[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (5.4.0-40.44)

[Sonja Schofield]

Synopsis: 5.4.0-40.44 can now be patched using Ksplice
CVEs: CVE-2020-0543 CVE-2020-10711 CVE-2020-12768 CVE-2020-12770 CVE-2020-13143

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu kernel update, 5.4.0-40.44.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-12768: Memory leak in KVM when initializing AMD SVM structures.

When initializing data structures for the AMD Secure Virtual Machine
extension to KVM, an unexpected error might result in a memory leak of
KVM data structures, potentially resulting in a denial-of-service.


* CVE-2020-10711: NULL pointer dereference when using CIPSO network packet labeling.

A logic error when receiving CIPSO network packets could lead to a NULL
pointer dereference. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2020-12770: Information leak/DoS in SCSI generic userspace write.

When copying data from userspace to a SCSI generic (sg) device, the
associated list entry is not properly removed, potentially causing a
denial-of-service or leaking sensitive kernel information.


* CVE-2020-13143: Out-of-bounds read when connecting to UDC.

When connecting via USB in gadget mode, the USB gadgetfs copies input
fields with strcpy, which can result in the copied buffers being smaller
than the originals. Accessing these new buffers can then result in an
out-of-bounds memory access, potentially leaking information or causing
a denial-of-service.


* Permission bypass when performing ptrace on processes.

A logic error in the exec code could lead to an unauthorized user being
able to ptrace and write to disk process memory.


* Denial-of-service in RDMA during uobject destruction.

A use-after-free condition can occur with multiple requests for a given
uobject within the RCU grace period.  This could be exploited to cause a
denial-of-service.


* Improved fix for CVE-2020-0543: Side-channel information leak using SRBDS.

A side-channel information leak on some generations of Intel processors
could allow the leaking of internal microarchitectural buffers used by
instructions like RDRAND, RDSEED and SGX EGETKEY.

Updated microcode is required for this vulnerability to be mitigated.

The status of the mitigation can be found using the following command:
$ cat /sys/devices/system/cpu/vulnerabilities/srbds

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.