[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2020-5663)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2020-5663 can now be patched using Ksplice CVEs:
CVE-2019-19768 CVE-2020-10942 CVE-2020-11494 CVE-2020-2732 CVE-2020-8835
CVE-2020-8992 CVE-2020-9383

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5663.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5663.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7
and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-11494: Information leak when using Serial / USB serial CAN Adaptors.

A missing zeroing of on stack data when sending data over Serial / USB
serial CAN Adaptors could lead to an information leak. A local attacker
could use this flaw to leak information about running kernel and
facilitate an attack.

Orabug: 31136750


* CVE-2020-9383: Information leak in floppy disk driver.

A flaw in floppy driver could lead to an out-of-bounds read causing
the information leak when assigning the floppy disk controller.

Orabug: 31067510


* CVE-2020-8992: Deadlock with too big journal size on ext4 filesystem.

Using a too big journal size on ext4 filesystem could lead to a
deadlock. A local attacker could use a specially crafted ext4 filesystem
to cause a denial-of-service.

Orabug: 31067112


* CVE-2020-8835: Privileges escalation in BPF verifier code.

A logic error in the BPF verifier code could lead to incorrect bounds
calculation. A local attacker could use this flaw to leak information
about running kernel or escalate privileges.

Orabug: 31127385


* CVE-2020-10942: Out-of-bounds memory access in the Virtual host driver.

Invalid input validation could lead to type confusion and out-of-bounds
memory accesses.  A local unprivileged user could use this to cause a
denial-of-service or potentially escalate privileges.

Orabug: 31085989


* Improved fix for CVE-2020-2732: Privilege escalation in Intel KVM nested emulation.

The original fix for CVE-2020-2732 prevented a windows guest with Hyper-V
enabled from booting.

Orabug: 31118688


* Use-after-free when using NFS with page cache.

A logic error when using NFS with page cache could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.

Orabug: 31044292


* CVE-2019-19768: Use-after-free when reporting an IO trace.

Lack of correct synchronization between releasing a structure used to store
a trace and filling that structure coud lead to a use-after-free.  A local
user with the ability to enable tracing on the block IO sub-system could
use this flaw to cause a denial-of-service or potentially escalate
privileges.

Orabug: 31123573


* CVE-2020-8835: Privileges escalation in BPF verifier code.

A logic error in the BPF verifier code could lead to incorrect bounds
calculation. A local attacker could use this flaw to leak information
about running kernel or escalate privileges.

Orabug: 31127385


* Out-of-bounds memory write when reading EFI variables from sysfs.

Lack of proper synchronization when reading EFI variables from sysfs could
lead to an out-of-bounds memory write.  A local user with the ability to
read those files could use this flaw to cause a denial-of-service or
potentially escalate privileges.

Orabug: 31020408

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.