[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-5917-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Tue Mar 14 00:24:53 UTC 2023 

Synopsis: USN-5917-1 can now be patched using Ksplice
CVEs: CVE-2022-2873 CVE-2022-3169 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3623 CVE-2022-36280 CVE-2022-3643 CVE-2022-41218 CVE-2022-4139 CVE-2022-42328 CVE-2022-42329 CVE-2022-4378 CVE-2022-47520 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-0615 CVE-2023-20938 CVE-2023-23454 CVE-2023-23455

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5917-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-3545: Use-after-free in Netronome Flow Processor Ethernet driver.

A logic flaw in error handling in Netronome Flow Processor Ethernet
driver could result in a use-after-free. A local attacker could use this
flaw for a denial-of-service or code execution.


* CVE-2022-3521: Denial-of-service in Kernel Connection Multiplexor.

A flaw in the implementation of Kernel Connection Multiplexor sockets
could lead to a race condition when releasing sockets in some situations.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2022-4139: Information disclosure in Intel HD Graphics Driver.

A flaw in Intel HD Graphics Driver when flushing translation lookaside
buffers could allow access to physical memory which might be already
assigned to a different process. A local user could use this flaw for
denial-of-service or information disclosure.


* CVE-2022-3435: Information disclosure in IPv4.

A flaw in ioctls of IPv4 could result in out-of-bounds read access.
A local user could use this flaw for information disclosure.


* CVE-2022-3169: Denial-of-service in NVM Express block device.

A flaw in ioctls of NVM Express block device could result in PCIe link
disconnect. A local user could use this flaw for a denial-of-service.


* CVE-2022-4378: Out-of-bounds memory access in sysctl.

A flaw parsing character strings in the sysctl subsystem when changing
kernel parameters can lead to a stack overflow. A local user could use
this flaw for a denial-of-service or arbitrary code execution.


* Improved update to CVE-2022-3643: Denial-of-host-service via malicious Xen netfront packet.

The Xen netback handler does not properly handle packets with protocol
headers that span multiple slots. A malicious guest might exploit this
to crash certain varieties of network interface on the host.


* CVE-2022-3623: Information disclosure in HugeTLB file system support.

A flaw in HugeTLB file system support when looking up a hugetlb page in
some situations could lead to a race condition. A local user could use
this flaw to cause a denial-of-service or information disclosure.


* CVE-2022-3424: Denial-of-service in SGI GRU driver.

A logic error when using SGI GRU driver could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2022-2873: Out-of-bounds memory access in iSMT.

A missing sanity check for a user controlled value in the Intel's iSMT
SMBus host controller driver when processing an SMBus command may lead
to a memory corruption by writing past the end of a buffer. A local
user could use this flaw for denial-of-service or code execution.


* CVE-2022-41218: Use-after-free in dvb-core device release path.

Improper locking during device release operations can lead to a
use-after-free error in the dvb-core driver.  This bug could be
exploited by a malicious local attack to cause a denial-of-service or to
escalate privileges.


* CVE-2022-36280: Out-of-bounds access in vmwgfs driver during cursor snoop.

A failure to validate cursor size data during a snoop operation can
lead to an out-of-bounds memory access.  A malicious local user could
exploit this flaw to escalate their privileges, or to cause a
denial-of-service.


* CVE-2023-23455: Denial-of-service in ATM Virtual Circuit queue operation.

A logic error during a queue operation in the sch_atm driver can result
in an invalid pointer access.  This flaw could be exploited by a local
attacker to cause a denial-of-service.


* CVE-2023-23454: Denial-of-service in CBQ packet scheduling.

When dropping a packet in Class-Based Queueing (CBQ) packet scheduling
algorithm, invalid data may be read. A local user can use this to cause
denial-of-service.


* CVE-2023-0045: Deficiency in existing speculative attack mitigation.

A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks.  This flaw could be exploited to leak information
from a running system.


* CVE-2022-47929: NULL dereference in traffic control subsystem.

Specially crafted network traffic can cause a NULL pointer dereference
in the network traffic control subsystem.  This flaw could be exploited
by a malicious local user to cause a denial-of-service.


* CVE-2023-0461: Use-after-free in Upper Level Protocol (ULP) subsystem.

Improper handling of sockets entering the LISTEN state can lead to
use-after-free. A local attacker could use this to cause denial-of-service or
execute arbitrary code.


* CVE-2023-0266: Use-after-free in ALSA PCM IOCTL processing.

Missing locks around certain operations can lead to a use-after-free
in the ALSA PCM driver.  This flaw could by exploited by a local
attacker to escalate their privileges.


* CVE-2023-0394: NULL dereference during IPv6 raw frame processing.

An arithmetic error when processing certain IPv6 header information can
lead to a NULL pointer dereference.  A malicious local user could
exploit this flaw to cause a denial-of-service.


* CVE-2022-47520: Out of bounds memory access in WILC1000 wireless driver.

Improper validation of a Robust Security Network element when parsing the
Basic Service Set of a WiFi network could lead to an out-of-bounds memory
access.  A rogue attacker in radio range could use this flaw to cause a
denial-of-service or get remote execution.


* CVE-2022-42328, CVE-2022-42329, XSA-424: Denial-of-service in Xen Netback driver.

A logic flaw in Xen Netback driver when trying to free the SKB of
a dropped packet in some situations could result in a deadlock.
A local user could use this flaw for a denial-of-service.


* CVE-2023-0461: Use-after-free in Upper Level Protocol.

A flaw in ULP when handling sockets entering the LISTEN state in certain
protocols may lead to a user-after-free. A local user could use this
flaw to cause a denial-of-service or elevate privileges on the system.


* CVE-2023-0615: Out-of-bounds memory access in the Virtual Video Test Driver.

Lack of boundary checks when adjusting the composing height could lead to
an out-of-bounds memory access.  A local user with the ability to send
IOCTL to the V4L2 VIVID driver could use this flaw to cause a
denial-of-service or elevate privileges.


* CVE-2023-20938: Use-after-free in the Android Binder deriver.

Lack of input validation in the Android Binder driver when releasing a
transaction buffer could lead to a user-after-free.  A local unprivileged
user could use this flaw to cause a denial-of-service or elevate its
privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list