[El-errata] New Ksplice updates for RHCK 7 (ELSA-2022-0620)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Mar 15 17:32:33 UTC 2022
Synopsis: ELSA-2022-0620 can now be patched using Ksplice
CVEs: CVE-2020-0465 CVE-2020-0466 CVE-2021-0920 CVE-2021-3564 CVE-2021-3573 CVE-2021-3752 CVE-2021-4034 CVE-2021-4155 CVE-2022-0330 CVE-2022-22942
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-0620.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2022-0620.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2021-4034: Privilege escalation in pkexec.
Incorrect input validation in the pkexec program (part of Polkit) allows
any local user to become root.
* CVE-2021-4155: Data leak in XFS filesystem.
The XFS filesystem does not correctly initialize certain data blocks. This
could allow data leaks to unprivileged users.
* CVE-2021-3573: Code execution in the bluetooth subsystem due to use-after-free.
Improper handling of HCI device detach events in the bluetooth subsystem
could leading to a use-after-free. A local user could use this flaw to
cause a denial of service or possibly execute arbitrary code.
* CVE-2020-0465: Out-of-bounds writes in the USB HID stack.
Lack of untrusted input validation in the USB HID stack could lead to an
out-of-bounds memory write. Untrusted HID devices could use this flaw to
cause a denial-of-service or potentially get kernel execution.
* CVE-2021-3564: Denial-of-service in bluetooth subsystem.
An ordering issue whilst handling data flushes may lead to a
double-free. This could allow a local attacker to cause a
denial-of-service.
* CVE-2021-0920: Privilege escalation in BSD Unix domain sockets.
Lack of synchonization in BSD Unix domain sockets module could result
in a use after free error. A local user could use this flaw to cause
denial-of-service or priviledges escalation.
* CVE-2020-0466: Use-after-free when creating a new epoll instance.
Lack of reference counting on underlying files used by the epoll subsystem
could lead to a use-after-free if the files are concurrently removed. An
unprivileged user could use this flaw to cause a denial-of-service or
potentially escalate privileges.
* CVE-2022-22942: Use-after-free in VMware Virtual GPU driver.
Improper error handling flaw in VMware Virtual GPU driver could lead
to a stale entry to be left in the file descriptor table resulting in
use-after-free. Unprivileged, local users could use this flaw in order
to gain access to files opened by other processes on the system through
a dangling file pointer and cause information disclosure or privilege
escalation.
* CVE-2021-3752: Use-after-free in the Bluetooth subsystem.
A use-after-free exists in the Bluetooth subsystem in the way a user connects
and disconnects from a socket. A local unprivileged user could use this flaw
to cause a denial-of-service or potentially escalate privileges.
* Note: Oracle will not provide a zero-downtime update for CVE-2022-0330.
Oracle has determined that patching CVE-2022-0330 on a running system would not
be safe. The issue occurs only if a local user has privileges to access the
i915 Intel GPU and the user is running malicious code on it. Oracle recommends
a reboot to mitigate these issues if the host is affected.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list