[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-5668-1)

Thu Oct 27 14:32:42 UTC 2022

Synopsis: USN-5668-1 can now be patched using Ksplice
CVEs: CVE-2021-4159 CVE-2022-20369 CVE-2022-21505 CVE-2022-2318 CVE-2022-26373 CVE-2022-27666 CVE-2022-3176 CVE-2022-36879

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5668-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-27666: Privilege escalation in IPsec ESP transformation.

A logic flaw in the IPsec ESP transformation implementation could lead to
a heap buffer overflow. A local user could use this flaw to overwrite
kernel heap objects and cause privilege escalation.

* CVE-2022-21505: Lockdown bypass in Integrity Measurement Architecture.

A flaw in Integrity Measurement Architecture could allow kernel lockdown
bypass by using kexec when Secure Boot is disabled. A local user could
use this flaw for code execution.

* CVE-2022-20369: Privilege escalation in V4L2 memory to memory framework.

Improper input validation in the Video for Linux API version 2 subsystem
can lead to an out-of-bounds write. This could lead to a local
escalation of privilege.

* CVE-2022-2318: Privilege escalation in X.25 Packet Layer Protocol.

Improper reference counting in X.25 Packet Layer Protocol (Rose) could
lead to a use-after-free. A local unprivileged user could use this flaw
for privilege escalation.

* CVE-2022-36879: Denial-of-service in XFRM.

An incorrect reference counting flaw in IP framework for transforming
packets when manipulating XFRM policy entries could result in release
a resource before it is made available for re-use. A local user could
use this flaw for a denial-of-service.

* CVE-2022-3176: Denial-of-service is the io_uring subsystem.

A logic error when using io_uring poll mechanism with signal and binder
files could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.

* CVE-2021-4159: Information disclosure in eBPF verifier.

A flaw in eBPF verifier when handling internal data structures could
result in internal memory disclosure to userspace. A local user could
use this flaw for information disclosure.

* KPTI enablement for Ksplice.

* CVE-2022-26373: Information leak abusing x86 CPU return predictor.

A missing speculation trap after a VM exits to hypervisor could let an
attacker from the VM leak information about the hypervisor.
Kernels with CONFIG_RETPOLINE enabled are not affected by EIBRS
Post-barrier Return Stack Buffer but this update is still needed as a
memory barrier is missing in multiple speculation traps.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.