[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6193-1)

[Oracle Ksplice]

Synopsis: USN-6193-1 can now be patched using Ksplice
CVEs: CVE-2023-35788

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6193-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.

Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.


* Note: Oracle will not provide a zero-downtime update for LP: #2023220.

A hardware flaw on Alder Lake and Raptor Lake CPU families could cause
the INVLPG instruction to fail to invalidate Global page entries
from the TLB cache when PCIDs (process-context identifiers) are enabled.
This vulnerability could allow an attacker to expose sensitive information
from the kernel or cause undefined behaviour.

Oracle has determined that applying the kernel mitigation for this
vulnerability on a running system would not be safe and recommends
rebooting with PCID disabled (nopcid on the kernel command line) if
using one of the affected processor models. The vendor is expected
to publish a microcode update to fix this issue at a later time.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.