[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2019-4672)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jun 11 07:30:14 PDT 2019


Synopsis: ELSA-2019-4672 can now be patched using Ksplice
CVEs: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-11884

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4672.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4672.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Ksplice NMI patching enablement update.

Patching the NMI entry/exit code is subject to race conditions when
disabling and re-enabling IBRS on concurrent NMI.


* Correctly clear the Micro Data Sampling (MDS) buffers on return to userspace.

An incorrect variant of the verw instruction was used to clear the MDS
buffers when returning to userspace, allowing an attacker to bypass the
mitigation for the MDS vulnerabilities.  The mitigation was also missing to
clear the MDS buffers from the NMI interrupt when returning to user
context.


* Use-after-free in Microarchitectural Data Sampling reporting.

A use-after-free in the Microarchitectural Data Sampling (MDS)
mitigation could result in a kernel crash.  A local, unprivileged user
could use this flaw to crash the system.

Orabug: 29792023


* Improved fix to CVE-2019-11091, CVE-2018-12126, CVE-2018-12130, CVE-2018-12127: Microarchitectural Data Sampling.

The original Microarchitectural Data Sampling mitigation did not
correctly flush buffers when the CPU went into an idle state.

Orabug: 29792061


* CVE-2019-11884: Information leak in Bluetooth HIDP HIDPCONNADD ioctl().

Missing string termination in the Bluetooth HIDP HIDPCONNADD ioctl()
could result in leaking the contents of the kernel stack to a local
user.

Orabug: 29786787

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list