[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2023-12116)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 23 22:32:38 UTC 2023 

Synopsis: ELSA-2023-12116 can now be patched using Ksplice CVEs:
CVE-2019-19082 CVE-2022-2873 CVE-2022-3344 CVE-2022-3424 CVE-2022-3435
CVE-2022-3545 CVE-2022-3606 CVE-2022-3643 CVE-2022-4139 CVE-2022-42328
CVE-2022-42329 CVE-2022-45869 CVE-2022-45934 CVE-2022-47518 CVE-2023-0179

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12116.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12116.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-4139: Information disclosure in Intel HD Graphics Driver.

A flaw in Intel HD Graphics Driver when flushing translation lookaside
buffers could allow access to physical memory which might be already
assigned to a different process. A local user could use this flaw for
denial-of-service or information disclosure.


* Note: Oracle will not provide a zero-downtime update for XSA-423, XSA-424, CVE-2022-3643, CVE-2022-42328, CVE-2022-42329.

Oracle has determined that live patching XSA-423, XSA-424 on a
running system would not be safe. A flaw in the Xen PV network backend
(netback) when handling packets with malformed protocol headers can lead
to a crash. An unprivileged guest can cause a denial-of-service of the
host by sending malformed network packets to the backend.  Hosts not
using Xen or PV drivers are not affected.
Oracle recommends a reboot to mitigate these issues if the host is affected.


* CVE-2019-19082: Memory leak when creating memory pool in AMD Display driver.

A missing free of resources when creating memory pools in AMD Display
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2022-45934: Denial-of-Service in Bluetooth L2CAP.

An integer overflow flaw in Bluetooth L2CAP when sending L2CAP
configuration request packets could result in a system crash. A local
user could use this flaw to cause a denial-of-service.


* CVE-2023-0179: Denial-of-service when handling VLAN headers.

A logic error in the handling of VLAN headers in netfilter could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service or execute arbitrary code.

Orabug: 34978152


* CVE-2022-2873: Out-of-bounds memory access in iSMT.

A missing sanity check for a user controlled value in the Intel's iSMT
SMBus host controller driver when processing an SMBus command may lead
to a memory corruption by writing past the end of a buffer. A local
user could use this flaw for denial-of-service or code execution.


* CVE-2022-3424: Denial-of-service in SGI GRU driver.

A logic error when using SGI GRU driver could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2022-3435: Information disclosure in IPv4.

A flaw in ioctls of IPv4 could result in out-of-bounds read access.
A local user could use this flaw for information disclosure.


* CVE-2022-45869: Denial-of-service when using virtualization with TDP MMU.

A locking error when using nested virtualization with TDP MMU enabled
could lead to a race condition. An attacker from a guest could use this
flaw to cause a denial-of-service.


* CVE-2022-3344: Denial-of-service when allowing nested virtualization on AMD.

A logic error when handling nested guests from the hypervisor could lead
to a page fault on AMD. A guest attacker could use this flaw to cause a denial-
of-service.


* CVE-2022-3545: Use-after-free in Netronome Flow Processor Ethernet driver.

A logic flaw in error handling in Netronome Flow Processor Ethernet
driver could result in a use-after-free. A local attacker could use this
flaw for a denial-of-service or code execution.


* Note: Oracle will not provide a zero-downtime update for CVE-2022-47518.

The kernel is not affected by CVE-2022-47518 since the code under
consideration is not compiled.


* Note: Oracle will not provide a zero-downtime update for CVE-2022-3606.

The kernel is not affected by CVE-2022-3606 since the code under
consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list