[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-4658-1)

[Roman Geller]

Synopsis: USN-4658-1 can now be patched using Ksplice
CVEs: CVE-2019-19036 CVE-2020-0423 CVE-2020-10135 CVE-2020-14351 CVE-2020-14390 CVE-2020-25211 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25705 CVE-2020-28915

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4658-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-25643: Memory corruption in WAN HDLC-PPP due to missing error checking.

A missing error handling code in WAN HDLC-PPP implementation could lead
to a memory corruption. A local user could use this flaw to cause
a denial-of-service or an arbitrary code execution.


* Use-after-free in the Infiniband driver when releasing resources.

Incorrect locking when releasing a timewait_info structure could lead to a
use-after-free.  A local user could use this flaw to cause a
denial-of-service or potentially escalate privileges.


* CVE-2020-28915: Information leak due to out-of-bounds read in Framebuffer Console.

A flaw in the font handling code of the Framebuffer Console could lead to
an out-of-bounds read of kernel memory. A local attacker could use this
flaw to cause an information leak and the system's memory disclosure.


* CVE-2020-25284: Permission bypass when creating or removing a Rados block device.

A non-comprehensive privilege check may allow to create or remove Rados
block devices.  A privileged in a user namespace with user id zero could
use this flaw to cause a denial-of-service.


* CVE-2020-25211: Denial-of-service in Netfilter due to out-of-bounds memory access.

A flaw in Netfilter framework implementation could lead to
a out-of-bounds memory access. A local user could use this flaw to cause
a system crash and a denial-of-service.

Orabug: 31872865


* CVE-2020-14390: Memory corruption when resizing the framebuffer.

A logic error when handling framebuffer resizing and scrollbacks could
lead to memory corruption.  A local user could use this to cause a
denial-of-service or possibly arbitrary code execution or privilege
escalation.


* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.

The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.


* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.

A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.


* CVE-2020-25645: Possible information leak between encrypted geneve endpoints.

A logic error may end up inadvertently transmitting data between two
geneve endpoints unencrypted. This may allow unintended parties to view
confidential network data.


* CVE-2019-19036: Denial-of-service during btrfs btree operations.

A logic error in the btrfs code path which handles btree operations can
lead to a kernel assertion being triggered, resulting in a system panic.
A local attacker could exploit this flaw using a crafted btrfs image to
cause a denial-of-service.


* CVE-2020-10135: Bluetooth devices can be paired without proper credentials.

Logic errors in the Bluetooth pairing code path can allow unauthenticated users
to pair devices without proper credentials.  An attacker in close proximity to
a target system could use this flaw to pair malicious Bluetooth devices to that
system without proper authentication.


* CVE-2020-0423: Use-after-free in Binder IPC due to a race condition.

A race condition due to improper locking in the binder IPC
implementation could lead to a use-after-free. A local attacker could
use this flaw to cause a denial of service or possibly execute arbitrary
code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.