[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6648-1)

[Oracle Ksplice]

Synopsis: USN-6648-1 can now be patched using Ksplice
CVEs: CVE-2023-51781 CVE-2023-6915 CVE-2024-0565 CVE-2024-0646

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6648-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-0646: Out-of-bounds write in kernel TLS socket when spliced.

If splice() is called with a Kernel TLS socket as its destination, the
socket internal accounting structures remain uninitialized, which can
result in data being erroneously written to an invalid pointer. A
malicious user might be able to exploit this to overwrite arbitrary
kernel memory.


* CVE-2024-0565: Out-of-bounds access when reading encrypted SMB2 data.

When receiving SMB2 encryption information, the kernel CIFS client fails
to correctly validate the remote "NextCommand" field. A malicious server
might exploit this to cause a denial-of-service on the client.


* CVE-2023-6915: Double-free in kernel ID allocation library.

When allocating an ID via the kernel IDR library, if the ID created has
no nearby neighbors, a double-free can occur, resulting in a
NULL-pointer dereference. An attacker able to access code using this
library could potentially exploit this to cause a denial-of-service.


* CVE-2023-51781: Use-afer-free in AppleTalk ioctl.

AppleTalk ioctl calls can race with datagram reception causing a
use-after-free error. A local attacker can exploit this to cause
a denial-of-service or privilege escalation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.