[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2020-5884)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2020-5884 can now be patched using Ksplice
CVEs: CVE-2020-14314 CVE-2020-14356 CVE-2020-14385 CVE-2020-14386 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5884.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5884.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Missing rejected events in the Infiniband driver when receiving rejected messages.

A logic error when handling a REJ message in the Infiniband driver causes a
missed rejected event in the active side.

Orabug: 31784656


* Denial-of-service while accessing remote_sidr_table.

A failure to hold a necessary lock can lead to a denial-of-service when
the kernel attempts to access the remote_sidr_table.

Orabug: 31784889


* Network traffic leak from i40e Virtual Functions.

Improper hanlding of certain capability flags can allow a trusted i40e
virtual function with unicast promiscuous mode set to listen to traffic
transmitted by other virtual functions.  This could allow sensitive
transmitted data to be examined by the trusted VF.

Orabug: 31700015


* Note: Oracle is still investigating a fix for CVE-2020-14356.

Orabug: 31779795


* CVE-2020-14385: Denial of service in XFS filesystem.

A flaw in XFS filesystem could cause an inode with a valid extended
attribute to be wrongly flagged as corrupted leading to the XFS
filesystem shutdown. A local, unprivileged user could use this flaw for
a denial-of-service.

Orabug: 31895365


* Avoid page fault when updating the AMD IOMMU interrupt table.

There is a small window during an update to the the interrupt
remapping table, that a undesired page fault may occur. This can be
remedied by modifying the values atomically.

Orabug: 31931369, 31849530


* CVE-2020-25212: Out-of-bounds writes in RPC operations of Network File System.

Out-of-bounds writes in RPC operations of Network File System
could cause a system crash. This flaw could allow a local user
to crash the system and cause a denial-of-service or potentially
escalating their privileges on the system.

Orabug: 31872895


* CVE-2020-14314: Out-of-bounds memory read when splitting a directory block in the Ext4 filesystem.

A logic error when splitting a directory block could lead to an
out-of-bounds memory read.  A local, unprivileged user could use this
flaw to cause a denial-of-service or potentially gain information
about the running kernel.

Orabug: 31895327


* CVE-2020-25284: Permission bypass when creating or removing a Rados block device.

A non-comprehensive privilege check may allow to create or remove Rados
block devices.  A privileged in a user namespace with user id zero could
use this flaw to cause a denial-of-service.

Orabug: 31884154


* CVE-2020-25285: Denial-of-service when concurrently updating huge page sysctl parameters.

Lack of synchronization when concurrently updating the HugeTLB sysctl
parameters could lead to a NULL pointer dereference.  A user with the
ability to change those parameters could use this flaw to cause a
denial-of-service.

Orabug: 31884234


* CVE-2020-14386: Memory corruption when receiving a packet.

An interger overflow when receiving a packet on an AF_PACKET socket could
lead to memory corruption.  An unprivileged user could use this flaw to
elevate its privileges.

Orabug: 31866487

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.