[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELBA-2023-12740)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Sep 7 15:06:52 UTC 2023
Synopsis: ELBA-2023-12740 can now be patched using Ksplice
CVEs: CVE-2023-1829 CVE-2023-2124 CVE-2023-31084 CVE-2023-3111 CVE-2023-35788 CVE-2023-3609
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2023-12740.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2023-12740.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service on KVM SVM guests when writing MSRs.
A new AMD microcode enables an extra bit to be written to in an MSR. A
guest running on an AMD processor should be able to write to that bit
without being killed.
* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.
Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.
* CVE-2023-31084: Potential deadlock during DVB driver event processing.
An incorrect use of a semaphore can potentially cause a deadlock in the
DVB core driver. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.
* CVE-2023-3111: Use-after-free in the Btrfs filesystem when a transaction fails.
An incorrect error handling logic in the Btrfs filesystem when a
transaction fails could lead to a use-after-free. An attacker could use
this flaw to cause a denial-of-service or potentially escalate its
privileges.
* CVE-2023-2124: Denial-of-service in XFS file system during image restoration.
Insufficient checks in XFS during image restoration after a failure
with a dirty log journal can lead to out-of-bounds memory access flaw.
A local attacker can use this flaw to cause denial-of-service or to
escalate their privileges.
* CVE-2023-3609: Privilege escalation in U32 network packet classifier.
Incorrect reference counter handling in the network packet scheduler when
classifying using Universal 32-bit comparisons with hashing can lead to
use-after-free. This can allow a local user to trigger privilege escalation.
* CVE-2023-1829: Use-after-free in traffic control index filter.
A flaw in tcindex when deactivating filters can lead to a double-free. A
local attacker could use this flaw to cause a denial-of-service or
elevate privileges on the system.
This update prevents the cls_tcindex module from being loaded. In order
to force the module to load, the parameter 'force=1' can be passed in at
module load time. For example:
modprobe cls_tcindex force=1
Orabug: 35724249, 35616810
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list