[Ksplice][Ubuntu-19.10-Updates] New Ksplice updates for Ubuntu 19.10 Eoan (USN-4284-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Feb 20 13:18:33 PST 2020 

Synopsis: USN-4284-1 can now be patched using Ksplice
CVEs: CVE-2019-15099 CVE-2019-15291 CVE-2019-16229 CVE-2019-16232 CVE-2019-18683 CVE-2019-18786 CVE-2019-18811 CVE-2019-19037 CVE-2019-19050 CVE-2019-19056 CVE-2019-19057 CVE-2019-19063 CVE-2019-19070 CVE-2019-19071 CVE-2019-19077 CVE-2019-19078 CVE-2019-19082 CVE-2019-19241 CVE-2019-19252 CVE-2019-19332 CVE-2019-19602 CVE-2019-19767 CVE-2019-19947 CVE-2019-19965

Systems running Ubuntu 19.10 Eoan can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4284-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 19.10
Eoan install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-15291: Denial-of-service in B2C2 FlexCop driver probing.

Incorrect device validation when probing a B2C2 FlexCop driver could
result in a NULL pointer dereference and kernel crash.  A local user
with the ability to insert USB devices could use this flaw to crash the
system.


* CVE-2019-19050: Denial-of-service in the crypto subsystem.

Incomplete error handling while reporting statistics through procfs
in the crypto subsystem leads to memory leak. An unprivileged local
user could exploit this to exhaust kernel memory and cause a
denial-of-service.


* CVE-2019-19071: Denial-of-service in the Redpine wifi driver.

Incomplete error handling when preparing management frame fails in the
Redpine wifi module driver leads to memory leak. An attacker could
exploit this to cause a denial-of-service.


* CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting.

A failure to correctly validate a request for KVM cpuid emulation
information can lead to an out-of-bounds memory access, leading to a
kernel crash. A local user with the ability to use KVM could use this
flaw to cause a denial-of-service.


* CVE-2019-19078: Memory leak when using Atheros 802.11ac wireless cards.

A logic error when initializing Atheros 802.11ac wireless cards could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19063: Denial-of-service in the rtlwifi driver.

A bug in the error path during initialization in rtlwifi USB driver leads
to memory leak. An attacker with physical access may possibly exploit
this bug to cause a denial-of-service.


* CVE-2019-19056, CVE-2019-19057: Denial-of-service in the Marvell mwifiex PCIe driver.

Failure to handle error during initialization of Marvell mwifiex PCIe
driver leads to memory leak. An attacker could exploit this to exhaust
kernel memory that eventually may cause a denial-of-service.


* CVE-2019-19947: Information leak in CAN Kvaser memory allocations.

Missing clearing of memory allocations could result in an information
leak of kernel heap memory to user-space.


* CVE-2019-19965: NULL-pointer dereference when discovering SCSI ports.

A flaw in the libsas library used by SCSI devices could trigger a race
condition, resulting in a NULL-pointer dereference and
denial-of-service when a SCSI device was added.


* CVE-2019-19767: Use-after-free in with malformed ext4 filesystems.

Missing error handling in the ext4 inode size handling code could result
in a use-after-free and kernel crash.  A malformed ext4 filesystem could
crash the system at mount time.


* CVE-2019-19070: Memory leak when registering GPIO-based bitbanging SPI Master driver.

A missing free of resources when registering GPIO-based bitbanging SPI
Master driver fails could lead to a memory leak. A local attacker could
use this flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19037: Denial-of-service when handling empty directories in ext4 filesystem.

A logic error when handling empty directories in ext4 filesystem with
holes could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-19082: Memory leak when creating memory pool in AMD Display driver.

A missing free of resources when creating memory pools in AMD Display
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19077: Memory leak when creating SRQ in Broadcom Netxtreme HCA driver.

A logic error when creating SRQ in Broadcom Netxtreme HCA driver fails
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19602: Memory corruption when using Floating Point Unit.

A logic error in the handling of FPU registers during context switches
could cause a memory corruption. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-19241: Permission bypass when using IO Uring.

A logic error when checking credentials in IO Uring interface could lead
to a permission bypass. A local attacker could use this flaw to escalate
privileges.


* NULL-pointer dereference when failing to bind socket for iSCSI connection.

The iSCSI initiator mode handler does not properly check that the
sockets it creates are correctly bound before use. An error in this path
could result in a NULL-pointer dereference and denial-of-service.


* Permissions bypass when using EVENT_FORK with userfaultfd.

The userfault feature UFFD_EVENT_FORK might be exploitable to read file
descriptors with elevated privileges, and should therefore be restricted
to users with CAP_SYS_PTRACE.


* Out-of-bounds read in netfilter ebtables validation.

When parsing netfilter ebtables entries, structure padding is not
properly computed, potentially allowing an entry to trigger an
out-of-bounds read.


* Sending TCP packet with empty skb might cause denial-of-service.

A race condition when sending TCP packets might cause sendmsg() to
dispatch a packet backed by an empty kernel memory buffer, resulting
in a kernel crash and denial-of-service.


* Missing configuration validation for GTP-U causes denial-of-service.

The hashtable size parameter for the GRPS Tunneling Protocol driver is
not properly checked. Setting the IFLA_GTP_PDP_HASHSIZE attribute to
zero could result in a kernel panic and denial-of-service.


* Kernel crash in MPT3SAS when HBA doesn't support NVMe protocol.

If any faulty application issues an NVMe Encapsulated commands to HBA which
doesn't support NVMe protocol then a kernel crash might happen due to missing
error handling.


* Deadlock in fibre channel driver when aborting transaction.

When a transaction on a fibre channel connection is interrupted,
improper locking could result in a deadlock when attempting to handle
the error condition.


* Use-after-free of reservation when target mode iSCSI session is closed.

When connected to an iSCSI initiator that has requested persistent
reservations, the associated reservations are not properly destroyed
when the session is closed. These dangling reservations can then be
read, resulting in a use-after-free.


* Use-after-free when failing to create iclog when mounting XFS image.

When mounting an XFS image, a failure to create the in-core log
structure could result in a use-after-free and kernel crash. A malicious
image might be able to exploit this issue to create a denial-of-service
if mounted.


* CVE-2019-15099: NULL pointer dereference when sending data over Atheros ath10k USB device.

A missing check on a USB buffer when sending data over Atheros ath10k
USB device could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2019-16229: NULL pointer dereference when initializing interrupt in AMD GPU driver.

A missing check when initializing interrupt in AMD GPU driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-16232: NULL pointer dereference when registering Marvell Libertas 8385/8686/8688 SDIO 802.11b/g cards.

A missing check when registering Marvell Libertas 8385/8686/8688 SDIO
802.11b/g cards could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2019-18683: Privilege escalation in Virtual Video Test driver.

A locking error in Virtual Video Test driver could lead to a race
condition and use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2019-18786: Information leak in the Renesas Digital Radio Interface.

A missing zeroing of kernel memory in the  Renesas Digital Radio
Interface could let an attacker leak information about running kernel
and facilitate an attack.


* CVE-2019-18811: Memory leak when using IPC in Sound Open Firmware driver.

A missing free of resources when using IPC in Sound Open Firmware driver
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19252: Denial-of-service when using Virtual terminal driver.

A missing write restriction when using Virtual terminal driver could let
an attacker cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-19.10-updates mailing list