[Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-5094-1)

[Oracle Ksplice]

Synopsis: USN-5094-1 can now be patched using Ksplice
CVEs: CVE-2021-22543 CVE-2021-3573 CVE-2021-3679 CVE-2021-3732 CVE-2021-37576 CVE-2021-38204 CVE-2021-38205

Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5094-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 18.04
Bionic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Note: Oracle has determined that CVE-2021-37576 is not applicable.

The kernel is not affected by CVE-2021-37576 since the code under
consideration is not compiled.


* CVE-2021-3679: Denial-of-service in kernel tracing subsystem.

A logic error when constructing certain calls to the kernel tracing
subsystem may lead to a deadloop.  This may allow a privileged local
user to cause a denial-of-service.


* CVE-2021-22543: Privilege escalation in KVM due to RO page check bypass.

The reference counts of VM_IO|VM_PFNMAP pages can be manipulated to
cause a deliberate use-after-free. This can be manipulated to cause
writes to arbitrary memory pages, allowing a malicious user with the
ability to create virtual machines to escalate their privileges.


* CVE-2021-3732: Information disclosure in OverlayFS when mounting a filesystem.

A logic flaw in mounting functionality of OverlayFS subsystem could
allow an unprivileged local user with permissions to mount a filesystem
to access hidden files that should not be accessible in the original mount.
An unprivileged local attacker could use this flaw for information
disclosure.


* Note: Oracle has determined that CVE-2021-38205 is not applicable.

The kernel is not affected by CVE-2021-38205 since the code under
consideration is not compiled.


* CVE-2021-38204: Denial-of-service in MAX3421 HCD (USB-over-SPI) support due to use-after-free.

A flaw in SPI write operations of MAX3421 HCD (USB-over-SPI) support
could lead to a use-after-free when removing a MAX-3421 USB device in
certain situations. A physically proximate attack could use this flaw
to cause a denial-of-service.


* Out-of-bounds memory access in the proc pseudo-filesystem mem file.

An integer overflow in the proc pseudo-filesystem mem file could lead to
an out-of-bounds memory access. A local user with with the permission to
ptrace a target process could use this flaw to bypass memory protections
to read/write otherwise protected memory areas.


* Note: Oracle will not provide a zero-downtime update for CVE-2021-3573.

Improper handling of HCI device detach events in the bluetooth subsystem
could lead to a use-after-free. A privileged local user could use this
flaw to cause a denial-of-service or possibly execute arbitrary code.

CVE-2021-3573 affects bluetooth subsystem only and would require
CAP_NET_ADMIN privileges for exploiting the issue.

Oracle has determined that patching CVE-2021-3573 on a running system
would not be safe and therefore recommends affected hosts to reboot
into the newest kernel to mitigate the vulnerabilities.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.