[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2020-5962)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Dec 15 04:32:36 PST 2020

Synopsis: ELSA-2020-5962 can now be patched using Ksplice
CVEs: CVE-2017-9605 CVE-2020-16166

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5962.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2020-16166: Confidentiality vulnerability in the generation of the 
device ID.

A flaw in the generation of the device ID from the network RNG could
result in a potential issue allowing remote attackers to make
observations that help to obtain sensitive information about
the internal state of the network RNG and compromise the data

Orabug: 31698086

* Guest VM leaks bits into host control register, causing host to panic.

In the event that a guest VM schedules out during a machine check error,
the host's XCR0 register may get populated with incorrect values.  This
will cause a general protection fault on the host, leading to a

Orabug: 32021856

* CVE-2017-9605: Information leak when user defines surface in VMware 
Virtual GPU driver.

A missing initialization of local variable when user defines surface in
VMXGFX driver could leak stack information. A local attacker could use
this flaw to gain information about the running kernel and facilitate an

Orabug: 31352076


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list