[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2022-9273)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Apr 19 07:37:54 UTC 2022
Synopsis: ELSA-2022-9273 can now be patched using Ksplice
CVEs: CVE-2020-36516 CVE-2021-22600 CVE-2022-0617 CVE-2022-1016 CVE-2022-22942 CVE-2022-24448 CVE-2022-26966
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9273.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2022-24448: Information leak when NFSv4 directory lookup fails.
If an open is performed with O_DIRECTORY on a regular file mounted over
NFSv4, the returned file descriptor will be uninitialized, potentially
leaking sensitive kernel information.
* CVE-2022-22942: Use-after-free in VMware Virtual GPU driver.
Improper error handling flaw in VMware Virtual GPU driver could lead
to a stale entry to be left in the file descriptor table resulting in
use-after-free. Unprivileged, local users could use this flaw in order
to gain access to files opened by other processes on the system through
a dangling file pointer and cause information disclosure or privilege
* CVE-2021-22600: Privilege escalation in Packet protocol subsystem due to double-free.
A logic flaw causing a double-free in Packet protocol subsystem could
be exploited by a local user through crafted syscalls. A local user
could use this flaw for a denial-of-service or privilege escalation.
* CVE-2022-0617: NULL-pointer dereference when processing UDF metadata.
When converting a UDF filesystem control block to its expanded form, an
invalid block could result in a NULL callback being invoked, resulting
in a system crash. A malicious user or filesystem image might exploit
this to cause a denial-of-service.
* CVE-2022-26966: Information disclosure in CoreChip SR9700 USB 10/100 Ethernet adapter.
A missing sanity check flaw in CoreChip SR9700 USB 10/100 Ethernet
adapter could result in sensitive information leaking from heap memory
to user space. A local user could use this flaw for information
* Don't flush cache if hardware enforces cache coherency across encryption domains.
In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page in a VM is enforced. In
such a system, it is not required for software to flush the VM's page
from all CPU caches in the system prior to changing the value of the
C-bit for the page.
* CVE-2020-36516: Multiple vulnerabilities in TCP/IP protocol.
The mixed IPID assignment method with the hash-based IPID assignment
policy could allow an attacker to perform a Man-in-the-Middle Attack.
A remote attacker could use this flaw to pretend to be the sender of
the TCP/IP packet for an existing TCP/IP session and inject data into
the TCP session or terminate that session.
* CVE-2022-1016: Information leak in the netfilter subsystem.
A flaw in the netfilter subsystem result in a use-after-free. This may
allow a local unprivileged user to cause an information leak, resulting
in loss of system confidentiality.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata