[Ksplice][Ubuntu-20.10-Updates] New Ksplice updates for Ubuntu 20.10 Groovy (USN-4659-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Feb 10 08:30:45 PST 2021 

Synopsis: USN-4659-1 can now be patched using Ksplice
CVEs: CVE-2020-0423 CVE-2020-10135 CVE-2020-14351 CVE-2020-25705 CVE-2020-27152 CVE-2020-28915

Systems running Ubuntu 20.10 Groovy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4659-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.10
Groovy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-28915: Information leak due to out-of-bounds read in Framebuffer Console.

A flaw in the font handling code of the Framebuffer Console could lead to
an out-of-bounds read of kernel memory. A local attacker could use this
flaw to cause an information leak and the system's memory disclosure.


* CVE-2020-14351: Use-after-free in performance monitoring subsystem.

A race condition when freeing perf events could lead to a
use-after-free. A local attacker with permissions to monitor perf
events could use this to corrupt memory or possibly escalate privileges.


* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.

The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.


* CVE-2020-0423: Use-after-free in Binder IPC due to a race condition.

A race condition due to improper locking in the binder IPC
implementation could lead to a use-after-free. A local attacker could
use this flaw to cause a denial of service or possibly execute arbitrary
code.


* CVE-2020-10135: Bluetooth devices can be paired without proper credentials.

Logic errors in the Bluetooth pairing code path can allow unauthenticated users
to pair devices without proper credentials.  An attacker in close proximity to
a target system could use this flaw to pair malicious Bluetooth devices to that
system without proper authentication.


* CVE-2020-27152: Denial-of-service in virtualized IOAPIC driver.

A logic error when handling interrupt in the virtualized IOAPIC driver
could lead to an infinite loop on the hypervisor. A local attacker from
a guest could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.10-updates mailing list