[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2023-12394)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Jul 11 10:08:27 UTC 2023
Synopsis: ELSA-2023-12394 can now be patched using Ksplice
CVEs: CVE-2022-1679 CVE-2022-4744 CVE-2023-0590 CVE-2023-1076 CVE-2023-1077 CVE-2023-1079 CVE-2023-1118 CVE-2023-1670 CVE-2023-1855 CVE-2023-1859 CVE-2023-1989 CVE-2023-1990 CVE-2023-2194 CVE-2023-2248 CVE-2023-25012 CVE-2023-2513 CVE-2023-28466 CVE-2023-2985 CVE-2023-30456 CVE-2023-30772 CVE-2023-3220 CVE-2023-32233 CVE-2023-33203
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12394.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12394.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2023-1077: Memory Corruption in Real-Time Scheduling Class.
Incorrect error checking logic in the Real-Time Scheduling Class can lead to
memory corruption. This can allow a local user to cause denial-of-service or
escalate privileges.
* CVE-2023-1118: Use-after-free in ENE eHome Receiver/Transceiver driver.
A logic error in the ENE integrated infrared receiver/transceiver leads
to a use-after-free. A local user can use this flaw to cause
denial-of-service or escalate privileges.
* CVE-2023-28466: Race condition in Transport Layer Security subsystem.
A race condition in the Transport Layer Security (TLS) subsystem between
getsockopt() and setsockopt() operations can lead to use-after-free or null
dereference. This can allow a local user to cause denial-of-service.
* CVE-2023-1989: Use-after free in Bluetooth SDIO driver.
A race condition in the Bluetooth SDIO driver's device removal path can
lead to a use-after-free scenario. This flaw could be exploited by a
malicious local user to cause a denial-of-service or other undefined
behavior.
* CVE-2022-4744: Privilege escalation in TUN/TAP device driver.
A flaw in the TUN/TAP device driver when freing a device could result in
a double-free. A local user could use this flaw for denial-of-service or
privilege escalation.
* CVE-2023-2248: Out-of-bounds memory access in sch_qfq driver.
An arithmetic error in the sch_qfq driver can lead to an out-of-bounds
memory access. A local attacker could exploit this flaw to leak
sensitive information or to cause other undefined behavior.
* CVE-2023-2513: Use-after-free during XFS extended attribute operations.
A logic error when setting certain extended attributes on an XFS
filesystem can result in a use-after-free scenario. This flaw could be
exploited by a malicious local attacker to cause a denial-of-service or
to aid in another type of attack.
* CVE-2023-32233: Use-after-free in Netfilter nf_tables packet classification framework.
Incorrect handling of anonymous sets in the Netfilter nf_tables packet
classification framework can lead to a use-after-free. This can allow a
local unprivileged user to perform arbitrary access to kernel memory and
escalate privileges.
Orabug: 35382084
* Note: Oracle will not provide a zero-downtime update for CVE-2023-1670.
Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.
CVE-2023-1670: Use-after free in Xircom PCMCIA ethernet driver.
A race condition when attempting to unload the Xircom ethernet driver
can lead to a use-after-free. This flaw could be exploited by a local
attacker to cause a denial-of-service or to escalate their privileges.
* Note: Oracle will not provide a zero-downtime update for CVE-2022-1679.
Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.
CVE-2022-1679: Use-after-free in Atheros ath9k wireless device driver.
Improper handling of some error conditions in Atheros ath9k wireless
device driver could lead to a use-after-free. A local user could use
this flaw to cause a denial of service or execute arbitrary code.
* Note: Oracle will not provide a zero-downtime update for CVE-2023-25012.
Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.
CVE-2023-25012: Use-after-free in HID driver for BigBen Interactive Kids' gamepad.
Insufficient locking in the bigben HID driver can allow a malicious USB
device which advertises itself as a BigBen device to trigger a
use-after-free. This may allow a local user to cause memory corruption.
* Note: Oracle will not provide a zero-downtime update for CVE-2023-2985.
Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.
CVE-2023-2985: Use-after-free in Apple Extended HFS file system support.
A flaw in HFS+ may lead to a use-after-free. A local user could use this
to cause a denial-of-service.
* Note: Oracle will not provide a zero-downtime update for CVE-2023-1859.
Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.
CVE-2023-1859: Use-after-free in Plan 9 Resource Sharing Xen Support.
A race condition in 9P Xen Support when removing the driver can lead to
a use-after-free. A local user could use this flaw to cause a denial of
service or elevate privileges on the system.
* CVE-2023-30456: Privilege escalation in Intel VMX subsystem for KVM.
Insufficient checking in Intel VMX system for KVM can allow a nested guest
to control values in the virtual machine control structure. This can allow a
local user to escalate privileges.
Orabug: 35278212
* CVE-2023-1079: Use-after-free in HID driver for Asus notebook built-in keyboard.
Insufficient locking the HID driver for Asus notebook built-in keyboard can
allow a malicious USB device which advertises itself as an Asus device to
trigger a use-after-free. This may allow a local user to cause memory
corruption.
* CVE-2023-1076: Permission bypass in tun/tap sockets.
Incorrect initialization in the tun/tap socket code could allow sockets
to be treated incorrectly in filtering and routing decisions. This could
allow bypassing of network filters.
* Note: Oracle will not provide a zero-downtime update for CVE-2023-1990.
Oracle has determined that the vulnerability does not affect a
running system.
* CVE-2023-1855: Use-after-free in APM X-Gene SoC hardware monitoring driver.
A logic error in the APM X-Gene SoC hardware monitoring driver leads to a
use-after-free. A local user can use this flaw to cause denial-of-service or
leak information.
* Note: Oracle will not provide a zero-downtime update for CVE-2023-30772.
Oracle has determined that the vulnerability does not affect a
running system.
* CVE-2023-33203: Use-after-free in Qualcomm EMAC Gigabit Ethernet Driver.
Incorrect cleanup logic in the Qualcomm Ethernet Media Access Controller
(EMAC) Driver can cause a use-after-free when an emac based device is
removed. This can allow a user with physical access to escalate privileges
or cause undefined behavior.
* CVE-2023-2194: Insufficient input validation in APM X-Gene SoC I2C SLIMpro.
Insufficient user input validation in the APM X-Gene SoC I2C SLIMpro device
driver could allow writing beyond the end of a buffer. This could allow a
local privileged user to crash the system or execute incorrect code.
* CVE-2023-0590: Use-after-free in network scheduler.
A race condition in net scheduler when dropping the reference of a queue
discipline object in qdisc_graft() may lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service.
* Allow accessing block trace files under lockdown mode.
The blktrace tool was not working in lockdown mode due to access prevention
of the debugfs blktrace trace files.
Orabug: 35262590
* Deadlock in the XFS filesystem when allocating an Allocation Group Free List.
A logic error in the XFS filesystem when allocating AGFLs could lead to a
deadlock. A local, unprivileged user could use this flaw to cause a
denial-of-service.
Orabug: 35475138
* CVE-2023-3220: Denial-of-service in the Snapdragon GPU driver.
A missing NULL pointer check in the Snapdragon GPU driver after allocating
a plane state structure could lead to a NULL pointer dereference. A local
user could use this flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list