[Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-5854-1)

Wed Feb 22 18:47:46 UTC 2023

Synopsis: USN-5854-1 can now be patched using Ksplice
CVEs: CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3542 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41849 CVE-2022-41850 CVE-2022-43750

Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5854-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 18.04
Bionic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-3646: Memory-leak in NILFS2 file system.

A flaw in NILFS2 when failing to create a log writer thread could lead to
a memory leak. A local attacker could use this flaw to exhaust system
memory and cause a denial-of-service.

* CVE-2022-41850: Use-after-free during roccat device event processing.

A race condition can occur when processing events for roccat
devices, which ultimately leads to a use-after-free.  This flaw could
be exploited by a malicious local user to cause a denial-of-service, or
to aid in another type of attack.

* Improved update to CVE-2022-2663: Firewall bypass in IRC connection tracking.

An issue in nf_conntrack_irc in unencrypted IRC protocol message
handling could result in messages being incorrectly matched by the
firewall. A remote user could use this flaw to bypass local firewall
rules.

* CVE-2022-3649: Use-after-free in NILFS2 file system.

A missing sanity check in nilfs2 when handling corrupted on-disk
filesystem data could lead to a use-after-free. An attacker could use
this flaw to cause a denial-of-service or escalate privileges.

* Note: Oracle has determined that CVE-2022-3542 is not applicable.

The kernel is not affected by CVE-2022-3542 since the code under
consideration is not compiled.

* CVE-2022-20369: Privilege escalation in V4L2 memory-to-memory framework.

Improper input validation in the Video for Linux API version 2 subsystem
can lead to an out-of-bounds write. This could lead to a local privilege
escalation or denial-of-service.

* CVE-2022-43750: Use-after-free in USB monitor.

Incorrect permission flags set on userspace memory mappings in usbmon
could lead to a use-after-free. A local attacker could use this flaw for
a denial-of-service or escalate privileges.

* Note: Oracle will not provide a rebootless update for CVE-2022-29900, CVE-2022-29901.

CVE-2022-29900 and CVE-2022-29901 are flaws in the speculative execution
of various processors. This can be used by an unprivileged attacker
to achieve arbitrary speculative code execution under certain
microarchitecture-dependent conditions.

* Note: Oracle will not provide a rebootless update for CVE-2022-26373.

A missing speculation trap after a VM exits to hypervisor could let an
attacker from the VM leak information about the hypervisor.

Oracle has determined that patching CVE-2022-26373 on bionic kernels
would not be safe and recommends rebooting to mitigate the issue.

* Note: Oracle has determined that CVE-2022-39842 is not applicable.

Oracle has determined that the vulnerability does not affect a
running system.

* CVE-2022-41849: Use-after-free when removing SMSC UFX USB device.

A race condition in the SMSC UFX USB video device driver between activating
and deactivating the device could result in a NULL-pointer dereference.
A malicious device might exploit this to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.