[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2023-12588)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Jul 31 16:11:02 UTC 2023 

Synopsis: ELSA-2023-12588 can now be patched using Ksplice
CVEs: CVE-2022-1015 CVE-2022-34918 CVE-2022-39189 CVE-2023-1380 CVE-2023-2002 CVE-2023-2269 CVE-2023-3090 CVE-2023-3141 CVE-2023-3268 CVE-2023-34256 CVE-2023-35823 CVE-2023-35824

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12588.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12588.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-1380: Out-of-bounds read in Broadcom 802.11 Networking Device Driver.

Out-of-bounds read exists in the Broadcom 802.11 Networking Device Driver. This
can lead to a denial-of-service.


* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.

An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted.  This can allow
escalation of privileges, denial-of-service and information leak.


* CVE-2023-35824: Use-after-free during dm1105 device removal.

A race condition in the dm1105 driver's device removal path can result
in a use-after-free.  This flaw could be exploited by a local attacker
to cause a denial-of-service or other unexpected behavior.


* CVE-2023-2269: Denial-of-service in Device Mapper-Multipathing subsystem.

A possible recursive locking scenario in Linux Kernel Device Mapper
Multipathing subsystem can lead to a deadlock. A local user can use
this flaw to cause denial of service.


* CVE-2023-34256: Out-of-bounds read in ext4 checksum handling.

An arithmetic error in a checksum generation routine in the ext4 driver
can lead to an out-of-bounds read.  This flaw could be exploited by a
malicious local user to leak sensitive information or to aid in another
type of attack.


* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.

A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack.  This flaw could be exploited a
local attack to cause a denial of service, or other undefined behavior.


* CVE-2023-3141: Use-after-free in the r592 driver's device removal path.

A race condition can occur when removing an r592 device that can lead to
a use-after-free.  This flaw could be exploited by a local attacker to
cause a denial-of-service, or to leak sensitive information from kernel
memory.


* CVE-2023-35823: Use-after-free in Philips SAA7134 TV card driver.

Incorrect cleanup logic in the saa7134 driver can cause a use-after-free
when the device is removed. This can allow a user with physical access
to escalate privileges or cause undefined behavior.


* CVE-2022-1015: Out-of-bounds access in the Netfilter subsystem.

Inadequate validation of user register indices in the Netfilter
subsystem could lead to an out-of-bounds access. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.


* CVE-2022-34918: Privilege escalation in Netfilter subsystem.

A type mismatch flaw in Netfilter subsystem when adding a new element to
NFT table could result in a buffer overflow. A local user could use this
flaw to escalate privileges.


* CVE-2023-3268: Out-of-bounds memory access in kernel-userspace relay file support.

An out-of-bounds memory access error exists in the kernel->userspace relay
support. This could allow a local attacker to crash the system or leak
kernel internal information.


* CVE-2022-39189: Privilege escalation in Kernel-based Virtual Machine.

A flaw in KVM instruction emulation could allow unprivileged guest
userspace access to guest kernel memory through stale TLB translations.
An unprivileged guest user could use this flaw to cause a
denial-of-service or gain arbitrary code execution in a guest VM.


* Memory leak in the RDMA resource tracking when deleting an object.

An early return when deleting an object from the RDMA resource tracking
database causes a memory leak of the corresponding task structure.  An
attacker could use this flaw to cause a denial-of-service.

Orabug: 35622154

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list