[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2020-5804)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Aug 21 11:26:21 PDT 2020 

Synopsis: ELSA-2020-5804 can now be patched using Ksplice
CVEs: CVE-2019-16232 CVE-2019-16234 CVE-2019-19037 CVE-2019-19049 CVE-2019-19062 CVE-2019-19447 CVE-2019-20811 CVE-2020-10732 CVE-2020-10766 CVE-2020-12888

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5804.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5804.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-10766: Information leak using Spectre V4 variant.

A logic error when context switching between multiple processes could
let an attacker disable SSBD mitigation and leak information about
victim process.

Orabug: 31557902


* Oracle will not provide zero-downtime update for CVE-2019-19049.

Oracle has determined that the vulnerability does not affect a
running system.

Orabug: 31351701


* NULL-pointer dereference when shutting down DSA switch.

When shutting down a Distributed Switch Architecture network device,
certain device drivers such as virtio_net might leave the driver with a
NULL netdev_ops pointer, resulting in an eventual NULL-pointer
dereference and denial-of-service.

Orabug: 31038233


* CVE-2019-19447: Use-after-free when unmounting corrupt ext4 filesystem.

On an ext4 filesystem containing an inode with a corrupt link count,
deleting the inode's parent directory and then unmounting could result
in a use-after-free and memory corruption. Mounting a crafted filesystem
image could therefore result in a denial-of-service or other unspecified
impact.

Orabug: 31351013


* CVE-2020-10732: Information leak in corefiles in per-thread info.

When generating a corefile, the per-thread core information is not
properly sanitized, potentially leaking sensitive kernel data into the
filesystem.

Orabug: 31350638


* CVE-2019-19062: Denial-of-service in the crypto subsystem.

Incomplete error handling while reporting statistics through procfs
in the crypto subsystem leads to memory leak. An unprivileged local
user could exploit this to exhaust kernel memory and cause a
denial-of-service.

Orabug: 31351639


* CVE-2019-16234: NULL pointer dereference when registering Intel Wireless WiFi driver.

A logic error in error path when registering Intel Wireless WiFi driver
fails on workqueue allocation could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.

Orabug: 31351807


* CVE-2019-19037: Denial-of-service when handling empty directories in ext4 filesystem.

A logic error when handling empty directories in ext4 filesystem with
holes could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 31265319


* CVE-2019-16232: NULL pointer dereference when registering Marvell Libertas 8385/8686/8688 SDIO 802.11b/g cards.

A missing check when registering Marvell Libertas 8385/8686/8688 SDIO
802.11b/g cards could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 31351822


* Memory corruption during cgroup destruction with PSI enabled.

A logic error in the cgroup code could lead to a double free and possible
memory corruption during cgroup destruction.

Orabug: 31535640


* Kernel crash in guest VM with machine check exception.

An error in handling a machine check on a Linux host could lead to a crash in
the guest VM.

Orabug: 31601132


* CVE-2019-20811: Denial-of-service in network device sysfs system.

An inability to correctly handle an error condition when adding certain objects
in the net sysfs code could lead to an invalid refcount and thus a memory leak.
This could be used for a denial-of-service attack.

Orabug: 31445419


* Add bit for guest kernel to handle kernel panic without host intervention.

This adds a PVPANIC_CRASH_LOADED bit for a pvpanic event to indicate that the
guest has had a kernel panic but will handle it itself.

Orabug: 31677099


* Don't return an ACK on some RDMA netlink operations.

Some netlink functions were always returning an ack of skb->len. This
wasn't desired behavior, so the functions changed to return 0 on success.

Orabug: 31666974


* Note: Oracle is still investigating potential zero-downtime mitigations for CVE-2020-12888.

Fixes for this CVE are still undergoing analaysis and testing. A
zero-downtime update may be provided at a later date.

Orabug: 31439670, 31663632

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list