[Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-5418-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Tue May 17 09:16:27 UTC 2022 

Synopsis: USN-5418-1 can now be patched using Ksplice
CVEs: CVE-2021-26401 CVE-2022-0001 CVE-2022-0487 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24958 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966 CVE-2022-27223

Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5418-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 18.04
Bionic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Note: Oracle has determined that CVE-2022-0487 is not applicable.

Oracle has determined that CVE-2022-0487 is not applicable to this
architecture/distribution. Applying the patch results in no changes to
the generated object files.


* CVE-2022-25375: Information leak in RNDIS message for USB Gadget driver.

The USB Gadget subsystem fails to validate the size of a received
RNDIS_MSG_SET command, potentially allowing for a buffer overrun. A
malicious user might exploit this to leak sensitive information from the
kernel.


* CVE-2022-25258: Missing validation of descriptors in USB gadget subsystem.

The USB Gadget subsystem fails to correctly validate os descriptors
passed to it. Malicious data passed to the system might exploit this to
cause a NULL-pointer dereference and denial-of-service.


* CVE-2022-26966: Information leak by the USB2NET SR9700 device driver.

The driver for SR9700 based USB ethernet devices does not correctly sanitize
packets allowing badly formatted packets to potentially leak information to
user space.


* CVE-2022-24958: Use-after-free in USB Gadget file system.

A bad error handling in configuration writing of the USB Gadget file
system could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service or execute arbitrary code.


* CVE-2022-26490: Buffer overflow in STMicroelectronics ST21NFCA NFC driver.

A missing error check in connectivity event handling of the ST21NFCA
NFC driver could result in a buffer overflow. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.


* Note: Oracle has determined that CVE-2022-27223 is not applicable.

The kernel is not affected by CVE-2022-27223 since the code under
consideration is not compiled.


* Out-of-bounds accesses in ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet.

Missing sanity checks in receive data path of ASIX AX88179/178A USB
3.0/2.0 to Gigabit Ethernet could result in out-of-bounds accesses.
A local, privileged user could use this flaw to cause a denial of
service or information disclosure.


* Note: Oracle will not provide a zero-downtime update for XSA-396, CVE-2022-23040, CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23041, and CVE-2022-23042.

Oracle has determined that patching XSA-396 (CVE-2022-23040,
CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039,
CVE-2022-23041, and CVE-2022-23042) would not be safe and recommends
a reboot if Xen PV frontend devices are used with an untrusted PV
backend.

Hosts without any Xen frontend driver loaded are not affected by this
issue.

According to our audits, our customers are not affected by this
issue.


* Note: Oracle will not provide a zero downtime update for CVE-2022-0001 and CVE-2021-26401.

On the 8th of March 2022, Vrije Universiteit (VU) Amsterdam
researchers, AMD, Ampere, ARM and Intel jointly reported new
security vulnerabilities based on Branch Target
Injection (BTI) (commonly called Spectre v2 variants).

The reporters recommend disabling unprivileged BPF to mitigate
this vulnerability as well as using generic retpoline even when
eIBRS is available on the platform or on special AMD/Hygon CPUs.

Unprivileged BPF can already be disabled at runtime by setting
the kernel.unprivileged_bpf_disabled sysctl.

If your CPU is affected and is not already using retpoline as the
Spectre V2 mitigation, a reboot into the newest kernel will be
required in order to get the full retpoline mitigations in place.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-18.04-updates mailing list