[Ksplice][Ubuntu-19.10-Updates] New Ksplice updates for Ubuntu 19.10 Eoan (USN-4225-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Jan 9 04:41:54 PST 2020 

Synopsis: USN-4225-1 can now be patched using Ksplice
CVEs: CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-16231 CVE-2019-18813 CVE-2019-19045 CVE-2019-19047 CVE-2019-19051 CVE-2019-19052 CVE-2019-19055 CVE-2019-19072 CVE-2019-19524 CVE-2019-19529 CVE-2019-19534 CVE-2019-19807

Systems running Ubuntu 19.10 Eoan can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4225-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 19.10
Eoan install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-19072: Memory leak when parsing tracing event filters.

A missing free of resources when parsing tracing event filters could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.


* CVE-2019-19807: Use-after-free when registering timer in ALSA driver.

A logic error when registering timer in ALSA driver fails could lead to
a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19052: Memory leak when opening USB Socket CAN device driver.

A missing free of resources when opening USB Socket CAN device driver
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19529: Use-after-free when disconnecting Microchip CAN BUS Analyzer device.

A logic error when disconnecting Microchip CAN BUS Analyzer device could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2019-19534: Information leak using PEAK PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD.

A missing zeroing of heap buffer passed to user space in PEAK
PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD driver could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* CVE-2019-19045: Memory leak when creating CQ in Mellanox Technologies Innova driver.

A missing free of resources when creating CQ in Mellanox Technologies
Innova driver fails could lead to a memory leak. A local attacker could
use this flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19047: Memory leak in Mellanox 5th generation network adapters core driver.

A missing free of resources in Mellanox 5th generation network adapters
core driver could lead to a memory leak. A local attacker could use this
flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-18813: Memory leak when registering USB DWC3 driver fails.

A missing free of resources in error path when registering USB dwc3
driver fails could lead to a memory leak. A local attacker could use
this flaw to leak information about running kernel and facilitate an
attack.


* CVE-2019-19051: Memory leak when changing power status of Intel Wireless WiMAX Connection 2400 driver.

A missing free of resources when changing power status of Intel Wireless
WiMAX Connection 2400 driver could lead to a memory leak. A local
attacker could use this flaw to leak information about running kernel
and facilitate an attack.


* CVE-2019-19524: Use-after-free when unregistering memoryless force-feedback driver.

A missing free of a timer when unregistering memoryless force-feedback
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-19055: Memory leak when retrieving FTM responder statistics in cfg80211 driver.

A missing free of resources when retrieving FTM responder statistics in
cfg80211 driver could lead to a memory leak. A local attacker could use
this flaw to leak information about running kernel and facilitate an
attack.


* CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver.

A logic error when receiving Country WLAN element in Marvell WiFi-Ex
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-14896, CVE-2019-14897: Denial-of-service when parsing BSS in Marvell 8xxx Libertas WLAN driver.

A missing check when parsing BSS in Marvell 8xxx Libertas WLAN driver
could lead to buffer overflows. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-14901: Denial-of-service when parsing TDLS action frame in Marvell WiFi-Ex driver.

Missing checks when parsing TDLS action frame in Marvell WiFi-Ex driver
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.


* Use of uninitialized memory when getting MTU of a NCM USB device.

A missing check when getting MTU of a NCM USB device could lead to a use
of uninitialized memory. A local attacker could use this flaw to cause a
denial-of-service.


* Invalid memory access when reading properties of NFC FDP I2C device.

A logic error when reading properties of Intel Fields Peak NFC over I2C
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* Double free in STMicroelectronics ST21NFCA NFC driver.

A logic error in STMicroelectronics ST21NFCA NFC driver could lead to a
double free. A local attacker could use this flaw to cause a denial-of-
service.


* Use-after-free when clearing capabilities of a freed inode in Ceph distributed file system.

A logic error when clearing capabilities of a freed inode in Ceph
distributed file system could lead to a use-after-free. A local attacker
could use this flaw to cause a denial-of-service.


* Use-after-free when disconnecting USB2CAN "8 devices".

A logic error when disconnecting USB2CAN "8 devices" could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.


* Double free when cleaning usb gadgets composite.

A logic error when cleaning usb gadgets composite could lead to a double
free. A local attacker could use this flaw to cause a denial-of-service.


* Memory leaks when setting ring parameters in Intel(R) PRO/1000 Gigabit Ethernet driver.

A logic error in error path when setting ring parameters in Intel(R)
PRO/1000 Gigabit Ethernet driver fails could lead to a memory leak.
A local attacker could use this flaw to exhaust kernel memory and cause
a denial-of-service.


* Kernel crash in OCFS2 direct IO cluster allocation.

Missing locking when allocating clusters during a direct IO operation
could result in triggering a kernel assertion and subsequent crash.


* Missing MDS and Spectre v2 mitigations on EIBRS supported CPUs.

On systems that support Enhanced IBRS (EIBRS), the mitigations could be
incorrectly set when toggling the symmetric multithreading (SMT) feature
at runtime.


* Information leak when binding ASIX AX88xxx Based USB 2.0 Ethernet driver.

A missing check when binding ASIX AX88xxx Based USB 2.0 Ethernet driver
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.


* Memory leaks when opening Serial / USB serial CAN Adaptors device.

A logic error in error path when opening Serial / USB serial CAN
Adaptors device fails could lead to memory leaks. A local attacker
could use this flaw to exhaust kernel memory and cause a denial-of-
service.


* Invalid memory accesses when looking up dentries in ecryptfs driver.

Logic errors when looking up dentries in ecryptfs driver could lead to
invalid memory accesses. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service by accessing /proc/pagetypeinfo.

Incorrect permission of /proc/pagetypeinfo could let an attacker read
this file in a loop and cause a denial-of-service.


* CVE-2019-16231: NULL pointer dereference when registering FUJITSU Extended Socket Network Device driver.

A missing check when registering FUJITSU Extended Socket Network Device
driver fails could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-19.10-updates mailing list