[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4675)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jun 11 07:37:12 PDT 2019 

Synopsis: ELSA-2019-4675 can now be patched using Ksplice
CVEs: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-11884

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4675.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4675.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

Please note that the improved fix for CVE-2019-11091, CVE-2018-12126, 
CVE-2018-12130, CVE-2018-12127: Microarchitectural Data Sampling is not 
available for UEKR2 on Oracle Linux 5.  Oracle Linux 5 systems may 
mitigate against this by disabling HyperThreading or rebooting into the 
latest kernel.


DESCRIPTION

* Ksplice NMI patching enablement update.

Patching the NMI entry/exit code is subject to race conditions when
disabling and re-enabling IBRS on concurrent NMI.


* Correctly clear the Micro Data Sampling (MDS) buffers on return to userspace.

An incorrect variant of the verw instruction was used to clear the MDS
buffers when returning to userspace, allowing an attacker to bypass the
mitigation for the MDS vulnerabilities.  The mitigation was also missing to
clear the MDS buffers from the NMI interrupt when returning to user
context.


* Kernel crash in MDS mitigation selection.

A logic error when testing CPU features could result in reading from a
non-existent model specific register (MSR) triggering a kernel crash
under specific conditions.

Orabug: 29820653


* Use-after-free in Microarchitectural Data Sampling reporting.

A use-after-free in the Microarchitectural Data Sampling (MDS)
mitigation could result in a kernel crash.  A local, unprivileged user
could use this flaw to crash the system.

Orabug: 29792027


* Improved fix to CVE-2019-11091, CVE-2018-12126, CVE-2018-12130, CVE-2018-12127: Microarchitectural Data Sampling.

The original Microarchitectural Data Sampling mitigation did not
correctly flush buffers when the CPU went into an idle state.

Orabug: 29792064


* CVE-2019-11884: Information leak in Bluetooth HIDP HIDPCONNADD ioctl().

Missing string termination in the Bluetooth HIDP HIDPCONNADD ioctl()
could result in leaking the contents of the kernel stack to a local
user.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list