[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2021-9452)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Sep 22 04:27:39 PDT 2021


Synopsis: ELSA-2021-9452 can now be patched using Ksplice
CVEs: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26147 CVE-2020-29374 CVE-2021-0129 CVE-2021-22543 CVE-2021-23134 CVE-2021-29155 CVE-2021-31829 CVE-2021-33200 CVE-2021-34693 CVE-2021-3609

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9452.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2021-9452.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2021-29155, CVE-2021-33200, CVE-2021-31829: Information disclosure in eBPF due to out of bounds pointer arithmetic.

Out of bounds pointer arithmetic flaw in the eBPF implementation could
allow an attacker to bypass the protection and execute speculatively
out-of-bounds loads from the kernel memory leading to extraction of
the kernel memory contents via a side-channel. A local, special user
privileged (CAP_SYS_ADMIN) BPF program could use this flaw for sensitive
information disclosure.


* CVE-2020-24588: Mishandling of malformed A-MPDU frames in 802.11 Networking Stack.

Mishandling of malformed A-MPDU frames in 802.11 Wireless Networking
Stack could allow an attacker to inject network packets. A physically
proximate attacker could use this flaw to compromise the system
integrity.


* CVE-2020-26147: Information disclosure/packet injection over WEP/WPA WiFi.

The kernel 802.11 WiFi driver erroneously combines encypted and
plaintext fragments, potentially allowing an attacker to intercept or
inject into a legitimate encrypted WiFi connection.


* CVE-2020-29374: Multiple vulnerabilities in get_user_pages of Memory Management subsystem.

Due to a flaw in Memory Management subsystem unintended write access
could be granted when get_user_pages is used for a copy-on-write page.
A local user could use this flaw to cause a wide range of problems,
including information exposures, denial of service, and arbitrary code
execution.


* CVE-2020-26139: Remote denial-of-Wifi-service via malicious EAPOL frames.

When acting as an access point, the kernel WiFi driver might forward
EAPOL frames to other devices that have not successfully authenticated.
A malicious device might exploit this to cause a denial-of-service of
the WiFi connection towards legitimately connected clients.


* CVE-2021-0129: Man-in-the-middle disclosure of bluetooth passkey.

The kernel bluetooth pairing process contains a flaw that might allow a
malicious nearby device to determine the passkey used to complete the
pairing, or potential pair itself instead.


* CVE-2021-3609: Privilege escalation in CAN BCM due to use-after-free.

A race condition in the CAN BCM implementation could lead to use-after-free
vulnerability. A local attacker could potentially use this to execute
arbitrary code.

Orabug: 33114648


* Note: Oracle has determined that CVE-2021-23134 is not applicable.

The kernel is not affected by CVE-2021-23134 since the code under
consideration is not compiled.


* Note: Oracle will not provide a zero-downtime update for CVE-2020-24586 or CVE-2020-24587.

Oracle has determined that patching CVE-2020-24586 and CVE-2020-24587 on a
running system would not be safe. These vulnerabilities have a moderate
impact, CVVS score of 3.5 and 2.6 respectively. The vulnerability allows
network injection attacks on a WiFi network, so hosts not connected to a
WiFi network are not affected.  Oracle recommends a reboot to mitigate
these issues if the host is affected.


* CVE-2021-34693: Information leak in CAN BCM message.

The header of a CAN bus BCM message contains uninitialized memory that
is transmitted over the wire. A malicious device might exploit this to
gain information about the running system.

Orabug: 33030700


* Deadlock on page write-back in NFS subsystem.

A logic error when a page write-back is triggered may cause a
deadlock. This may lead to a denial-of-service.

Orabug: 33213898


* Checksum error in infiniband subsystem.

A logic error whilst receiving packets may lead to an invalid checksum
calculation. This may lead to a loss of data, and missed messages.

Orabug: 33145562


* Unresponsive behavior when suspending XFS filesystems.

A logic error whilst draining an internal cache may cause exceedingly
long pauses when running fsfreeze against an XFS filesystem. This may
lead to degraded system performance and possible data loss.

Orabug: 33141334


* CVE-2021-22543: Privilege escalation in KVM due to RO page check bypass.

The reference counts of VM_IO|VM_PFNMAP pages can be manipulated to
cause a deliberate use-after-free. This can be manipulated to cause
writes to arbitrary memory pages, allowing a malicious user with the
ability to create virtual machines to escalate their privileges.

Orabug: 33054089

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list