[Ksplice][Ubuntu-19.10-Updates] New Ksplice updates for Ubuntu 19.10 Eoan (USN-4369-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Jun 23 08:11:08 PDT 2020 

Synopsis: USN-4369-1 can now be patched using Ksplice
CVEs: CVE-2019-19377 CVE-2019-19769 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-12657 CVE-2020-12826 CVE-2020-8835

Systems running Ubuntu 19.10 Eoan can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4369-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 19.10
Eoan install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-12826: Privilege escalation in process signal handling.

A logic error in the way signal are passed from child to parent could
lead to a child sending any signal to a parent. A local attacker could
use this flaw to escalate privileges.


* Use-after-free when getting node list/status in High-availability Seamless Redundancy driver.

A locking error when getting node list/status in High-availability
Seamless Redundancy driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2020-11608: NULL pointer dereference when initializing USB GSPCA based webcams.

A missing check on exposed endpoint numbers from USB GSPCA based webcams
could lead to a NULL pointer dereference. A local attacker could use a
malicious USB device to cause a denial-of-service.


* Improved fix for CVE-2020-8835: Privileges escalation in BPF verifier code.

A logic error in the BPF verifier code could lead to incorrect bounds
calculation. A local attacker could use this flaw to leak information
about running kernel or escalate privileges.


* CVE-2020-11609: NULL pointer dereference when initializing STV06XX USB Camera device.

A missing check on USB endpoints when initializing STV06XX USB Camera
device could lead to a NULL pointer dereference. A local attacker could
use this flaw and a malicious USB device to cause a denial-of-service.


* Invalid memory access when using IEEE 802.1AE MAC-level encryption.

A missing check when registering a new link in IEEE 802.1AE MAC-level
encryption driver could lead to an invalid memory access. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2020-11494: Information leak in serial line CAN device communication.

When communicating with a CAN device over serial, a buffer structure is
transmitted without proper sanitization, potentially exposing stack
memory over the network.


* NULL pointer dereference when using TCP_QUEUE_SEQ socket option.

A logic error when using using TCP_QUEUE_SEQ socket option could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Invalid memory access when using Speakup screen reader.

A logic error when using Speakup screen reader could lead to an invalid
memory access. A local attacker could use this flaw to cause a denial-
of-service.


* Denial-of-service when creating queue pairs in Mellanox Connect-IB HCA driver.

A missing check on user capabilities when creating queue pairs in
Mellanox Connect-IB HCA driver could allow a malicious user to prevent
receiving more data over Mellanox Connect-IB HCA driver.


* Denial-of-service when adding High-availability Seamless Redundancy device.

A logic error when adding High-availability Seamless Redundancy device
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2020-11668: NULL pointer dereference when initializing Xirlink C-It USB camera device.

A missing check on USB endpoints when initializing Xirlink C-It USB
camera device could lead to a NULL pointer dereference. A local attacker
could use this flaw and a malicious USB device to cause a
denial-of-service.


* Out-of-bounds access on tcindex change in network packet classifier.

A logic error when changing tcindex in network packet classifier could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.


* Deadlock when receiving data over Line 6 POD USB device.

A logic error when receiving data over Line 6 POD USB device could lead
to a deadlock. A local attacker could use this flaw and a malicious USB
device to cause a denial-of-service.


* Out-of-bounds access when using Transformation user configuration interface.

A missing check on user input when using Transformation user
configuration interface could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.


* Use-after-free when changing route in route4 classifier driver.

A logic error when changing route in route4 classifier driver could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19377: Use-after-free when unmounting a BTRFS image.

A logic error when unmounting a BTRFS image could lead to a use-after-
free. A local attacker could use this flaw and a crafted BTRFS image to
cause a denial-of-service.


* CVE-2019-19769: Use-after-free in POSIX file locking API.

A logic error in POSIX file locking API could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2020-11565: Out-of-bounds access when mounting tmpfs.

A missing check on mpol mount option when mounting tmpfs could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* Data corruption in the HFS+ filesystem when deleting files.

A bug in extended attribute handling in the HFS+ filesystem causes
on-disk data corrutpion when deleting files. This could lead to
inadvertent data loss.


* Denial-of-service when processing a write request in NFS.

A bug in the NFS filesystem leads to memory leak when processing write
requests. An attacker may exploit this to exhaust kernel memory and
cause a denial-of-service.


* Use-after-free when tearing down SCTP queue.

A reference counting bug in the SCTP protocol leads to a use-after-free
in while tearing down outgoing queue. An attacker could exploit this bug
to cause a denial-of-service.


* Denial-of-service when processing delayed work in btrfs.

Incorrect locking in the btrfs filesystem when running delayed items
could lead to a deadlock. An attacker could exploit this bug to cause
a denial-of-service.


* Denial-of-service when performing fsync in btrfs filesystem.

Failing to release a lock in the after an fsync leads to deadlock in the
btrfs filesystem. An attacker could exploit this bug to cause a
denial-of-service.


* Denial-of-service during address resolution in the rdma driver.

Inadequate error handling in the rdma subsystem leads to a NULL pointer
dereference during address resolution. An attacker may exploit this bug
to cause a denial-of-service.


* Data-race when writing to an inode in ext4 filesystem.

A concurrency bug in the ext4 filesystem causes data race when writing
to an inode. This could lead to data corruption and inadvertent
data loss.


* Denial-of-service when performing fallocate in ocfs2 silesystem.

Incorrect handling of the fallocate syscall in the ocfs2 filesystem
could trigger a kernel BUG. An attacker could exploit this to cause a
denial-of-service.


* Data corruption in the gfs2 filesystem.

A data race in the gfs2 filesystem due to inadequate exclusion could
lead to permanent data corruption after transient error. This could lead
to inadvertent data loss.


* CVE-2020-12657: Use-after-free in BFD I/O scheduler subsystem.

A race condition in the BFD I/O scheduler subsystem when clearing queue
leads to a use-after-free bug. An attacker may exploit this bug to cause
a denial-of-service.


* Information leak when using tty TIOCGSERIAL ioctl with 32 bits userspace.

A missing zeroing of uninitialized data when using tty TIOCGSERIAL ioctl
with 32 bits userspace could lead to an information leak. A local
attacker could use this flaw to leak information about running kernel
and facilitate an attack.


* Use-after-free when destroying Traffic-Control Index.

A locking error when destroying Traffic-Control Index could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.


* NULL pointer dereference when sending packets over InfiniBand userspace MAD driver.

A missing check on umad interface when sending packets over InfiniBand
userspace MAD driver could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds access when specifying a large tag in dm integrity.

A logic error when a user specify a tag with a very large size could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-19.10-updates mailing list