[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2020-5526)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Jan 30 16:48:05 PST 2020
Synopsis: ELSA-2020-5526 can now be patched using Ksplice
CVEs: CVE-2019-19332 CVE-2019-3016
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5526.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes.
A race condition when performing a paravirtualized TLB flush could
result in stale mappings in a KVM guest potentially allowing processes
access to pages from other processes. A local unprivileged user could
use this flaw to crash the system or potentially, escalate privileges.
* Improved fix to CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes.
The original fix for CVE-2019-3016 did not cover all race conditions
which could result in a missing TLB flush and access to incorrect pages.
Orabug: 30489861, 30758028
* CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting.
A failure to correctly validate a request for KVM cpuid emulation
information a can lead to an out-of-bounds memory access, leading to a
kernel crash. A local user with the ability to use KVM could use this
flaw to cause a denial-of-service.
* Missing Non Maskable Interrupts on AMD KVM guests.
A logic error when handling NMI injection could result on failure to
deliver the NMI to the guest. This could result in missing guest events
or a system hang.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata