[El-errata] New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2021-0856-1)

Mon Mar 29 11:45:37 PDT 2021

Synopsis: ELBA-2021-0856-1 can now be patched using Ksplice
CVEs: CVE-2019-19532 CVE-2020-0427 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2020-7053 CVE-2021-20265

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2021-0856-1.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2021-0856-1.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-19532: Denial-of-service when initializing HID devices.

A failure to properly check a device-controlled parameter in the USB HID
subsystem lead to reading or writing past memory bounds. An attacker can
exploit this bug with a specially crafted USB device to escalate
privileges or cause a denial-of-service.

* CVE-2021-20265: Memory leak when reading from AF_UNIX socket.

Incorrect reference counting when reading from AF_UNIX can trigger a
memory leak when a signal is delivered to a process.

* CVE-2020-29661: Use-after-free in ioctls of TTY subsystem.

A locking flaw in ioctls of TTY subsystem could lead to a use-after-free.
A local user could use this flaw to cause execution of arbitrary code or
a denial-of-service.

* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.

A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.

* CVE-2020-25645: Possible information leak between encrypted geneve endpoints.

A logic error may end up inadvertently transmitting data between two
geneve endpoints unencrypted. This may allow unintended parties to view
confidential network data.

* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.

The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.

* CVE-2020-25211: Denial-of-service in Netfilter due to out-of-bounds memory access.

A flaw in Netfilter framework implementation could lead to
a out-of-bounds memory access. A local user could use this flaw to cause
a system crash and a denial-of-service.

* CVE-2020-7053: Use-after-free when destroying i915 GEM context.

A locking error when destroying GEM context in the i915 graphic driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2020-25656: Use-after-free in console subsystem.

Specific ioctls sent to the console subsystem could lead to a use-after-free.
A local attacker could use this flaw to read confidential data.

* Note: Oracle has determined that CVE-2020-0427 is not applicable.

Oracle has determined that CVE-2020-0427 is not applicable as concerned
files are not compiled on this distribution.

* CVE-2020-28374: Access control bypass when reading or writing TCM devices.

Lack of validation against the session's list when matching a Target Core
Mod (TCM) device during an eXtended COPY (XCOPY) operation leads to access
control bypass.  Attackers with access to one device could read and write
from/to other devices they should not have access to.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.