[Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-6081-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Thu Jun 1 23:37:36 UTC 2023 

Synopsis: USN-6081-1 can now be patched using Ksplice
CVEs: CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269

Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6081-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 18.04
Bionic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-32269: Use-after-free in Netrom Sockets.

A race condition in netrom when calling accept on an already connected
socket can lead to a use-after-free. A local user could use this flaw to
cause a denial of service or elevate privileges on the system.


* CVE-2023-1118: Use-after-free in ENE eHome Receiver/Tranceiver driver.

A logic error in the ENE integrated infrared receiver/transceiver leads
to a use-after-free. A local user can use this flaw to cause
denial-of-service or escalate privileges.


* CVE-2023-2162: Use-after-free during iSCSI login.

A logic error in the iSCSI login path can result in a use-after-free
error.  This flaw could be exploited by a local attacker to cause
a denial-of-service or to aid in another type of attack.


* CVE-2023-0459: Information leak during userspace access.

Improper handling of user-provided pointers can result in a kernel
information leak.  This flaw could be exploited by an attacker to leak
sensitive information and to aid in other types of attacks.


* CVE-2023-1513: Information leak in KVM ioctl.

Incomplete initialization of structure returned to user during KVM's
KVM_GET_DEBUGREGS ioctl can lead to information leak. This can allow a local
user to access privileged data.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-18.04-updates mailing list