[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6462-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Fri Nov 17 05:21:53 UTC 2023 

Synopsis: USN-6462-1 can now be patched using Ksplice
CVEs: CVE-2023-0597 CVE-2023-31083 CVE-2023-3772 CVE-2023-4132

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6462-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-3772: Denial-of-service in the IP framework for transforming packets.

A missing check in the IP framework for transforming packets could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2023-4132: Use-after-free in Siano MDTV reciever driver.

A logic error in the smsusb driver can lead to a use-after-free
scenario.  This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.


* CVE-2023-31083: Denial-of-service in Bluetooth HCI UART driver.

A race condition in Bluetooth HCI UART driver between HCIUARTSETPROTO and
HCIUARTGETPROTO ioctl commands may lead to a null pointer dereference.
A local user could use this flaw to cause a system crash.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-0597.

The lack of address randomization for the kernel per-cpu entry area could
allow an unprivileged user to guess the location of the kernel's CPU
exception stacks or other important data structures to aid certain types
of attacks targeting the kernel which require address space layout
determinism.

Oracle has determined that enabling address randomization for per-cpu
entry area on a running system would not be safe and recommends
a reboot if such mitigation is required.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list