[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (OVMSA-2023-0018)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Aug 8 15:11:00 UTC 2023 

Synopsis: OVMSA-2023-0018 can now be patched using Ksplice
CVEs: CVE-2022-41218 CVE-2023-1380 CVE-2023-3090 CVE-2023-31084 CVE-2023-3141 CVE-2023-3161 CVE-2023-35824

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle VM Security Fix Advisory, OVMSA-2023-0018.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-3161: Denial-of-service when setting font size.

A missing check when setting font size when using framebuffer could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 35493679


* CVE-2023-3141: Use-after-free in the r592 driver's device removal path.

A race condition can occur when removing an r592 device that can lead to
a use-after-free.  This flaw could be exploited by a local attacker to
cause a denial-of-service, or to leak sensitive information from kernel
memory.

Orabug: 35514146


* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.

A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack.  This flaw could be exploited a
local attack to cause a denial of service, or other undefined behavior.

Orabug: 35550146


* CVE-2023-35824: Use-after-free during dm1105 device removal.

A race condition in the dm1105 driver's device removal path can result
in a use-after-free.  This flaw could be exploited by a local attacker
to cause a denial-of-service or other unexpected behavior.

Orabug: 35514108


* CVE-2023-31084: Potential deadlock during DVB driver event processing.

An incorrect use of a semaphore can potentially cause a deadlock in the
DVB core driver.  This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.

Orabug: 35477742


* CVE-2023-1380: Out-of-bounds read in Broadcom 802.11 Networking Device Driver.

Out-of-bounds read exists in the Broadcom 802.11 Networking Device Driver. This
can lead to a denial-of-service.

Orabug: 35250538


* CVE-2022-41218: Use-after-free in dvb-core device release path.

Improper locking during device release operations can lead to a
use-after-free error in the dvb-core driver.  This bug could be
exploited by a malicious local attack to cause a denial-of-service or to
escalate privileges.

Orabug: 34820632

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list