[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2024-12884)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Dec 20 06:27:43 UTC 2024
Synopsis: ELSA-2024-12884 can now be patched using Ksplice
CVEs: CVE-2022-20158 CVE-2023-52530 CVE-2024-26921 CVE-2024-38544 CVE-2024-40953 CVE-2024-41016 CVE-2024-47670 CVE-2024-47685 CVE-2024-47692 CVE-2024-47701 CVE-2024-47706 CVE-2024-47742 CVE-2024-49860 CVE-2024-49867 CVE-2024-49868 CVE-2024-49878 CVE-2024-49882 CVE-2024-49883 CVE-2024-49944 CVE-2024-49948 CVE-2024-49949 CVE-2024-49952 CVE-2024-49957 CVE-2024-49966 CVE-2024-49982 CVE-2024-49995 CVE-2024-50033 CVE-2024-50035 CVE-2024-50045 CVE-2024-50076 CVE-2024-50142 CVE-2024-50151 CVE-2024-50179 CVE-2024-50195 CVE-2024-50199 CVE-2024-50210 CVE-2024-50218 CVE-2024-50251 CVE-2024-53057
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12884.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12884.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2022-20158: Privilege escalation in core filesystem layer.
A use-after-free when using the core filesystem layer could lead to
memory corruption. A local attacker could use this flaw to escalate
privileges.
* CVE-2023-52530: Privilege escalation when adding a key in Generic IEEE 802.11 Networking Stack (mac80211).
A missing check when adding a key in Generic IEEE 802.11 Networking
Stack (mac80211) could lead to a use-after-free. A local attacker could
use this flaw to escalate privileges or facilitate an attack.
* CVE-2024-26921: Code execution in TCP/IP networking.
A logic error when handling IP packet fragments in TCP/IP networking
could lead to a use-after-free. A local attacker could use this flaw to
execute arbitrary code in kernel mode.
* CVE-2024-38544: Denial-of-service in Software RDMA over Ethernet (RoCE) driver.
A race condition when using the Software RDMA over Ethernet (RoCE)
driver could lead to a use-after-free. An attacker could use this flaw
to cause a denial-of-service.
* CVE-2024-40953: Privilege escalation in KVM driver.
Missing atomicity barriers in the KVM driver when using a variable to
fetch a vCPU could lead to an out-of-bounds memory access. A local
attacker could use this flaw to escalate privileges.
* CVE-2024-41016, CVE-2024-47670: Privilege escalation in OCFS2 filesystem.
Missing checks when reading extended attributes in the OCFS2 filesystem
could lead to an out-of-bounds memory access. A local attacker could use
a crafted image to escalate privileges.
* CVE-2024-47685: Remote information leak in IPv6 packet rejection driver.
A missing check when using the IPv6 packet rejection driver could lead
to use of uninitialized memory. A remote attacker could use this flaw to
extract sensitive information.
* CVE-2024-47692: Denial-of-service in NFS server driver.
A missing check when using the NFS server driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-47701: Privilege escalation in ext4 filesystem.
A race condition when using the ext4 filesystem could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
escalate privileges.
* CVE-2024-47706: Privilege escalation in generic block I/O layer.
A missing check when using the generic block I/O layer could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.
* CVE-2024-47742: Privilege escalation in the firmware loader driver.
A missing check when user loads a firmware using firmware loader driver
indirectly could lead to loading arbitrary files. A local attacker could
use this flaw to escalate privileges.
* CVE-2024-49860: Information leak in ACPI driver.
A missing check when using the ACPI driver could lead to an
out-of-bounds memory read. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-49867: Privilege escalation in BTRFS filesystem.
A missing flush when unmounting the BTRFS filesystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.
* CVE-2024-49868: Denial-of-service in BTRFS filesystem.
A missing check when using the BTRFS filesystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-49878: Information leak kernel resource manager with CXL memory.
A logic error in the kernel resource manager when CXL memory is in use
could lead to accessing normally restricted part of the memory. A local
attacker could use this flaw to leak sensitive information.
* CVE-2024-49882: Code execution in ext4 filesystem.
A logic error in the ext4 filesystem could lead to a double free. A
local attacker could use this flaw to execute arbitrary code in kernel
mode.
* CVE-2024-49883: Privilege escalation in ext4 filesystem.
A logic error when using the ext4 filesystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.
* CVE-2024-49944: Denial-of-service in SCTP Protocol driver.
A missing check when listening on a socket in the SCTP Protocol driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* CVE-2024-49948, CVE-2024-49949: Denial-of-service in core networking layer.
Missing checks on maliciously crafted packets from userspace could
cause an underflow leading to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2024-49952: Denial-of-service in netfilter packet duplicator.
A logic error when using the netfilter packet duplicator could lead to a
kernel oops. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-49957: Denial-of-service in OCFS2 filesystem.
A logic error when mounting a filesystem with a corrupted journal in
the OCFS2 filesystem could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2024-49966: Privilege escalation in OCFS2 filesystem.
A logic error when reading information header from global quota file in
the OCFS2 filesystem could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.
* CVE-2024-49982: Use-after-free in ATA-over-Ethernet driver.
Due to incorrect handling of device refcount in the ATA-over-Ethernet
(AoE) driver, a race is possible between freeing of an AoE device and
access through associated socket buffers, leading to a use-after-free.
A local attacker can exploit this flaw to cause a denial-of-service or
execute arbitrary code.
* CVE-2024-49995: Privilege escalation in TIPC Protocol driver.
A logic error when setting TIPC bearer name in the TIPC Protocol driver
could lead to an out-of-bounds memory access. A local attacker could use
this flaw to escalate privileges.
* CVE-2024-50033: Privilege escalation in SLHC driver.
A logic error when using the Van Jacobson TCP/IP Serial Line Header
Compression (SLHC) driver could lead to an out-of-bounds memory access.
A local attacker could use this flaw to escalate privileges.
* CVE-2024-50035: Information leak in PPP (point-to-point protocol) networking stack.
A missing check when transmitting using the PPP networking stack could
lead to use of uninitialized memory. A local attacker could use this
flaw to extract sensitive information.
* CVE-2024-50045: Denial-of-service in bridge netfilter driver.
A logic error when sending traffic using the bridge netfilter driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* CVE-2024-50076: Information leak in virtual terminal driver.
A missing initialization of allocated memory when getting font
information in the virtual console driver could lead to use of
uninitialized memory. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-50142: Denial-of-service in transformation user configuration interface.
A logic error when using the transformation user configuration interface
could lead to an integer overflow. A local attacker could use this flaw
to cause a denial-of-service.
* CVE-2024-50151: Privilege escalation in SMB3 and CIFS driver.
A missing check when using the SMB3 and CIFS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
escalate privileges.
* CVE-2024-50179: Denial-of-service in Ceph distributed file system driver.
A logic error when setting dirty pages in the Ceph distributed file
system driver could lead to a kernel assertion failure. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2024-50195, CVE-2024-50210: Denial-of-service in dynamic POSIX clock driver.
A missing check when using the dynamic POSIX clock driver could lead to
invalid time being set. A local attacker could use this flaw to cause a
denial-of-service or other types of attacks (since other kernel parts or
drivers may depend on the set time).
* CVE-2024-50199: Resource leak in swap memory driver.
A missing check when running swapoff after a swapout of a hugeTLB page
could lead to big memory leaks. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-50218: Denial-of-service in OCFS2 filesystem.
A missing check when using the OCFS2 filesystem could lead to a kernel
assertion failure. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-50251: Denial-of-service in netfilter subsystem.
A missing check when using the netfilter subsystem could lead to a
kernel assertion failure. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-53057: Privilege escalation in network QoS/scheduling driver.
A logic error when using the network QoS/scheduling driver could lead to
a use-after-free. A local attacker could use this flaw to escalate
privileges.
* Note: Oracle has determined some CVEs are not applicable.
The kernel is not affected by the following CVEs
since the code under consideration is not compiled.
CVE-2023-52497, CVE-2023-52917, CVE-2024-46849, CVE-2024-46853,
CVE-2024-46854, CVE-2024-47699, CVE-2024-47712, CVE-2024-47723,
CVE-2024-47740, CVE-2024-47747, CVE-2024-47756, CVE-2024-47757,
CVE-2024-49879, CVE-2024-49900, CVE-2024-49902, CVE-2024-49903,
CVE-2024-49924, CVE-2024-49962, CVE-2024-49981, CVE-2024-49985,
CVE-2024-49997, CVE-2024-50059, CVE-2024-50089, CVE-2024-50096,
CVE-2024-50116, CVE-2024-50127, CVE-2024-50168, CVE-2024-50171,
CVE-2024-50180, CVE-2024-50202, CVE-2024-50229, CVE-2024-50230,
CVE-2024-50233
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20241220/76acd404/attachment-0001.sig>
More information about the El-errata
mailing list