[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2020-5670)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu May 14 11:07:08 PDT 2020 

Synopsis: ELSA-2020-5670 can now be patched using Ksplice
CVEs: CVE-2016-5244 CVE-2017-7346 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-19056 CVE-2019-19523 CVE-2019-19527 CVE-2019-19532 CVE-2019-9503 CVE-2020-11494 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5670.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5670.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Denial-of-service when parsing access point settings in Marvell WiFi-Ex driver.

Logic errors when parsing access point settings in Marvell WiFi-Ex
driver could lead to buffer overflows. A local attacker could use this
flaw to cause a denial-of-service.

Orabug: 31104481


* CVE-2016-5244: Information leak in the RDS network protocol.

Lack of on-stack struct initialization in the RDS network protocol leads to
one byte of kernel stack being leaked to userspace.  A local attacker could
use this flaw to gain information about the running kernel and facilitate
an attack.

Orabug: 30770962


* CVE-2020-8648: Use-after-free in the virtual terminal driver.

A locking error in the virtual terminal driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service or escalate privileges.

Orabug: 30923298


* CVE-2020-9383: Information leak in the floppy disk driver.

A flaw in the floppy driver could lead to an out-of-bounds read causing
an information leak when assigning the floppy disk controller.

Orabug: 31067516


* Improved fix for CVE-2020-2732: Privilege escalation in Intel KVM nested emulation.

The original fix for CVE-2020-2732 prevented a windows guest with Hyper-V
enabled from booting.

Orabug: 31118691


* CVE-2020-11494: Information leak when using Serial / USB serial CAN Adaptors.

A missing zeroing of on stack data when sending data over Serial / USB
serial CAN Adaptors could lead to an information leak. A local attacker
could use this flaw to leak information about running kernel and
facilitate an attack.

Orabug: 31136753


* CVE-2019-19056: Denial-of-service in the Marvell mwifiex PCIe driver.

Failure to handle error during initialization of Marvell mwifiex PCIe
driver leads to memory leak. An attacker could exploit this to exhaust
kernel memory that eventually may cause a denial-of-service.

Orabug: 31246302


* CVE-2019-19527: Denial-of-service in USB HID device open.

A race condition when opening a USB HID device could result in a
use-after-free and kernel crash.

Orabug: 31206360


* CVE-2019-9503: Denial-of-service when receiving firmware event frames over a Broadcom WLAN USB dongle.

A failure to validate firmware event frames received over a Broadcom
WLAN USB dongle could let a remote attacker cause a denial-of-service.

Orabug: 30776354


* CVE-2017-7346: Denial-of-service when user defines surface in VMware Virtual GPU driver.

A missing check on user input could lead to an infinite loop. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 31262557


* CVE-2020-8647, CVE-2020-8649: Use-after-free in the VGA text console driver.

A missing check when resizing console in the VGA text console driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 31143947


* CVE-2019-19532: Denial-of-service when initializing HID devices.

A failure to properly check a device-controlled parameter in the USB
HID (bluetooth) subsystem lead to reading or writing past memory
bounds. An attacker can exploit this bug with a specially crafted USB
device to escalate privileges or cause a denial-of-service.

Orabug: 31208622


* CVE-2019-19523: Use-after-free when disconnecting ADU USB devices.

Logic errors when disconnecting ADU USB devices could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 31233769


* Kernel hang when block layer queue is being frozen.

A reference acquired whilst a queue freeze is starting is never released,
causing the queue freeze to hang forever.

Orabug: 30867060


* Denial-of-service in the QLogic QLA2XXX Fibre Channel Support when collecting dump failure.

Uninitialized on-stack data was used to send commands to the firmware of
the QLA2XXXX device, leading to firmware crash and denial-of-service.

Orabug: 30890687

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list