[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2021-9007)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jan 20 00:27:06 PST 2021

Synopsis: ELSA-2021-9007 can now be patched using Ksplice CVEs:
CVE-2020-14351 CVE-2020-14381 CVE-2020-25705 CVE-2020-28374 CVE-2020-29568

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9007.  More
information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2020-28374: Access control bypass when reading or writing TCM devices.

Lack of validation against the session's list when matching a Target Core
Mod (TCM) device during an eXtended COPY (XCOPY) operation leads to access
control bypass.  Attackers with access to one device could read and write
from/to other devices they should not have access to.

Orabug: 32248032

* Note: Oracle will not be providing a rebootless update for CVE-2020-29568.

Oracle has determined that patching this vulnerability live on a running system
would not be safe and is recommending to reboot the vulnerable hosts.

Orabug: 32253412

* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.

The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.

* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.

A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.

* CVE-2020-29569: Use-after-free when disconnecting Xen block devices.

A logic error when disconnecting Xen block devices may cause a use-after-free.
A rouge guest instance may be able to use this to cause a Denial-of-Service
on dom0.

Orabug: 32260256

* Note: Oracle will not provide a live update for CVE-2020-14381.

Oracle has determined that patching this vulnerability live on a running
system would not be safe and is recommending to reboot the affected hosts.
The vulnerability applies to hosts with untrusted users being able to
create futexes on a filesystem that is about to be unmounted, and as such
requires a privileged user to unmount the filesystem at the right time to
be leveraged.

Orabug: 32233515


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list