[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2022-9689)

Tue Sep 27 20:18:08 UTC 2022

Synopsis: ELSA-2022-9689 can now be patched using Ksplice
CVEs: CVE-2021-4034 CVE-2022-0168 CVE-2022-0500 CVE-2022-0854 
CVE-2022-1012 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 
CVE-2022-1205 CVE-2022-1516 CVE-2022-1651 CVE-2022-1671 CVE-2022-1734 
CVE-2022-1943 CVE-2022-1974 CVE-2022-1975 CVE-2022-20368 CVE-2022-20369 
CVE-2022-21385 CVE-2022-2153 CVE-2022-2380 CVE-2022-24448 CVE-2022-2588 
CVE-2022-2639 CVE-2022-26490 CVE-2022-28356 CVE-2022-28389 
CVE-2022-28893 CVE-2022-29581 CVE-2022-30594 CVE-2022-3078 
CVE-2022-32250 CVE-2022-32296 CVE-2022-33981

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9689.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2022-9689.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Note: Oracle has determined that CVE-2022-1516 is not applicable.

A flaw in the X.25 network protocol when handling link layer events
could result in NULL pointer dereference. A local user could use this
flaw for a denial-of-service.

The kernel is not affected by CVE-2022-1516 since the code under
consideration is not compiled.

* CVE-2022-33981: Denial-of-service in Floppy Disk support.

A logic flaw in ioctls of Floppy Disk support could result in
use-after-free. A local user could use this flaw for a
denial-of-service.

* CVE-2022-32250: Code execution in Netfilter due to use-after-free.

A flaw in nftables API of the Netfilter subsystem when removing stateful
expressions could result in a use-after-free. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.

Orabug: 34247340

* Denial-of-service whilst bring up paravirtualized Xen CPUs.

A logic error whilst initializing paravirtualized Xen CPUS may lead to
a BUG being triggered. This may lead to a denial-of-service.

Orabug: 34271922

* CVE-2022-28893: Use-after-free in SUN RPC subsystem.

A logic flaw in SUN Remote Procedure Call subsystem when closing
a socket could lead to a use-after-free. A local user could use this
flaw for a denial-of-service or code execution.

Orabug: 34064432

* CVE-2022-2588: Use-after-free in IP Route Classifier.

A logic flaw in IP Route Classifier subsystem in some cases when
replacing a route filter could lead to a use-after-free. A local user
could use this flaw for denial-of-service or privilege escalation.

Orabug: 34460936

* Note: Oracle has determined that CVE-2022-1974 is not applicable.

Unregistering an NFC device is racey due to improper logic checking
whether device shutdown is in progress. A malicious local user might
exploit this to cause a denial-of-service.

The kernel is not affected by CVE-2022-1974 since the code under
consideration is not compiled.

* Note: Oracle has determined that CVE-2022-28356 is not applicable.

A reference counting flaw in socket binding of the 802.2 LLC type 2
driver could happen in some error conditions. A local user could use
this flaw to cause a denial-of-service.

The kernel is not affected by CVE-2022-28356 since the code under
consideration is not compiled.

* Note: Oracle has determined that CVE-2022-1975 is not applicable.

Incorrect allocation flags when downloading new NFC firmware to a device
might result in the kernel sleeping in an atomic context, resulting in a
potential deadlock or denial-of-service.

The kernel is not affected by CVE-2022-1975 since the code under
consideration is not compiled.

* Denial-of-service during internal data structure garbage collection.

A logic error in the associative array libraries garbage collection
routine may cause a BUG_ON.  This may cause a denial-of-service.

Orabug: 34162062

* Note: Oracle has determined that CVE-2022-1198 is not applicable.

A logic flaw in the Serial port 6PACK driver when closing the device
could lead to a use-after-free. A local user could use this flaw for
denial-of-service or code execution.

The kernel is not affected by CVE-2022-1198 since the code under
consideration is not compiled.

* CVE-2022-30594: Privilege escalation in Process Trace.

Lack of validation of the ptrace flags when seizing a process through
ptrace could be used to disable a seccomp jail. A local, unprivileged
user could use this flaw to evade a seccomp jail and elevate their
privileges.

Orabug: 34223453

* Note: Oracle has determined that CVE-2022-26490 is not applicable.

A missing error check in connectivity event handling of the ST21NFCA
NFC driver could result in a buffer overflow. Oracle has determined that
the kernel is not vulnerable as the code in question is not compiled.

* CVE-2022-29581: Privilege escalation in Traffic Control subsystem.

Improper reference counting flaw in the universal 32-bit pieces based
comparison scheme for packet classification of Traffic Control subsystem
could lead to a use-after-free. A local user could use this flaw for
privilege escalation.

* Note: Oracle has determined that CVE-2022-1734 is not applicable.

A logic flaw in synchronization between firmware download and device
cleanup in the Marvell NFC device driver could lead to a use-after-free.
A local user could use this flaw to cause a denial-of-service or execute
arbitrary code.

The kernel is not affected by CVE-2022-1734 since the code under
consideration is not compiled.

* CVE-2022-2153: Denial-of-service in Kernel-based Virtual Machine.

A logic flaw in Kernel-based Virtual Machine in some cases when KVM
initializes a vCPU without creating APIC could result in NULL pointer
dereference. A local user could use this flaw for a denial-of-service.

* Note: Oracle has determined that CVE-2022-1195 is not applicable.

Improper detach events handling in Serial port 6PACK driver when
detaching mkiss or sixpack device could result in a use-after-free.
A local user could use this flaw for a denial-of-service.

The kernel is not affected by CVE-2022-1195 since the code under
consideration is not compiled.

* CVE-2021-4034: Prevent empty argument list when executing processes.

Incorrect input validation in the pkexec program (part of Polkit) allows
any local user to become root.

* Note: Oracle has determined that CVE-2022-2380 is not applicable.

A flaw in the Silicon Motion SM712 Framebuffer driver when reading from
the framebuffer could result in a system crash. A local user could use
this flaw for a denial-of-service.

The kernel is not affected by CVE-2022-2380 since the code under
consideration is not compiled.

* Out-of-bounds read access in NetLabel subsystem when mapping a label.

A logic flaw in bitmap implementation of NetLabel subsystem could
result in out-of-bounds read access when mapping a label. A local user
could use this flaw for denial-of-service or information disclosure.

* Note: Oracle has determined that CVE-2022-28389 is not applicable.

A flaw in error handling of Microchip CAN BUS Analyzer interface could
lead to a double-free. A local user could use this flaw to cause
a denial-of-service or code execution.

The kernel is not affected by CVE-2022-28389 since the code under
consideration is not compiled.

* CVE-2022-1943: Out-of-bounds write in the UDF file system.

An out-of-bounds memory write exists in the UDF file system in the way a
user triggers certain file operations. A local user could use this flaw
to cause denial-of-service or privilege escalation.

* CVE-2022-2639: Out-of-bounds access in Open vSwitch Ethernet switch 
driver.

A logic flaw in the Open vSwitch driver code can lead to an out-of-bound
write. This can potentially be used to cause denial-of-service or
privilege escalation.

* CVE-2022-20368: Out-of-bounds access in the Packet network subsystem.

A logic flaw in the Packet network protocol implementation may allow an
out-of-bounds access of kernel memory. A remote attacker could use this
information to get access to privileged kernel data.

* Note: Oracle will not provide a zero-downtime update for CVE-2022-0500.

A flaw in unrestricted eBPF usage by BPF_BTF_LOAD can lead to
out-of-bounds memory write in the BPF subsystem due to the way a user
loads BTF. This can allow a local user to escalate privileges or cause
denial-of-service.

Unprivileged BPF is controlled by the kernel.unprivileged_bpf_disabled
sysctl and is disabled by default.

Orabug: 34358256

* CVE-2022-0854: Information disclosure in DMA subsystem.

A flaw in the DMA subsystem when creating a mapping for a buffer could
result in a memory leak. A local user could use this flaw for
information disclosure.

* CVE-2022-24448: Information leak when NFSv4 directory lookup fails.

If an open is performed with O_DIRECTORY on a regular file mounted over
NFSv4, the returned file descriptor will be uninitialized, potentially
leaking sensitive kernel information.

* CVE-2022-0168: Denial-of-service in Common Internet File System.

A logic flaw in Common Internet File System (CIFS) in the QUERY_INFO
ioctl leads to incorrect error handling.  This allows a local,
privileged user to cause denial-of-service.

Orabug; 34555016

* Note: Oracle will not provide a zero-downtime update for CVE-2022-1204.