[El-errata] New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2021-0856-1)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Mar 29 11:45:37 PDT 2021
Synopsis: ELBA-2021-0856-1 can now be patched using Ksplice
CVEs: CVE-2019-19532 CVE-2020-0427 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2020-7053 CVE-2021-20265
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2021-0856-1.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2019-19532: Denial-of-service when initializing HID devices.
A failure to properly check a device-controlled parameter in the USB HID
subsystem lead to reading or writing past memory bounds. An attacker can
exploit this bug with a specially crafted USB device to escalate
privileges or cause a denial-of-service.
* CVE-2021-20265: Memory leak when reading from AF_UNIX socket.
Incorrect reference counting when reading from AF_UNIX can trigger a
memory leak when a signal is delivered to a process.
* CVE-2020-29661: Use-after-free in ioctls of TTY subsystem.
A locking flaw in ioctls of TTY subsystem could lead to a use-after-free.
A local user could use this flaw to cause execution of arbitrary code or
* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.
A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.
* CVE-2020-25645: Possible information leak between encrypted geneve endpoints.
A logic error may end up inadvertently transmitting data between two
geneve endpoints unencrypted. This may allow unintended parties to view
confidential network data.
* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.
The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
* CVE-2020-25211: Denial-of-service in Netfilter due to out-of-bounds memory access.
A flaw in Netfilter framework implementation could lead to
a out-of-bounds memory access. A local user could use this flaw to cause
a system crash and a denial-of-service.
* CVE-2020-7053: Use-after-free when destroying i915 GEM context.
A locking error when destroying GEM context in the i915 graphic driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2020-25656: Use-after-free in console subsystem.
Specific ioctls sent to the console subsystem could lead to a use-after-free.
A local attacker could use this flaw to read confidential data.
* Note: Oracle has determined that CVE-2020-0427 is not applicable.
Oracle has determined that CVE-2020-0427 is not applicable as concerned
files are not compiled on this distribution.
* CVE-2020-28374: Access control bypass when reading or writing TCM devices.
Lack of validation against the session's list when matching a Target Core
Mod (TCM) device during an eXtended COPY (XCOPY) operation leads to access
control bypass. Attackers with access to one device could read and write
from/to other devices they should not have access to.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata