[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6251-1)

[Oracle Ksplice]

Synopsis: USN-6251-1 can now be patched using Ksplice
CVEs: CVE-2023-3090 CVE-2023-32629 CVE-2023-3390 CVE-2023-35001

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6251-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.

A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.


* CVE-2023-3390: Use-after-free in Netfilter nf_tables packet classification framework.

Incorrect error path handling with NFT_MSG_NEWRULE in the Netfilter
nf_tables packet classification framework can lead to a use-after-free.
This can allow a local unprivileged user to perform arbitrary access to
kernel memory and escalate privileges.


* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.

A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack.  This flaw could be exploited in a
local attack to cause a denial of service or other undefined behavior.


* CVE-2023-32629: Privilege escalation in overlay filesystem.

The overlay filesystem implementation did not properly perform permission
checks in some cases while handling extended attributes. A local attacker
could potentially use this flaw to escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.