[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2022-9147)

Fri Feb 18 14:39:52 UTC 2022

Synopsis: ELSA-2022-9147 can now be patched using Ksplice
CVEs: CVE-2017-11176 CVE-2021-20321 CVE-2021-3640 CVE-2021-3752 CVE-2021-3760 CVE-2021-4149 CVE-2021-42739 CVE-2021-43056 CVE-2021-43389 CVE-2021-43975 CVE-2021-44733

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9147.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2022-9147.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2021-43975: Out-of-bounds access in aQuantia AQtion(tm) Ethernet card driver.

A lack of input validation in aQuantia AQtion(tm) Ethernet card driver
could result in an out-of-bounds access. Compromised/Malfunctioning
devices could be used by an attacker to trigger this flaw and cause
a denial-of-service or execute arbitrary code.

Orabug: 33594983

* CVE-2021-3640: Privilege escalation in Bluetooth Classic due to use-after-free.

A race condition flaw in ioctls of Bluetooth Classic could lead to
use-after-free. A privileged local user could use this flaw to cause
a denial-of-service or escalate their privileges on the system.

* CVE-2021-20321: Race condition in OverlayFS.

A possible race condition exists in overlayfs that may be triggered
when a user renames a file.  A local user could use this flaw to cause
a denial-of-service.

* Note: Oracle has determined that CVE-2021-3760 is not applicable.

Oracle has determined that CVE-2021-3760 is not applicable as the
code in question is not compiled.

* CVE-2021-3752: Use-after-free in the Bluetooth subsystem.

A use-after-free exists in the Bluetooth subsystem in the way a user connects
and disconnects from a socket.  A local unprivileged user could use this flaw
to cause a denial-of-service or potentially escalate privileges.

Orabug: 33406414

* CVE-2021-43389: Out-of-bounds access in ISDN CAPI due to a race condition.

A race condition in Kernel CAPI Interface of the ISDN CAPI
implementation could result in an out-of-bounds access. A privileged
local user could use this flaw to cause a denial-of-service or execute
arbitrary code.

* CVE-2021-42739: Buffer overflow in FireDTV firewire DVB receiver driver.

The FireDTV firewire DVB receiver driver contains a buffer overflow when
processing a Program Map Table entry. A malicious device might exploit
this to overwrite memory and cause a denial-of-service.

* Note: Oracle has determined that CVE-2021-43056 is not applicable.

Oracle has determined that CVE-2021-43056 is not applicable to x86.
Applying the patch has no resulting changes in the generated object
files.

* CVE-2021-4149: Denial-of-service in BTRFS file system.

An improper locking flaw in BTRFS file system during error handling
could lead to a deadlock condition. A local user could use this flaw
to cause a denial-of-service.

* Note: Oracle will not be providing an update for CVE-2021-44733.

A race condition flaw could happen in a Trusted Execution Environment
(TEE) during an attempt to free a shared memory object leading to
a use-after-free.

According to our audits most customers are not affected by this
vulnerability because they are not using the TEE kernel module.

Orabug: 33739582

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.