[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2022-10072)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2022-10072 can now be patched using Ksplice
CVEs: CVE-2022-3565 CVE-2022-40768 CVE-2022-4378

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-10072.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2022-10072.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-4378: Privilege escalation in the proc filesystem.

Incorrect bounds checking and an integer overflow in the proc
filesystem could lead to out-of-bounds memory writes.  An unprivileged
user could use this flaw to cause a denial-of-service or elevate
privileges.


* CVE-2022-3565: Use-after-free in modular ISDN driver.

A race condition in mISDN when l1oip_cleanup is called while a timer
handler is running may lead to a use-after-free. A local user could use
this flaw for a denial-of-service or privilege escalation.

Orabug: 34719782


* CVE-2022-40768: Information leak in Promise SuperTrak EX driver.

A missing zeroing of on-stack memory passed to userspace in a SCSI driver
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.

Orabug: 34670756


* Excessive log noise from SCSI target driver.

An overly verbose log message printed when the SCSI target driver
encounters pages that it cannot handle can fill up log files.  This
can effectively render logs useless, and could potentially fill up a
filesystem, leading to a denial-of-service.

Orabug: 34728690


* Reduced performance in do_wait implementation.

In certain cases, various flavors of wait() can have very poor
performance when waiting on processes that have many children or
tracees.  This can cause some applications to suffer a performance
degradation during these types of operations.

Orabug: 34420117


* Unexpected return codes from recvmsg() for RDS sockets.

A logic error in the RDS messaging implementation can cause unexpected
errors to be thrown by recvmsg().  This can disrupt the operation of
userspace applications in some cases.

Orabug: 34658891


* Use-after-free in SCSI qla2xxx driver abort path.

A failure to properly handle some error cases can result in a
use-after-free during certain abort operations in the qla2xxx driver.
This could result in a denial-of-service, and could potentially be
exploited by a malicious user to aid in another type of attack.

Orabug: 34841119

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.