[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2022-9088)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Feb 4 02:39:13 UTC 2022

Synopsis: ELSA-2022-9088 can now be patched using Ksplice
CVEs: CVE-2017-11176 CVE-2021-0129 CVE-2021-20321 CVE-2021-3752 
CVE-2021-3753 CVE-2021-4034

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9088.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2021-4034: Privilege escalation in pkexec.

Incorrect input validation in the pkexec program (part of Polkit) allows
any local user to become root.

* CVE-2021-20321: Race condition in OverlayFS.

A possible race condition exists in overlayfs that may be triggered
when a user renames a file.  A local user could use this flaw to cause
a denial-of-service.

Orabug: 33694378

* CVE-2021-3753: information disclosure in virtual terminal device.

A race condition flaw in its ioctl handling of the virtual terminal
device implementation could lead to out-of-bounds reads. A local user
could use this flaw for information disclosure.

Orabug: 33406445

* CVE-2021-0129: Man-in-the-middle disclosure of bluetooth passkey.

The kernel bluetooth pairing process contains a flaw that might allow a
malicious nearby device to determine the passkey used to complete the
pairing, or potential pair itself instead.

Orabug: 33556779

* CVE-2021-3752: Use-after-free in the Bluetooth subsystem.

A use-after-free exists in the Bluetooth subsystem in the way a user 
and disconnects from a socket.  A local unprivileged user could use this 
to cause a denial-of-service or potentially escalate privileges.

Orabug: 33406421


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list