[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2020-5844)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Oct 2 06:01:10 PDT 2020

Synopsis: ELSA-2020-5844 can now be patched using Ksplice
CVEs: CVE-2019-18885 CVE-2019-3874 CVE-2020-10767 CVE-2020-10781 CVE-2020-14331 CVE-2020-16166 CVE-2020-24394

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5844.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2020-24394: Information leak when exporting a filesystem over NFS.

A logic error when exporting a filesystem without ACL support over NFS
could lead to wrong permissions being used for newly created files. An
attacker could use this flaw to leak information stored in this

Orabug: 31867417

* CVE-2020-16166: Confidentiality vulnerability in the generation of the device ID.

A flaw in the generation of the device ID from the network RNG could
result in a potential issue allowing remote attackers to make
observations that help to obtain sensitive information about
the internal state of the network RNG and compromise the data

Orabug: 31867433

* CVE-2019-3874: Denial-of-service by consuming a large amount of memory using SCTP socket.

A wrong accounting of SCTP socket buffers used by userspace application
in the cgroup subsystem could let a local user bypass a cgroup memory
limit and cause a denial-of-service.

Orabug: 31867387

* CVE-2020-14331: Out-of-bounds writes in ioctls of Console display driver.

Out-of-bounds writes in ioctls of Console display driver could happen
when calling an ioctl VT_RESIZE in order to resize the console. This
flaw could allow a local user with access to the VGA console to crash
the system or potentially escalating their privileges on the system.

Orabug: 31867431

* CVE-2020-10781: Denial-of-service using Zram hot_add file sysfs entry.

A wrong permission setting on /sys/class/zram-control/hot_add file could
let an attacker create zram devices nodes and exhaust kernel memory. A
local attacker could use this flaw to cause a denial-of-service.

Orabug: 31867403

* Channel recovery on transmition timeout in the Mellanox MLX5E driver.

In the case of a lost interrupt when getting a transmition timeout, the
channels could not be recovered.  This patch adds a mechanism in order to
recover from this scenario.

Orabug: 31753102

* CVE-2019-18885: Denial-of-service in BTRFS extent verification.

A logic error when verifying extents during mount of a BTRFS filesystem
can result in a NULL pointer dereference, leading to a kernel crash. A
local user with the ability to mount a crafted BTRFS image could use
this flaw to cause a denial-of-service.

Orabug: 31867382

* CVE-2020-10767: Information leak using Spectre V2 attack due to IBPB being disabled.

A logic error when STIBP is not supported by the hardware makes IBPB
disabled unconditionally by default. A local attacker could use this
flaw to leak information about other processes.

Orabug: 31867441


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list