[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-5338-1)

Thu Mar 24 14:46:45 UTC 2022

Synopsis: USN-5338-1 can now be patched using Ksplice
CVEs: CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-4135 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5338-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2021-45469: Out-of-bounds memory access in Flash-Friendly File System.

An inadequate error handling flaw in Flash-Friendly File System could
lead to an out-of-bounds memory access when an inode has an invalid last
xattr entry. A local user could use this flaw for code execution or
denial-of-service.

* Note: Oracle will not provide a zero-downtime update for CVE-2021-28714 (XSA-392) and CVE-2021-28715.

CVE-2021-28714 (XSA-392) and CVE-2021-28715 are both scored CVSSv3 6.5
and are present in the Xen backend driver. Both CVEs allow guest to hog
large amounts of kernel memory to potentially cause a denial-of-service.

Hosts without the Xen backend driver loaded are not affected by this
issue.

Oracle has determined that patching CVE-2021-28714 (XSA-392) and
CVE-2021-28715 on a running system would not be safe and recommends
a reboot if the Xen backend driver is used.

* Note: Oracle has determined that CVE-2021-44733 is not applicable.

A race condition flaw could happen in a Trusted Execution Environment
(TEE) during an attempt to free a shared memory object leading to
a use-after-free.

According to our audits most customers are not affected by this
vulnerability because they are not using the TEE kernel module.

The kernel is not affected by CVE-2021-44733 since the code under
consideration is not compiled.

* Note: Oracle will not provide a zero-downtime update for CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 and XSA-391.

CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 and XSA-391 are scored
CVSSv3 6.2 and are present in the Xen hypervisor subsystem. The CVEs
allow guest to call some interrupts with high frequency to potentially
cause a denial-of-service.

Hosts that don't use the Xen hypervisor subsystem are not affected by
this issue.

Oracle has determined that patching CVE-2021-28711, CVE-2021-28712,
CVE-2021-28713 and XSA-391 on a running system would not be safe and
recommends a reboot if the Xen hypervisor subsystem is used.

* CVE-2022-0847: Privilege escalation in pipe buffers.

A flaw in the initialization of pipe buffers may allow reading of
stale data from the underlying page cache.  A local user could use
this flaw to write to read-only files or escalate privileges.

* CVE-2021-45095: Denial-of-service in Phone Network protocol due to memory leaks.

A reference counting flaw in the Phone Network protocol functionality
when handling an error condition could lead to memory leaks. A local
user could use this flaw to cause a denial-of-service.

* CVE-2022-0435: Denial-of-service in Transparent Inter-Process Communication protocol.

A buffer overflow flaw in The Transparent Inter-Process Communication
protocol could lead to crash in systems that have a TIPC bearer
configured. A remote attacker could use this flaw to cause a denial of
service.

* CVE-2022-0492: Privilege escalation in Control Groups feature.

A missing capabilities check flaw in the Control Groups feature when
setting release_agent in the initial user namespace could result in
bypassing namespace isolation. A local user could use this flaw to
escalate privilege.

* CVE-2021-43976: Malicious Marvell mwifiex USB device causes DoS.

Incorrect handling of packet buffers received from a Marvell mwifiex USB
device could result in a kernel assertion failure. A malicious device
might exploit this to crash the kernel.

* CVE-2021-4135: Information disclosure in Simulated Networking Device.

Improper memory initialization in the eBPF for the Simulated Networking
Device Driver in certain situations could allow unauthorized access to
sensitive information. A local user could use this flaw for information
disclosure.

* CVE-2021-45480: Denial-of-service in Reliable Datagram Socket.

A memory leak flaw in code cleanup of the Reliable Datagram Socket
protocol implementation in TCP could happen in some error condition
situations due to improper memory deallocation. A local user could
use this flaw to cause a denial-of-service.

* Note: Oracle has determined that CVE-2022-0516 is not applicable.

The kernel is not affected by CVE-2022-0516 since the code under
consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.