[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2018-4304)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Dec 17 01:17:44 PST 2018
Synopsis: ELSA-2018-4304 can now be patched using Ksplice
CVEs: CVE-2018-1000204 CVE-2018-10322 CVE-2018-10902 CVE-2018-1108 CVE-2018-1118
CVE-2018-1120 CVE-2018-13094 CVE-2018-18445 CVE-2018-18710 CVE-2018-5333
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4304.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2018-10902: Denial-of-service in ALSA rawmidi ioctl.
Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption. This could be exploited to cause a denial-of-service.
* CVE-2018-13094: NULL-pointer dereference when shrinking xfs inode.
When attempting to shrink an xfs inode for a file with corrupted
extended attributes, the non-existent attribute buffer might be
dereferenced, resulting in a denial-of-service.
* CVE-2018-1118: System hang in virtio host driver.
A logic error in the vhost driver can lead some processes to spin indefinitely,
waiting for an event to occur. This could be used to cause a denial-of-service.
* CVE-2018-1120: Denial-of-service when mmapping specific part of process memory
on a slow filesystem.
A missing check when an user mmap() specific part of process memory on a
slow filesystem could lead to delay in accessing those specific part
from kernel side. A local attacker could use this flaw to cause a
* CVE-2018-1108: Information leak when relying on kernel random generator for
Cryptographic drivers may use kernel random generator which doesn't have
enough entropy to generate true random data after boot. A local attacker
could use this flaw to decrypt sensitive data and leak information.
* CVE-2018-1000204: Kernel information leak when performing SG_IO ioctl.
A vulnerability in the SCSI subsystem allows copying uninitialized
kernel memory to userspace. This could provide an attacker with
sensitive kernel information.
* Denial-of-service when forking a process with hugetlb mappings.
A logic error when forking a process with hugetlb mappings could lead to
a kernel assert. A local attacker could use this flaw to cause a
* CVE-2018-18445: Out-of-bounds access in BPF verifier.
An incorrect truncation when using 32-bit ALU operations in the BPF verifier
can result in an out-of-bounds memory access, leading to a kernel crash. A
local user with the ability to create BPF programs could use this flaw to cause
* CVE-2018-18710: Information leak when checking the CD-ROM slot status.
An incorrect bounds check in the CD-ROM driver could allow an out-of-bounds
access and kernel information leak to an unprivileged user.
* Denial-of-service in the Xen block backend driver when finding a queue.
Failure to reset the number of rings when handling a low memory condition
in the Xen block backend driver could lead to a kernel panic.
* NULL pointer dereference during RDS reconnection.
A fragment size mismatch during an RDS reconnection can result in a NULL
pointer dereference, leading to a kernel crash.
* CVE-2018-7755: Information leak through floppy disk driver ioctl.
A logic error when using floppy disk driver ioctl could lead to a kernel
address leak. A local attacker could use this flaw to get address of
running kernel and facilitate an attack.
* CVE-2018-5848: Privilege escalation in the Wilocity Atheros driver.
Improper length validation could lead to integer overflow and undefined
behaviour. A local user could use this flaw to cause a memory corruption
and potentially escalate privileges.
* CVE-2018-5333: NULL pointer dereference when freeing resources in Reliable
Datagram Sockets driver.
A missing check when freeing resources in Reliable Datagram Sockets
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2018-10322: NULL pointer dereference when mounting crafted XFS image.
Untrusted input from an XFS image was not validated properly before being
used, lead to an invalid pointer dereference. A local, privileged user
with the ability to mount XFS images could use this flaw to cause a
* Filesystem corruption in EXT4 direct write implementation.
A race condition during direct writes to an EXT4 filesystem can result in
* Filesystem corruption in BTRFS range cloning.
A failure to specify a full fsync is required after cloning a file range in the
BTRFS filesystem can result in filesystem corruption.
* Denial-of-service in huge page truncation.
A race condition between a page fault and a hugetlbfs page truncation can
result in an assertion failure, leading to a kernel crash. A local user could
use this flaw to cause a denial-of-service.
* NULL pointer dereference during iSCSI connection reset.
A missing check when resetting an iSCSI connection which is already terminating
can result in a NULL pointer dereference, leading to a kernel crash.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata