[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2020-5837)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Sep 9 00:11:21 PDT 2020

Synopsis: ELSA-2020-5837 can now be patched using Ksplice
CVEs: CVE-2017-16644 CVE-2019-19062 CVE-2019-19535 CVE-2019-19536 CVE-2019-20811 CVE-2020-10732

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5837.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2017-16644: Denial-of-service in Hauppauge HD PVR driver.

Incorrect error handling during device probe for a Hauppauge HD PVR
device could result in a kernel crash.  A user with physical access to
the system and a malicious device could use this flaw to crash the

Orabug: 31352053

* CVE-2019-20811: Denial-of-service in network device sysfs system.

An inability to correctly handle an error condition when adding certain objects
in the net sysfs code could lead to an invalid refcount and thus a memory leak.
This could be used for a denial-of-service attack.

Orabug: 31687545

* Denial-of-service when registering a new binary type.

A logic error when registering a new binary type with a too big offset
could lead to an overflow. A local attacker could use this flaw to cause
a denial-of-service.

Orabug: 31588258

* CVE-2019-19535, CVE-2019-19536: Information leak when initializing PCAN-USB device.

When loading a PCAN-USB driver, kernel passes an uninitialized buffer
to the device. This could leak privileged kernel memory to the device
and allow a malicious device to escalate privilege.

Orabug: 31351221

* CVE-2019-19062: Denial-of-service in the crypto subsystem.

Incomplete error handling while reporting statistics through procfs
in the crypto subsystem leads to memory leak. An unprivileged local
user could exploit this to exhaust kernel memory and cause a

Orabug: 31351640

* Don't return an ACK on some RDMA netlink operations.

Some netlink functions were always returning an ack of skb->len.  This
wasn't desired behavior, so the functions changed to return 0 on success.

Orabug: 31666975

* CVE-2020-10732: Information leak in corefiles in per-thread info.

When generating a corefile, the per-thread core information is not
properly sanitized, potentially leaking sensitive kernel data into the

Orabug: 31350639

* Connection failure after RDS peer reboot.

A logic error when detecting duplicate RDS packets can result in
connection failures after a peer node reboots.

Orabug: 31648141

* Denial-of-service using XFS filesystem.

A logic error when using XFS filesystem could lead to kernel assert. A
local attacker could use this flaw to cause a denial-of-service.

Orabug: 31744270

* Race condition when sending IB subnet MAD causes denial-of-service.

When allocating an Infiniband management diagram packet for the
Infiniband subnet manager, the request data might be freed before the
diagram is fully transmitted, resulting in a use-after-free and

Orabug: 31656992


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list