[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6340-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Mon Oct 2 09:21:07 UTC 2023 

Synopsis: USN-6340-1 can now be patched using Ksplice
CVEs: CVE-2022-39189 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-2002 CVE-2023-21255 CVE-2023-2163 CVE-2023-2269 CVE-2023-2513 CVE-2023-31084 CVE-2023-3268 CVE-2023-34256 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6340-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-3268: Out-of-bounds memory access in kernel-userspace relay file support.

An out-of-bounds memory access error exists in the kernel->userspace relay
support. This could allow a local attacker to crash the system or leak
kernel internal information.


* CVE-2023-31084: Potential deadlock during DVB driver event processing.

An incorrect use of a semaphore can potentially cause a deadlock in the
DVB core driver.  This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.


* CVE-2023-2163: Out-of-bounds memory access in BPF program verifier.

A flaw in the BPF verifier may allow a BPF program path to be
prematurely marked as safe, potentially leading to an out-of-bounds
read or write access. An attacker could use this flaw for
denial-of-service or arbitrary code execution.


* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.

An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted.  This can allow
escalation of privileges, denial-of-service and information leak.


* CVE-2023-35824: Use-after-free during dm1105 device removal.

A race condition in the dm1105 driver's device removal path can result
in a use-after-free.  This flaw could be exploited by a local attacker
to cause a denial-of-service or other unexpected behavior.


* CVE-2023-35823: Use-after-free in Philips SAA7134 TV card driver.

Incorrect cleanup logic in the saa7134 driver can cause a use-after-free
when the device is removed. This can allow a user with physical access
to escalate privileges or cause undefined behavior.


* Note: Oracle has determined that CVE-2023-35828 is not applicable.

A race condition in the Linux kernel's Renesas USB3.0 controller when
removing the module before cleanup could lead to a use after free error.
A local privileged attacker could use this flaw to cause denial of
service.

The kernel is not affected by CVE-2023-35828 since the code under
consideration is not compiled.


* CVE-2023-2269: Denial-of-service in Device Mapper-Multipathing subsystem.

A possible recursive locking scenario in Linux Kernel Device Mapper
Multipathing subsystem can lead to a deadlock. A local user can use
this flaw to cause denial of service.


* CVE-2023-34256: Out-of-bounds read in ext4 checksum handling.

An arithmetic error in a checksum generation routine in the ext4 driver
can lead to an out-of-bounds read.  This flaw could be exploited by a
malicious local user to leak sensitive information or to aid in another
type of attack.


* CVE-2023-21255: Use-after-free in Android Binder IPC driver.

A possible use-after-free in the binder kernel driver could lead to a
memory corruption. A local attacker could use this flaw to escalate
privileges.


* CVE-2023-2513: Use-after-free during ext4 extended attribute operations.

A logic error when setting certain extended attributes on an ext4
filesystem can result in a use-after-free scenario.  This flaw could be
exploited by a malicious local attacker to cause a denial-of-service or
to aid in another type of attack.


* CVE-2022-45887: Memory leak in Technotrend/Hauppauge USB DEC driver.

A memory leak in the Technotrend/Hauppauge USB DEC driver can occur
when a device is disconnected. A local attacker can use this flaw
to cause a denial-of-service.


* CVE-2022-39189: Privilege escalation in Kernel-based Virtual Machine.

A flaw in KVM instruction emulation could allow unprivileged guest
userspace access to guest kernel memory through stale TLB translations.
An unprivileged guest user could use this flaw to cause a
denial-of-service or gain arbitrary code execution in a guest VM.


* CVE-2022-45886: Use-after-free in DVB Core driver.

A race condition in the network component of the DVB Core driver can
lead to a use-after-free when a device is disconnected. A local user
can exploit this flaw to cause a denial-of-service or potentially
escalate their privileges.


* CVE-2022-45919: Use-after-free in DVB EN50221 driver.

A race condition in the network component of the DVB EN50221 driver can
lead to a use-after-free when the device is disconnected. A local user
might exploit this flaw to cause a denial-of-service or potentially
escalate their privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list