[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-5091-1)

[Oracle Ksplice]

Synopsis: USN-5091-1 can now be patched using Ksplice
CVEs: CVE-2021-33624 CVE-2021-3573 CVE-2021-3679 CVE-2021-37576 CVE-2021-38160 CVE-2021-38199 CVE-2021-38204

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5091-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2021-38160: Privileges escalation in virtio-console due to a buffer overflow.

A missing sanity check in the virtio-console functionality could allow
a console client to write corrupted data to the console and cause
a buffer overflow. A local user could use this flaw for a denial of
service or privileges escalation.


* CVE-2021-38199: Denial-of-service in NFS due to incorrect connection-setup ordering.

Incorrect connection-setup ordering flaw in Network File System could
allow NFS server operator to cause a denial of service by arranging
for the server to be unreachable during trunking detection.


* CVE-2021-3679: Denial-of-service in kernel tracing subsystem.

A logic error when constructing certain calls to the kernel tracing
subsystem may lead to a deadloop.  This may allow a privileged local
user to cause a denial-of-service.


* CVE-2021-33624: Information disclosure in BPF due to type confusion.

A type confusion flaw in Berkeley Packet Filter could lead to a branch
misprediction and consequently an unprivileged BPF program can read
arbitrary memory locations via a side-channel attack.


* CVE-2021-38204: Denial-of-service in MAX3421 HCD (USB-over-SPI) support due to use-after-free.

A flaw in SPI write operations of MAX3421 HCD (USB-over-SPI) support
could lead to a use-after-free when removing a MAX-3421 USB device in
certain situations. A physically proximate attack could use this flaw
to cause a denial-of-service.


* Note: Oracle will not provide a zero-downtime update for CVE-2021-3573.

Improper handling of HCI device detach events in the bluetooth subsystem
could lead to a use-after-free. A privileged local user could use
this flaw to cause a denial-of-service or possibly execute arbitrary
code.

CVE-2021-3573 affects only the bluetooth subsystem and would require
CAP_NET_ADMIN privileges for exploiting the issue.

Oracle has determined that patching CVE-2021-3573 on a running system
would not be safe and therefore recommends affected hosts to reboot
into the newest kernel to mitigate the vulnerabilities.


* Out-of-bounds memory access in the proc pseudo-filesystem mem file.

An integer overflow in the proc pseudo-filesystem mem file could lead
to an out-of-bounds memory access. A local user with the permission to
ptrace a target process could use this flaw to bypass memory protections
to read/write otherwise protected memory areas.


* Note: Oracle has determined that CVE-2021-37576 is not applicable.

The kernel is not affected by CVE-2021-37576 since the code under
consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.