[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2024-12270)

Thu Apr 25 16:48:28 UTC 2024

Synopsis: ELSA-2024-12270 can now be patched using Ksplice
CVEs: CVE-2023-52340 CVE-2023-52436 CVE-2023-52439 CVE-2023-52443 CVE-2023-52444 CVE-2023-52445 CVE-2023-52449 CVE-2023-52451 CVE-2023-52464 CVE-2023-52469 CVE-2023-52470 CVE-2023-52609 CVE-2023-52612 CVE-2023-6040 CVE-2024-26633

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12270.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12270.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-6040: Privilege escalation in Netfilter.

The Netfilter subsystem did not properly validate network family
support while creating a new Netfilter table. A local attacker
could use this flaw to cause a denial-of-service or potentially
escalate privileges.

* CVE-2023-52439: Use-after-free and double-free in Userspace IO.

A race between open and unregister functions will lead to a
use-after-free and a double-free. A local attacker can exploit this
flaw to cause denial-of-service or aid in other type of attacks.

* CVE-2023-52449: Denial-of-service in Memory Technology Device layer.

Incorrect handling of unsorted block images after creating
a partition in the memory technology device layer can lead
to a null-pointer dereference. A local attacker can exploit
this flaw to cause denial-of-service.

* CVE-2023-52445: Use-after-free in Hauppauge WinTV-PVR USB2 driver.

Disconnecting a context in pvrusb2 driver can lead to a use-after-free
error. A local attacker can exploit this flaw to cause a privilege
escalation or denial-of-service.

* CVE-2023-52470: Denial-of-service in AMD Radeon display driver.

Allocation of scanout buffers for AMD Radeon GPUs can lead to a
null-pointer dereference. A local attacker can exploit this flaw
to cause denial-of-service.

* Note: Oracle has determined that CVE-2023-52464 is not applicable.

A logic error when using Cavium ThunderX EDAC could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.

The kernel is not affected by CVE-2023-52464 since the code under
consideration is not compiled.

* CVE-2024-26633: Denial-of-service when using IP-in-IPv6 tunnel driver.

A logic error when using IP-in-IPv6 tunnel driver could lead to an
uninitialized memory access. A local attacker could use this flaw to
cause a denial-of-service.

* Note: Oracle has determined that CVE-2023-52436 is not applicable.

In F2FS filesystem, the xattr list was not null-terminated explicitly,
leading to a possible out-of-bounds access A local attacker can exploit
this flaw to extract sensitive information from the kernel memory, or
cause denial-of-service.

The kernel is not affected by CVE-2023-52436 since the code under
consideration is not compiled (entire filesystem is not compiled).

* Note: Oracle has determined that CVE-2023-52444 is not applicable.

A logic error in f2fs filesystem could lead to an information leak or a
corrupted filesystem.

The kernel is not affected by CVE-2023-52444 since the code under
consideration is not compiled.

* Note: Oracle has determined that CVE-2023-52609 is not applicable.

A logic error when using Android binder could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.

The kernel is not affected by CVE-2023-52609 since the code under
consideration is not compiled.

* Note: Oracle has determined that CVE-2023-52612 is not applicable.

A logic error when using cryptographic synchronous compression
operations could lead to a buffer overflow. A local attacker could use
this flaw to cause a denial-of-service or escalate privileges.

The kernel is not affected by CVE-2023-52612 since the commit
introducing the issue is not present.

* Note: Oracle has determined that CVE-2023-52443 is not applicable.

An empty profile name for an AppArmor profile leads to a null-pointer
dereference. A local attacker may exploit this flaw to cause
denial-of-service.

The kernel is not affected by CVE-2023-52443 since the code under
consideration is not compiled (AppArmor is disabled).

* Note: Oracle has determined that CVE-2023-52469 is not applicable.

A race in the power management code of the AMDGPU driver for CIK ASICs
can lead to a use-after-free error. A local attacker can exploit this
flaw to cause denial-of-service or aid in other types of attacks.

The kernel is not affected by CVE-2023-52469 since the code under
consideration is not compiled (CIK support is not enabled).

* Note: Oracle has determined that CVE-2023-52451 is not applicable.

While doing a memory lookup for the powerpc pseries platform, an
out-of-bounds access is possible. A local attacker could exploit
this flaw to extract sensitive information from the kernel memory
or cause denial-of-service.

The kernel is not affected by CVE-2023-52451 since the code under
consideration is not compiled.

* CVE-2023-52340: Uncontrolled resource consumption in IPv6 stack.

ICMPv6 "Package Too Big" response from the remote receiver causes the
the routing table being cloned for each such packet transmission, which
can increase the table size to more than a set low threshold for the
garbage collector. Continuous reception of messages will starve the CPU
such that a remote attacker can exploit this to cause denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.