[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2020-5805)

Tue Sep 1 02:38:35 PDT 2020

Synopsis: ELSA-2020-5805 can now be patched using Ksplice
CVEs: CVE-2019-19054 CVE-2019-19642 CVE-2020-10732 CVE-2020-10766 CVE-2020-10767 CVE-2020-12888

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5805.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5805.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2020-10766: Information leak using Spectre V4 variant.

A logic error when context switching between multiple processes could
let an attacker disable SSBD mitigation and leak information about
victim process.

Orabug: 31557900

* CVE-2019-19054: Denial-of-service in the cx2388x tv card driver.

Failure to handle error during initial setup on in the cx2388x tv card
driver causes memory leak. An attacker could exploit this to cause a
denial-of-service.

Orabug: 31351669

* CVE-2019-19642: Denial-of-service in kernel relay file open path.

A failure to properly check the return value of certain calls when
opening a kernel relay file can lead to a NULL pointer dereference, and
subsequent kernel panic.  This flaw could be exploited by a local
unprivileged user to cause a denial-of-service.

Orabug: 31183397

* CVE-2020-10732: Information leak in corefiles in per-thread info.

When generating a corefile, the per-thread core information is not
properly sanitized, potentially leaking sensitive kernel data into the
filesystem.

Orabug: 31350635

* Add bit for guest kernel to handle kernel panic without host intervention.

This adds a PVPANIC_CRASH_LOADED bit for a pvpanic event to indicate that the
guest has had a kernel panic but will handle it itself.

Orabug: 31677096

* Note: Oracle is still investigating potential zero-downtime mitigations for CVE-2020-12888.

Fixes for this CVE are still undergoing analysis and testing.  A
zero-downtime update may be provided at a later date.

Orabug: 31439668, 31663628

* CVE-2020-10767: Information leak using Spectre V2 attack due to IBPB being disabled.

A logic error when STIBP is not supported by the hardware makes IBPB
disabled unconditionally by default. A local attacker could use this
flaw to leak information about other processes.

Orabug: 31557802

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.