[Ksplice][Ubuntu-19.10-Updates] New Ksplice updates for Ubuntu 19.10 Eoan (USN-4183-1)

Gregory Herrero gregory.herrero at oracle.com
Mon Dec 16 07:51:33 PST 2019 

Synopsis: USN-4183-1 can now be patched using Ksplice
CVEs: CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 CVE-2019-15791 CVE-2019-15792 CVE-2019-15793 CVE-2019-16746 CVE-2019-17666 CVE-2019-18806 CVE-2019-18807 CVE-2019-19076 CVE-2019-19080 CVE-2019-19081

Systems running Ubuntu 19.10 Eoan can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4183-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 19.10
Eoan install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-18806: Memory leak when allocating large buffers in QLogic QLA3XXX Network driver.

A missing free of resources when allocating large buffers in QLogic
QLA3XXX Network driver could lead to a memory leak. A local attacker
could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* CVE-2019-17666: Out-of-bounds access when using Realtek Wireless Network driver in P2P mode.

A logic error when using Realtek Wireless Network driver in P2P mode
could lead to an out-of-bounds access. A remote attacker within the
wireless radio range of the victim could use this flaw to cause a
denial-of-service.


* CVE-2019-16746: Potential buffer overflow when processing IEEE80211 beacon head.

A failure to validate the beacon frame header along with other beacon
frame attributes can lead to malformed data eventually being processed.
This can potentially be exploited by a remote attacker to cause a buffer
overflow, which can be leveraged to perform other types of attacks.


* CVE-2019-15791: Use-after-free in shiftfs btrfs ioctl handling.

A logic error shiftfs btrfs ioctl handling could lead to a reference
count underflow and to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-15792: Invalid memory access in shiftfs file descriptor handling.

A type confusion when casting opaque data in shiftfs file descriptor
handling could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-15793: Permission bypass in shiftfs implementation.

A logic error in the shifts implementation could lead to a permission by
pass when the lower filesystem is not in the init user namespace. A
local attacker could use this flaw to access sensitive information.


* CVE-2019-11135: Side-channel information leak in Intel TSX.

A side-channel information leak on some generations of Intel processors
could allow the leaking of internal microarchitectural buffers during
asynchronous aborts in a TSX transaction.  For CPUs that are vulnerable
to Microarchitectural Data Sampling, existing mitigations cover
CVE-2019-11135, for newer CPUs with hardware fixes for MDS, TSX is
transparently disabled.  On these newer CPUs, TSX functionality can be
restored by writing 0 to /sys/kernel/debug/x86/tsx_force_abort.


* CVE-2018-12207: Machine Check Exception on page size change.

A hardware bug in Intel x86 processors can result in a Machine Check Exception
when a page table mapping for currently executing instructions is changed. A
privileged user in a guest VM could use this flaw to crash the host, leading to
a denial-of-service.


* CVE-2019-19076: Memory leak when setting up traffic control in NFP4000/NFP6000 TC Flower offload driver.

Missing checks when setting up traffic control in NFP4000/NFP6000 TC
Flower offload driver fails could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* CVE-2019-19080: Memory leak on allocation failure in NFP4000/NFP6000 TC Flower offload driver.

A missing check on allocation failure in NFP4000/NFP6000 TC Flower
offload driver. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* CVE-2019-19081: Memory leak when initializing virtual NIC in NFP4000/NFP6000 TC Flower offload driver.

A missing check when initializing virtual NIC in NFP4000/NFP6000 TC
Flower offload driver fails could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* CVE-2019-18807: Memory leak in NXP SJA1105 Ethernet switch driver.

A logic error in NXP SJA1105 Ethernet switch driver could lead to a
memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* CVE-2019-0155: Privilege escalation in Intel i915 graphics driver.

Missing validation of MMIO commands to the Intel i915 device driver could
result in illicit page table modifications. An attacker could use this to
access sensitive information or elevate privileges.


* CVE-2019-0154: Denial-of-service in Intel i915 graphics driver.

Due to a hardware error, the Intel i915 device state could get corrupted.
A malicious user could use this to cause denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-19.10-updates mailing list