[El-errata] New Ksplice updates for RHCK 9 (ELSA-2023-4377)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Aug 15 17:37:40 UTC 2023 

Synopsis: ELSA-2023-4377 can now be patched using Ksplice
CVEs: CVE-2022-45869 CVE-2023-0458 CVE-2023-1998 CVE-2023-3090 CVE-2023-35788

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-4377.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-4377.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.

A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack.  This flaw could be exploited a
local attack to cause a denial of service, or other undefined behavior.


* CVE-2022-45869: Denial-of-service when using virtualization with TDP MMU.

A locking error when using nested virtualization with TDP MMU enabled
could lead to a race condition. An attacker from a guest could use this
flaw to cause a denial-of-service.


* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.

Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.


* CVE-2023-1998: Information disclosure due to disabled Single Thread Indirect Branch Predictors.

With legacy Indirect Branch Restricted Speculation (IBRS), Single Thread
Indirect Branch Predictors (STIBP) was incorrectly determined to be not
needed. This could allow cross-thread branch target injection and
information disclosure.


* CVE-2023-0458: Information leak in system calls to get and set resource limits.

A flaw in the do_prlimit() function, which is invoked by a number of system
calls to get and set resource limits, could be used to leak kernel memory
as part of a side-channel attack (such as MDS).

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list