[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6417-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Tue Oct 24 00:23:09 UTC 2023 

Synopsis: USN-6417-1 can now be patched using Ksplice
CVEs: CVE-2021-4001 CVE-2023-1206 CVE-2023-3212 CVE-2023-3338 CVE-2023-3863 CVE-2023-4194

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6417-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-3212: NULL dereference in GFS2 file system.

On corrupt gfs2 file systems, the evict logic can dereference the journal
descriptor after it has been freed, leading to a NULL pointer dereference. A
local user with privileges can use this flaw to cause denial-of-service.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-1206.

Oracle has determined that patching CVE-2023-1206 on a running system
would not be safe and recommends a reboot.


* CVE-2023-4194: Permission bypass when using TUN/TAP device driver.

Usage of an incorrect permission attribute when opening a TAP or TUN device
could lead to a permission bypass. A local attacker could use this flaw
to bypass network filters and gain unauthorized access.


* CVE-2023-3863: Use-after-free in NFC subsystem.

Incorrect reference counting in the NFC subsystem could lead to a
use-after-free. This could allow a privileged local user to cause
a denial-of-service or leak information about the running kernel.


* CVE-2023-3338: Denial-of-service in DECnet.

Improperly initialized reference counter in DECnet may lead to a null
pointer dereference when sending a Hello message to a local DECnet
socket. A remote attacker could use this flaw to crash the system.


* CVE-2021-4001: Race condition in BPF verifier.

A race condition in the BPF verifier could allow a privileged local
user to modify read-only BPF maps. This flaw could be used to cause
out-of-bound access or other undefined behavior.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list