[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2020-5844)

Fri Oct 2 06:01:10 PDT 2020

Synopsis: ELSA-2020-5844 can now be patched using Ksplice
CVEs: CVE-2019-18885 CVE-2019-3874 CVE-2020-10767 CVE-2020-10781 CVE-2020-14331 CVE-2020-16166 CVE-2020-24394

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5844.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5844.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2020-24394: Information leak when exporting a filesystem over NFS.

A logic error when exporting a filesystem without ACL support over NFS
could lead to wrong permissions being used for newly created files. An
attacker could use this flaw to leak information stored in this
filesystem.

Orabug: 31867417

* CVE-2020-16166: Confidentiality vulnerability in the generation of the device ID.

A flaw in the generation of the device ID from the network RNG could
result in a potential issue allowing remote attackers to make
observations that help to obtain sensitive information about
the internal state of the network RNG and compromise the data
confidentiality.

Orabug: 31867433

* CVE-2019-3874: Denial-of-service by consuming a large amount of memory using SCTP socket.

A wrong accounting of SCTP socket buffers used by userspace application
in the cgroup subsystem could let a local user bypass a cgroup memory
limit and cause a denial-of-service.

Orabug: 31867387

* CVE-2020-14331: Out-of-bounds writes in ioctls of Console display driver.

Out-of-bounds writes in ioctls of Console display driver could happen
when calling an ioctl VT_RESIZE in order to resize the console. This
flaw could allow a local user with access to the VGA console to crash
the system or potentially escalating their privileges on the system.

Orabug: 31867431

* CVE-2020-10781: Denial-of-service using Zram hot_add file sysfs entry.

A wrong permission setting on /sys/class/zram-control/hot_add file could
let an attacker create zram devices nodes and exhaust kernel memory. A
local attacker could use this flaw to cause a denial-of-service.

Orabug: 31867403

* Channel recovery on transmition timeout in the Mellanox MLX5E driver.

In the case of a lost interrupt when getting a transmition timeout, the
channels could not be recovered.  This patch adds a mechanism in order to
recover from this scenario.

Orabug: 31753102

* CVE-2019-18885: Denial-of-service in BTRFS extent verification.

A logic error when verifying extents during mount of a BTRFS filesystem
can result in a NULL pointer dereference, leading to a kernel crash. A
local user with the ability to mount a crafted BTRFS image could use
this flaw to cause a denial-of-service.

Orabug: 31867382

* CVE-2020-10767: Information leak using Spectre V2 attack due to IBPB being disabled.

A logic error when STIBP is not supported by the hardware makes IBPB
disabled unconditionally by default. A local attacker could use this
flaw to leak information about other processes.

Orabug: 31867441

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.