[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6702-1)

[Oracle Ksplice]

Synopsis: USN-6702-1 can now be patched using Ksplice
CVEs: CVE-2023-23000 CVE-2023-23004 CVE-2024-1086 CVE-2024-24855

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6702-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-1086: Privilege escalation in netfilter subsystem.

Missing check on user input in netfilter subsystem could lead to a
double free. A local attacker could use this flaw to cause a denial-
of-service or escalate privilege.


* CVE-2024-24855: Denial-of-service when using scsi device driver.

A locking error when using scsi device driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Note: Oracle has determined that CVE-2023-23004 is not applicable.

Incorrect logic in the ARM Mali Display Processor driver may cause incorrect
error handling in its plane manipulation routines. This can lead to memory
corruption.

The kernel is not affected by CVE-2023-23004 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2023-23000 is not applicable.

A logic error when handling error conditions in NVIDIA Tegra XUSB pad
controller driver could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.

The kernel is not affected by CVE-2023-23000 since the code under
consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.