[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2022-9870)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Oct 19 21:57:11 UTC 2022
Synopsis: ELSA-2022-9870 can now be patched using Ksplice
CVEs: CVE-2022-3028 CVE-2022-36123
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9870.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2022-3028: Out-of-bounds memory access in IP framework XFRM subsystem.
A race condition can occur when multiple calls to the same function
in the IP framework can lead to a race condition, and subsequent
out-of-bounds memory accesses. A local attacker could exploit this flaw
to leak kernel memory, or make arbitrary writes to kernel memory.
* Reset CR4 during kexec load.
A failure to reset the CR4 register when kexec loads a new kernel can
lead to kexec boot failures.
* Note: Oracle will not be providing an update for CVE-2022-36123.
This CVE is only applicable at boot time, so by the time Ksplice live updates
are applied, the relevant code has already ran.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata