[El-errata] New Ksplice updates for RHCK 9 (ELSA-2024-1248)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Apr 22 10:24:44 UTC 2024 

Synopsis: ELSA-2024-1248 can now be patched using Ksplice
CVEs: CVE-2023-4244 CVE-2023-4569 CVE-2023-51042 CVE-2023-5197 CVE-2023-52454 CVE-2023-52620 CVE-2023-5717 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6606 CVE-2023-6610 CVE-2023-6817 CVE-2024-0193 CVE-2024-0646

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-1248.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-1248.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Note: Oracle will not provide a zero-downtime update for CVE-2023-4244.

A race condition in the set implementation of nftables between
the control plane and the garbage collection worker could lead to a
use-after-free. A local user with CAP_NET_ADMIN access could use this
flaw to cause a crash or expose sensitive kernel information.

Oracle has determined that patching CVE-2023-4244 on a running system
would not be safe and recommends a reboot.

On workloads that permit it, a temporary mitigation is to disallow
unprivileged users from creating namespaces:

sudo sysctl -w kernel.unprivileged_userns_clone=0


* CVE-2023-6610: Information disclosure in Common Internet File System.

The CIFS network file system implementation did not always
properly validate the server frame size, which could lead to
an out-of-bounds write. A local attacker could use this flaw
to cause a denial-of-service or potentially expose sensitive
information.


* CVE-2023-6606: Information disclosure in Common Internet File System.

The CIFS network file system implementation did not always
properly validate the server frame size, which could lead to
an out-of-bounds write. A local attacker could use this flaw
to cause a denial-of-service or potentially expose sensitive
information.


* CVE-2023-5717: Privilege escalation in the Linux kernel's Performance Events.

A logic error in the Linux kernel's Performance Events could lead to a
heap out-of-bounds write. A local attacker could use this flaw to cause
a denial-of-service or escalate privileges.


* CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-52454: Denial-of-service when using NVMe over TCP.

Incorrect handling of lengths and offsets in fields of TCP packets
by the NVMe driver could lead to a NULL pointer dereference. A remote
attacker could exploit this flaw to cause a denial-of-service by
sending specially-crafted malicious packets.


* CVE-2023-51042: Use-after-free vulnerability in AMD GPU driver.

An incorrect handling of kernel strucures in AMD GPU Linux kernel
can lead to use-after-free vulnerability. The flaw can be used by
a local attacker to cause denial-of-service.


* CVE-2024-0646: Out-of-bounds write in the TLS networking stack.

Incorrect handling of plaintext message buffers during transmission
can lead to an out-of-bounds write. A local attacker can exploit
this flaw to cause denial-of-service or privilege escalation.


* Note: Oracle will not provide a zero-downtime update for CVE-2024-0193.

The Netfilter subsystem did not properly check deactivated elements
in some situations, which could lead to a use-after-free vulnerability.
A local attacker could use this flaw to cause a denial-of-service or
potentially escalate privileges.

The kernel is not affected by CVE-2023-0193.


* CVE-2023-5197: Use-after-free in the netfilter subsystem.

A flaw in nf_tables when adding and removing of rules from chain bindings
within the same transaction may lead to a use-after-free. A local user
could use this flaw for privilege escalation.


* CVE-2023-6817: Privilege escalation in Netfilter.

The Netfilter subsystem did not properly handle inactive elements
in its PIPAPO data structure, which could lead to a use-after-free
vulnerability. A local attacker could use this flaw to cause a
denial-of-service or potentially escalate privileges.


* CVE-2023-4569: Denial-of-service in netfilter nf_tables.

Incorrectly disabled catch-all set elements may result in a memory leak.
An attacker could use this flaw to exhaust the system's memory and
eventually cause a denial-of-service.


* CVE-2023-52620: Resource injection in the netfilter subsystem.

In incorrect parameters validation in netfilter subsystem can
lead to a change of data structures internal to kernel. A local
attacker can use this flaw to cause system instability or as a
leverage in another type of attack.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list