[Ksplice][Ubuntu-20.10-Updates] New Ksplice updates for Ubuntu 20.10 Groovy (USN-4949-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Jun 8 13:23:24 PDT 2021 

Synopsis: USN-4949-1 can now be patched using Ksplice
CVEs: CVE-2020-25639 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-28375 CVE-2021-29264 CVE-2021-29265 CVE-2021-29266 CVE-2021-29646 CVE-2021-29650 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491

Systems running Ubuntu 20.10 Groovy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4949-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.10
Groovy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2021-26932, XSA-361: Denial-of-host-service by malicious Xen frontend.

Batched mapping operations can be potentially mishandled by the Linux
Xen backend, resulting in incorrectly reported success or failure of the
operation. Running a malicious or buggy frontend could result in a
denial-of-service on the host.


* CVE-2020-25639: Denial-of-service in ioctls of Nouveau graphics driver.

A bad error handling in ioctls of Nouveau graphics driver could result
in a system crash. A local, unprivileged user could use this flaw to
cause a denial-of-service.


* CVE-2021-29265: Denial-of-service in usbip driver due to race conditions.

Race conditions in the stub-up sequence of the usbip driver during
an update of the local and shared status could lead to a system crash.
A local attacker could use this flaw to cause a Denial-of-service.


* CVE-2021-26931, XSA-362: Mishandling of errors causes DoS of Xen backend.

Several error conditions in the scsi, block, and net Xen backend drivers
incorrectly cause kernel assertion failures. A malicious or buggy Xen
frontend might trigger these conditions, causing a denial-of-service in the
host.


* CVE-2021-26930, XSA-365: Bad error handing of blkback grant references.

The Xen blkback driver can incorrectly ignore errors when mapping grant
references, potentially reporting a false success, and causing unmapped
memory to be accessed. Hosting a malicious or buggy frontend driver
might result in a denial-of-service on the host.


* CVE-2021-29646: Code execution in TIPC protocol due to a buffer overflow.

An improper user input validation in tipc_nl_retrieve_key function of
the TIPC protocol could result in a buffer overflow. A local user could
use this flaw to cause a denial-of-service or possibly execute arbitrary
code.


* CVE-2021-29266: Use-after-free in Vhost when reopening a character device.

A flaw in the Vhost implementation could lead to a use-after-free memory
corruption when reopening a character device. A local user could use
this flaw to cause a denial-of-service or possibly execute arbitrary
code.


* Note: Oracle has determined that CVE-2021-29264 is not applicable.

Oracle has determined that CVE-2021-29264 is not applicable to this
kernel configuration. Applying the patch has no resulting changes
in the generated object files.


* CVE-2021-29650: Denial-of-service in Netfilter due to incorrect memory barrier.

Lack of a full memory barrier upon the assignment of a new table value
in the Netfilter subsystem could result in a system crash. A local user
could use this flaw to cause a denial-of-service.


* Note: Oracle has determined that CVE-2021-28375 is not applicable.

Oracle has determined that CVE-2021-28375 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.


* CVE-2021-3489: Denial-of-service in BPF due to lacking ring buffer validation.

A malicious BPF program could leverage flaws in the BPF ring buffer
implementation to cause a denial-of-service or potentially execute
arbitrary code.


* CVE-2021-3490: Denial-of-service in BPF verifier for some bitwise operations.

A malicious BPF program could leverage BPF verifier flaws related to some
bitwise operations to cause a denial-of-service or potentially execute
arbitrary code.


* CVE-2021-3491: Denial-of-service due to limit enforcement issues in IO uring.

A local user could leverage inadequate enforcement of buffer size limits in
some IO uring code paths to cause a denial-of-service or potentially execute
arbitrary code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.10-updates mailing list