[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELBA-2023-12794)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Oct 3 19:52:35 UTC 2023
Synopsis: ELBA-2023-12794 can now be patched using Ksplice
CVEs: CVE-2022-0185 CVE-2022-0847 CVE-2022-40982 CVE-2022-48502
CVE-2023-21400 CVE-2023-22024 CVE-2023-31248 CVE-2023-34319
CVE-2023-35001 CVE-2023-3611 CVE-2023-3776 CVE-2023-3777 CVE-2023-3863
CVE-2023-3995 CVE-2023-4004 CVE-2023-4015 CVE-2023-4132
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2023-12794.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2023-12794.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2023-22024: Permission bypass in Reliable Datagram Sockets.
A locking error in the Reliable Datagram Sockets protocol could lead to an
out-of-bounds access. A local attacker could use this flaw to escalate
privilege.
Orabug: 35713695
* Note: Oracle has determined that CVE-2023-3863 is not applicable.
A use-after-free in NFC subsystem could allow a local attacker to leak
information about the running kernel.
The kernel is not affected by CVE-2023-3863 since the code under
consideration is not compiled.
* CVE-2023-21400: Privilege escalation in io_uring due to improper locking.
Missing locking when queueing io_uring functions might result in kernel
memory corruption. This can be exploited to execute arbitrary code in
the kernel.
* CVE-2023-4132: Use-after-free in Siano MDTV receiver driver.
A logic error in the smsusb driver can lead to a use-after-free
scenario. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.
* CVE-2023-31248: Use-after-free in Netfilter nf_tables packet
classification framework.
A missing sanity check in netfilter nf_tables when looking up a deleted
chain by its ID may lead to a use-after-free. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.
* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables
packet classification framework.
A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.
* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount
error.
Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a
denial-of-service.
* CVE-2023-3611: Privilege escalation in QFQ scheduler.
A buffer overrun when configuring the Quick Fair Queue scheduler might
allow a user to overwrite kernel memory, potentially allowing them to
execute arbitrary code.
* Note: Oracle has determined that CVE-2022-48502 is not applicable.
Missing correctness checks in NTFS3 while reading from disk may lead to
an out-of-bounds memory read. An attacker with physical access to an
NTFS3 volume attached to the system may use this flaw for a
denial-of-service or disclosure of sensitive information.
The kernel is not affected by CVE-2022-48502 since the code under
consideration is not compiled.
* CVE-2023-4004: Privilege escalation in netfilter PIPAPO.
A use-after-free when removing a policy from the netfilter Pile Packet
Policies subsystem might result in a denial-of-service or arbitrary code
execution.
* CVE-2023-3777: Denial-of-service when flushing netfilter rules tables.
When flushing netfilter rules, bound rule chains are erroneously freed.
A malicious user might exploit this to crash the kernel and cause a
denial-of-service.
* CVE-2023-3995: Netfilter rule chain addition causes DoS.
Missing validation when adding a rule to a bound netfilter rule chain
via NFTA_RULE_CHAIN_ID might result in an invalid operation and system
crash. A malicious user might exploit this to cause a denial-of-service.
* Note: Oracle will not provide a zero-downtime update for CVE-2022-40982.
The fix for this CVE on systems running Oracle UEK7 is a microcode
update for affected CPUs. Customers will need to upgrade the microcode
on affected CPUs in order to mitigate this vulnerability.
* CVE-2023-34319, XSA-432: Buffer overflow in Xen netback driver.
Incorrect logic in the Xen netback driver while handling packets can
lead to a
buffer overflow. An unprivileged guest can cause Denial-of-Service of
the host
network.
* CVE-2023-4015: Use-after-free in Netfilter nf_tables.
Incorrect cleanup in the error path when building Netfilter nf_tables rules
can lead to use-after-free. A local user could use this flaw for
denial-of-service or code execution.
* Updated known exploit detection for CVE-2022-0847.
This update adds known exploit detection for CVE-2022-0847 which has a
public exploit.
* Improved Known exploit detection for CVE-2022-0185.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list