[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2021-9362)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Jul 19 12:57:16 PDT 2021 

Synopsis: ELSA-2021-9362 can now be patched using Ksplice
CVEs: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-0512 CVE-2021-20194 CVE-2021-23133 CVE-2021-26708 CVE-2021-26930 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-32399 CVE-2021-33033 CVE-2021-33034 CVE-2021-3483

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9362.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2021-9362.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Note: Oracle will not provide a zero-downtime update for CVE-2021-29264.

CVE-2021-29264 is a denial-of-service in the Freescale Gianfar driver,
which is not compiled on any bionic kernels.


* Note: Oracle has determined that CVE-2020-25673 is not applicable.

The kernel is not affected by CVE-2020-25673 since the code under
consideration is not compiled.


* CVE-2021-29155: Information disclosure in eBPF due to out of bounds pointer arithmetic.

Out of bounds pointer arithmetic flaw in the eBPF implementation could
allow an attacker to bypass the protection and execute speculatively
out-of-bounds loads from the kernel memory leading to extraction of
the kernel memory contents via a side-channel. A local, special user
privileged (CAP_SYS_ADMIN) BPF program could use this flaw for sensitive
information disclosure.

Orabug: 32911979


* CVE-2021-33033: Use-after-free in NetLabel subsystem due to improper reference counting.

A flaw in CIPSO and CALIPSO reference counting scheme of NetLabel packet
labeling framework could lead to a use-after-free. A local use could this
flaw for a code execution or a denial-of-service.

Orabug: 32912070


* CVE-2021-20194: Privilege escalation in the BPF subsystem.

Missing error checks in the BPF subsystem could cause a buffer overflow.
A local user could use this flaw to escalate their privileges or cause
a denial-of-service.


* Note: Oracle has determined that CVE-2021-3483 is not applicable.

The kernel is not affected by CVE-2021-3483 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2020-25671 is not applicable.

The kernel is not affected by CVE-2020-25671 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2021-29647 is not applicable.

The kernel is not affected by CVE-2021-29647 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2020-25670 is not applicable.

The kernel is not affected by CVE-2020-25670 since the code under
consideration is not compiled.


* CVE-2021-33034: Use-after-free when tearing down bluetooth HCI channel.

A race condition in the bluetooth Host Controller Interface code could
result in a use-after-free. A malicious device might exploit this to
write data to an arbitrary kernel address, potentially allowing code
execution under control of the device.

Orabug: 32912099


* Improved fix to CVE-2021-23133: Multiple vulnerabilities due to a race condition in SCTP.

A flaw in socket functionality of Stream Control Transmission Protocol
could lead to a race condition. A local user with network service
privileges could use this flaw for privilege escalation, information
disclosure or denial-of-service.


* CVE-2021-30002: Denial-of-service in V4L2 driver due to memory leaks.

A flaw in the exit code sequence of V4L2 driver could lead to memory
leaks. A local user could use this flaw to cause a denial-of-service.


* CVE-2021-26708: Privilege escalation in Virtual Socket protocol due to bad locking.

Wrong locking in Virtual Socket protocol implementation could lead to
a race condition. A local user could use this flaw for privilege
escalation.


* Improved fix to CVE-2021-26930, XSA-365: Bad error handing of blkback grant references.

The Xen blkback driver can incorrectly ignore errors when mapping grant
references, potentially reporting a false success, and causing unmapped
memory to be accessed. Hosting a malicious or buggy frontend driver
might result in a denial-of-service on the host.


* CVE-2021-29265: Denial-of-service in usbip driver due to race conditions.

Race conditions in the stub-up sequence of the usbip driver during
an update of the local and shared status could lead to a system crash.
A local attacker could use this flaw to cause a Denial-of-service.

Note: Oracle has determined that CVE-2021-29265 is not applicable.

The kernel is not affected by CVE-2021-29265 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2021-28375 is not applicable.

Oracle has determined that CVE-2021-28375 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.


* CVE-2021-33033: Denial-of-service in security key addition for Generic IEEE 802.15.4 Soft Networking Stack.

A flaw in link-layer security key addition for Generic IEEE 802.15.4 Soft
Networking Stack could lead to a system crash. A local attacker could
use this to cause a denial of service.


* CVE-2021-32399: Race condition when removing bluetooth HCI controller.

A race condition when removing bluetooth HCI controller could result in
race condition and out-of-bounds write. A malicious unprivileged user
might able to exploit this to cause a denial-of-service or escalate
their privileges.

Orabug: 32912033


* Note: Oracle has determined that CVE-2021-28972 is not applicable.

Oracle has determined that CVE-2021-28972 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.


* CVE-2021-28038, XSA-367: Mishandling of errors causes DoS of Xen backend.

Error conditions in the net Xen backend driver may incorrectly cause
kernel assertion failures. A malicious or buggy Xen frontend might
trigger these conditions, causing a denial-of-service in the host.


* CVE-2021-0512: Out-of-bounds memory accesses when accessing HID devices array fields.

Out-of-bounds reads and writes in HID driver during HID device
registration could lead to information disclosure and corruption of
internal data structures. A local attacker could use this flaw
to cause a denial-of-service or as an aid in another type of
attack.


* CVE-2021-28688, XSA-371: Xen Hypervisor persistant grant leakage.

A logic error when initializing pointers under certain circumstances
may overwrite unreclamied values. A local user could use to exhaust
system resources, leading to a denial-of-service.


* Improve Machine Check Exception handling.

On Machine Check Exception, collect error data in crashdump.

Orabug: 32820275


* Note: Oracle has determined that CVE-2021-28660 is not applicable.

Oracle has determined that CVE-2021-28660 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.


* Note: Oracle has determined that CVE-2021-29154 is not applicable.

Oracle has determined that CVE-2021-29154 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.


* Note: Oracle has determined that CVE-2020-25672 is not applicable.

Oracle has determined that CVE-2020-25672 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.


* Improved fix to CVE-2021-29650: Denial-of-service in Netfilter due to incorrect memory barrier.

Lack of a full memory barrier upon the assignment of a new table value
in the Netfilter subsystem could result in a system crash. A local user
could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list