[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2020-5996)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Dec 17 16:34:05 PST 2020

Synopsis: ELSA-2020-5996 can now be patched using Ksplice
CVEs: CVE-2020-12352 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-27673 CVE-2020-27675 CVE-2020-28915 CVE-2020-28974

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5996.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2020-28915: Information leak due to out-of-bounds read in Framebuffer Console.

A flaw in the font handling code of the Framebuffer Console could lead to
an out-of-bounds read of kernel memory. A local attacker could use this
flaw to cause an information leak and the system's memory disclosure.

* CVE-2020-28974: Invalid memory access when manipulating framebuffer fonts.

A logic error when manipulating framebuffer console fonts may cause an
out-of-bounds memory read. A local attacker could use this flaw to read
privileged information or potentially cause a denial-of-service.

Orabug: 32187748

* CVE-2020-25704: Denial-of-service in the performance monitoring subsystem.

A possible memory leak when setting performance monitoring filter could lead to
kernel memory exhaustion. A local attacker could use this flaw to cause a

Orabug: 32131175

* CVE-2020-25656: Use-after-free in console subsystem.

Specific ioctls sent to the console subsystem could lead to a use-after-free.
A local attacker could use this flaw to read confidential data.

Orabug: 32122952

* CVE-2020-27675: Race condition when reconfiguring para-virtualized Xen devices.

An event-channel removal when reconfiguring paravirtualized devices may cause a
race condition leading to a null pointer dereference. A local attacker could use
this flaw to cause a denial-of-service on a dom0.

Orabug: 32177548

* CVE-2020-12352: Information leak when handling AMP packets in Bluetooth stack.

A missing zeroing of stack memory when handling AMP packets in Bluetooth
stack could lead to an information leak. A remote attacker could use this
flaw to leak information about running kernel and facilitate an attack.

* CVE-2020-25668: Race condition when sending ioctls to a virtual terminal.

A race condition can possibly occur when sending ioctls to a tty device may
cause a use-after-free. A local attacker may use this to cause memory
corruption or a denial-of-service.

Orabug: 32122729

* Note: Oracle will not provide a rebootless update for CVE-2020-27673.

Oracle has determined that patching this vulnerability live on a running system
would not be safe and is recommending to reboot the vulnerable hosts.  Only Xen
dom0 hosts running untrusted VMs are affected by this vulnerability.

Orabug: 32177535

* Disable infiniband completion queue time stamping.

When the time stamping feature is enabled, sensative memory addresses may be
leaked to userspace. A local user could use this to crash the system.

Orabug: 32042517


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list