[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-5467-1)

Roman Geller roman.geller at oracle.com
Wed Jun 22 13:28:40 UTC 2022 

Synopsis: USN-5467-1 can now be patched using Ksplice
CVEs: CVE-2021-3772 CVE-2021-4197 CVE-2022-1011 CVE-2022-1158 
CVE-2022-1198 CVE-2022-1353 CVE-2022-1516 CVE-2022-1966 CVE-2022-21499 
CVE-2022-24958 CVE-2022-26966 CVE-2022-28356 CVE-2022-28389 
CVE-2022-28390 CVE-2022-32250, XSA-396, CVE-2022-23040, CVE-2022-23036, 
CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23041, 
CVE-2022-23042

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5467-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-24958: Use-after-free in USB Gadget file system.

A bad error handling in configuration writing of the USB Gadget file
system could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service or execute arbitrary code.


* CVE-2022-26966: Information leak by the USB2NET SR9700 device driver.

The driver for SR9700 based USB ethernet devices does not correctly sanitize
packets allowing badly formatted packets to potentially leak information to
user space.


* CVE-2022-21499: Privilege escalation in the kernel debug subsystem.

Insufficient protection checks in the kernel debug subsystem when using KGDB
and KDB allow reads and writes to kernel memory during kernel lockdown. A
remote attacker with access to a serial port (for example, via a hypervisor
console) could use the debugger to escalate privileges.


* CVE-2022-28390: Code execution in EMS CPC-USB/ARM7 CAN/USB interface.

A double-free flaw in data transmission path of EMS CPC-USB/ARM7 CAN/USB
interface could result in memory leaks and data corruption. A local user
could use this flaw for a denial-of-service or code execution.


* CVE-2021-3772: Denial-of-service in SCTP Protocol.

Improper verification of connection tags in SCTP Protocol could allow
a remote attacker to kill existing SCTP associations by sending packets
with spoofed IP addresses. A remote attacker could use this flaw to
cause a denial-of-service.


* CVE-2022-28356: Denial-of-service in 802.2 LLC type 2 driver.

A reference counting flaw in socket binding of the 802.2 LLC type 2
driver could happen in some error conditions. A local user could use
this flaw to cause a denial-of-service.


* CVE-2022-1353: Information disclosure in PF_KEY sockets.

A logic flaw in PF_KEY sockets during SKB buffer allocation and
initialization could result in improper memory initialization. A local,
unprivileged user could use this flaw for denial-of-service or
information disclosure.


* CVE-2022-1198: Use-after-free in Serial port 6PACK driver.

A logic flaw in the Serial port 6PACK driver when closing the device
could lead to a use-after-free. A local user could use this flaw for
denial-of-service or code execution.


* CVE-2022-1516: Denial-of-service in X.25 network protocol.

A flaw in the X.25 network protocol when handling link layer events
could result in NULL pointer dereference. A local user could use this
flaw for a denial-of-service.


* CVE-2022-28389: Double-free in Microchip CAN BUS Analyzer interface.

A flaw in error handling of Microchip CAN BUS Analyzer interface could
lead to a double-free. A local user could use this flaw to cause
a denial-of-service or code execution.


* Out-of-bounds read access in NetLabel subsystem when mapping a label.

A logic flaw in bitmap implementation of NetLabel subsystem could
result in out-of-bounds read access when mapping a label. A local user
could use this flaw for denial-of-service or information disclosure.


* CVE-2022-1158: Use-after-free in the KVM subsystem.

A flaw in the KVM subsystem may allow a guest virtual machine to
trigger a use-after-free exception. This may lead to denial-of-service
and possible loss of system confidentiality.


* Out-of-bounds write access in Atheros 802.11abg PCI driver when 
parsing EEPROM data.

A missing sanity check in parsing EEPROM data of Atheros 802.11abg PCI
driver could lead to out-of-bounds write access. A local user could
use this flaw for a denial-of service or code execution.


* CVE-2022-1966, CVE-2022-32250: Code execution in Netfilter due to 
use-after-free.

A flaw in nftables API of the Netfilter subsystem when removing stateful
expressions could result in a use-after-free. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.


* CVE-2022-1011: Use-after-free in FUSE file system.

A logic flaw in FUSE file system when writing to the file system device
could result in a use-after-free. A local user could use this flaw to
cause a denial-of-service or code execution.


* CVE-2021-4197: Privilege escalation in Control Groups.

A flaw in permission checks of Control Groups subsystem could allow
an unprivileged write to the file handler. A local user could use this
flaw for a denial-of-service or privilege escalation.

* Note: Oracle will not provide a zero-downtime update for XSA-396, 
CVE-2022-23040, CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, 
CVE-2022-23039, CVE-2022-23041, and CVE-2022-23042.

Oracle has determined that patching XSA-396 (CVE-2022-23040,
CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039,
CVE-2022-23041, and CVE-2022-23042) would not be safe and recommends
a reboot if Xen PV frontend devices are used with an untrusted PV
backend.

Hosts without any Xen frontend driver loaded are not affected by this
issue.

According to our audits, our customers are not affected by this
issue.

SUPPORT


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list