[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2024-12581)

Fri Aug 16 10:41:33 UTC 2024

Synopsis: ELSA-2024-12581 can now be patched using Ksplice
CVEs: CVE-2024-36016 CVE-2024-36286 CVE-2024-36971 CVE-2024-38552 CVE-2024-38558 CVE-2024-38578 CVE-2024-38599 CVE-2024-38618 CVE-2024-38659 CVE-2024-39276 CVE-2024-39488 CVE-2024-39503

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12581.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12581.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2024-36286: Denial-of-service in netfilter subsystem.

Missing read lock in the netfilter subsystem when unbinding a program
from a specific queue could lead to flushing in an incorrect way. A
local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-36971: Remote code execution in TCP/IP networking stack.

A logic error when using TCP/IP networking stack could lead to a use-
after-free. A remote attacker could use this flaw to execute arbitrary
code in kernel mode.

* CVE-2024-38552: Memory corruption in AMD display core driver.

A missing check when using AMD display core driver could lead to a
buffer overflow. A local attacker could use this flaw to cause memory
corruption.

* CVE-2024-38558: Denial-of-service in Open vSwitch driver.

A logic error when using Open vSwitch driver could lead to destination
address being partially zeroed out. A local attacker could use this flaw
to cause a denial-of-service.

* CVE-2024-38578: Information leak in Linux filesystem encryption layer.

A logic error when using Linux filesystem encryption layer could lead to
an out-of-bounds memory write. A local attacker could use this flaw to
extract sensitive information.

* CVE-2024-38599: Disk corruption in JFFS2 filesystem.

A missing check when using JFFS2 filesystem could lead to an out-of-
bounds memory write. A local attacker could use this flaw to cause disk
corruption.

* CVE-2024-38618: Denial-of-service in the core sound subsystem (ALSA).

A missing check in the timer code of the core sound subsystem (ALSA)
could lead to tasks being stalled. A local attacker could use this
flaw to cause a denial-of-service.

* CVE-2024-38659: Information leak in Cisco VIC Ethernet driver.

A missing check when using Cisco VIC Ethernet driver could lead to an
out-of-bounds memory read. A local attacker could use this flaw to
extract sensitive information.

* CVE-2024-39276: Resource leak in ext4 filesystem.

Incorrect reference counting when using ext4 filesystem could lead to a
reference count leak. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-39503: Privilege escalation in netfilter (IP set) subsystem.

A race condition when using netfilter (IP set) subsystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.

* Note: Oracle has determined CVE-2024-36016 is not applicable.

A logic error when using GSM 07.10 tty multiplexor could lead to a
buffer overflow. A local attacker could use this flaw to escalate
privileges.

The exploit for this CVE actually requires attaching to the line
discipline by the unprivileged attacker as the first step, whereas
it should not be allowed without CAP_NET_ADMIN. This vulnerability
bears CVE-2023-52880 whose Ksplice update has already been shipped
for this release class.

Thus, effectively the newer vulnerability (CVE-2024-36016) is also
stopped as the first step is stopped. We should not do unnecessary
modifications to the running kernel. If someone can exploit this
vulnerability, they are already privileged and are in the system.
Thus, Oracle won't ship a Ksplice update for CVE-2024-36016.

* Note: Oracle has determined CVE-2024-39488 is not applicable.

Unaligned bug entry structure (used for detecting bugs) due to
conditional definition in core Arm64 code can lead to a kernel
crash while fetching entries for modules. A local attacker can
exploit this flaw to cause a denial-of-service.

The kernel is not affected by CVE-2024-39488 since the condition
(CONFIG_DEBUG_BUGVERBOSE=n) required for the bad definition does
not exist.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-39489 CVE-2024-39292 CVE-2024-38613 CVE-2024-39467
CVE-2024-38633 CVE-2024-38780 CVE-2024-38637 CVE-2024-38607
CVE-2024-38549 CVE-2024-38661 CVE-2024-38634 CVE-2024-38627
CVE-2024-38589 CVE-2024-38583 CVE-2024-38582

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20240816/1c424ae8/attachment.sig>