integer conversion flaw in the virtual file system
implementation could lead to a system crash. A local attacker could use
this flaw to execute arbitrary code or cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.