[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2023-12226)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Apr 18 14:43:54 UTC 2023 

Synopsis: ELSA-2023-12226 can now be patched using Ksplice
CVEs: CVE-2022-2196 CVE-2022-27672 CVE-2022-3707 CVE-2023-1281 
CVE-2023-1513 CVE-2023-20938 CVE-2023-26545

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12226.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12226.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-2196: Information leak in Kernel-based Virtual Machine.

A flaw in KVM due to a missing flush of indirect branch predictors
at VM-exit time may result in a leak of information.
A nested guest VM (L2) may use this flaw to perform Spectre v2 attacks
on L1 guest VMs.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-20938.

Oracle has determined that the vulnerability does not affect a
running system.

Lack of input validation in the Android Binder driver when releasing a
transaction buffer could lead to a user-after-free.  A local unprivileged
user could use this flaw to cause a denial-of-service or elevate its
privileges.


* CVE-2022-3707: Double-free in Intel GVT-g graphics driver.

Incorrect error handling in the Intel GVT-g graphics driver can lead to a
double free. This can allow a local user to cause denial-of-service.


* CVE-2023-1513: Information leak in KVM ioctl.

Incomplete initialization of structure returned to user during KVM's
KVM_GET_DEBUGREGS ioctl can lead to information leak. This can allow a local
user to access to privileged data.


* CVE-2023-26545: Stale pointer in MultiProtocol Label Switching subsystem.

Incorrect error handling in the MultiProtocol Label Switching subsystem
(MPLS) during the renaming of a device can lead to double free. This could
allow a local user to write to arbitrary memory locations or cause
denial-of-service.


* CVE-2023-1281: Use-after-free in Packet Classifier based on Traffic 
Control Indices.

The imperfect hash area in the traffic control index filter can be
updated while packets are traversing which can lead to a use-after-free.
A local attacker can use this to escalate privileges.


* Incorrect initialization in BTRFS's zlib compression.

Incorrect initialization in BTRFS zlib compression implementation can
lead to use of uninitialized memory.  This can lead to leak of
privileged information or denial-of-service.


* CVE-2022-27672: Information disclosure due to Cross-Thread Return 
Address Predictions.

When SMT (simultaneous multithreading) is enabled, certain AMD processors
may speculative execute instructions using a target from the sibling thread.
This can potentially lead to information disclosure.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list