[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4850)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Nov 22 08:57:44 PST 2019
Synopsis: ELSA-2019-4850 can now be patched using Ksplice
CVEs: CVE-2017-15128 CVE-2017-18551 CVE-2019-11478 CVE-2019-14284 CVE-2019-14835 CVE-2019-15213 CVE-2019-15215 CVE-2019-15217 CVE-2019-15916 CVE-2019-16994 CVE-2019-16995 CVE-2019-17053 CVE-2019-17055
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4850.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2019-11478: Denial-of-service when receiving packets over tcp sockets.
A logic error when receiving packets over tcp sockets could lead to a
kernel assert. A local attacker could use this flaw to cause a
* CVE-2017-15128: Denial-of-service when handling page fault through userfaultfd.
Incorrect error handling during userfaultfd UFFDIO_COPY ioctl operation
leads to kernel crash. An attacker can exploit this to cause
* NULL pointer dereference when probing Lego Mindstorms infrared device.
A race condition when probing Lego Mindstorms infrared device can trigger
a NULL pointer dereference and cause a local denial of service.
* CVE-2019-14284: Denial-of-service in floppy disk formatting.
A division by zero in the setup_format_params function for the floppy
disk driver could result in a kernel crash. A local user with access to
the floppy disk device could use this flaw to crash the system.
* CVE-2019-15916: Denial-of-service in network device registration.
A missing free of resources when registering a kobject for a net device
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.
* CVE-2017-18551: Denial-of-service when reading data over I2C bus.
A missing check on user input when reading data over I2C bus could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* Denial-of-service in Reliable Datagram Socket Infiniband address checks.
Excessive resource usage when checking Reliable Datagram Socket
Infiniband addresses could result in memory exhaustion under specific
* CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver.
A missing check when querying capabilities of USB ZR364XX Camera device
from user space could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera.
A use-after-free vulnerability in the V4L2 interface for CPiA2 USB
camera allows a malicious USB device to crash the kernel. An attacker
could exploit this to cause a denial-of-service.
* CVE-2019-15213: Denial-of-service when removing a USB DVB device.
A use-after-free when releasing a USB DVB device could lead to a kernel
crash. An attacker could exploit this to cause a denial-of-service by
plugging in a malicious USB device.
* CVE-2019-16994: Denial-of-service in IPv6-in-IPv4 tunnel registration.
A missing free of resources when registering an IPv6-in-IPv4 tunnel fails
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.
* CVE-2019-17055: Permission bypass when creating a Modular ISDN socket.
A missing check on user capabilities when creating a Modular ISDN socket
could lead to a permission bypass.
* CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket.
A missing check on user capabilities when creating a IEEE 802.15.4
socket could lead to a permission bypass.
* Improved fix for Spectre v1: Bounds check bypass in Vhost ioctl.
A missing use of the indirect call protection macro in the vhost ioctl
code could lead to speculative execution. A locaal attacker could use
this flaw to leak information about the running system.
* CVE-2019-14835: Privilege escalation during live migration of guest.
A failure to check for guest creating a zero length queue in the vhost driver
can lead to a buffer overflow in the host kernel. A guest virtual machine
could use this flaw to crash the host or potentially escalate privileges when
the virtual machine is live migrated.
* Kernel crash on QLogic QLA2XXX device probe failure.
Incorrect error handling could result in a NULL pointer dereference when
failing to probe a QLogic QLA2XXX device leading to a kernel crash.
* Infiniband connection hang after failure.
Missing ARP cache flushing could result in persistent failure after
previously failing to establish a connection.
* CVE-2019-16995: Denial-of-service in HSR networking finalization.
Missing resource deallocation in the High-availability Seamless
Redundancy network core could result in memory exhaustion and eventual
* Kernel crash in OCFS2 direct IO cluster allocation.
Missing locking when allocating clusters during a direct IO operation
could result in triggering a kernel assertion and subsequent crash.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata