[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (OVMSA-2024-0016)

Tue Dec 10 15:27:11 UTC 2024

Synopsis: OVMSA-2024-0016 can now be patched using Ksplice
CVEs: CVE-2023-6270 CVE-2024-26898 CVE-2024-26973 CVE-2024-38599 CVE-2024-39487 CVE-2024-39499 CVE-2024-40904 CVE-2024-40912 CVE-2024-41089 CVE-2024-41095 CVE-2024-42101 CVE-2024-45008 CVE-2024-45021 CVE-2024-46745

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle VM Security Fix Advisory, OVMSA-2024-0016.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-6270, CVE-2024-26898: Use-after-free in ATA-over-Ethernet driver.

Due to incorrect handling of device refcount in the ATA-over-Ethernet
(AoE) driver, a race is possible between freeing of an AoE device and
access through associated socket buffers, leading to a use-after-free.
A local attacker can exploit this flaw to cause a denial-of-service or
execute arbitrary code.

Orabug: 36544953

* CVE-2024-26973: Information leak in FAT filesystem.

Uninitialised field in FAT filesystem can eventually lead to memory
leak. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or facilitate an attack.

Orabug: 36597870

* CVE-2024-38599: Disk corruption in JFFS2 filesystem.

A missing check when using JFFS2 filesystem could lead to an out-of-
bounds memory write. A local attacker could use this flaw to cause disk
corruption.

Orabug: 36753653

* CVE-2024-39487: Information leak in bonding driver.

A missing check when using the bonding driver could lead to an out-of-bounds
memory read. A local attacker could use this flaw to extract sensitive
information.

Orabug: 36825250

* CVE-2024-39499: Information leak in VMware VMCI Driver.

A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.

Orabug: 36835584

* CVE-2024-40904: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to soft
lockup due to excessive logging. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 36835711

* CVE-2024-40912: Denial-of-service in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.

Orabug: 36835737

* CVE-2024-41089, CVE-2024-41095, CVE-2024-42101: Denial-of-service in nouveau driver.

A missing check when using the nouveau driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 36897642

* CVE-2024-45008, CVE-2024-46745: Denial-of-service in user-level input subsystem.

A missing check when using the user-level input subsystem could lead to
an arbitrarily large memory allocation. A local attacker could use this
flaw to cause a denial-of-service.

Orabug: 37029139

* CVE-2024-45021: Denial-of-service in memory controller.

A logic error when using the memory controller could lead to an out-of-
bounds memory access. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 37070674

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.