[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2024-12150)

Fri Feb 16 08:22:37 UTC 2024

Synopsis: ELSA-2024-12150 can now be patched using Ksplice
CVEs: CVE-2021-44879 CVE-2023-0590 CVE-2023-1077 CVE-2023-25775 CVE-2023-45863 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782 CVE-2023-6246 CVE-2023-6932

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12150.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12150.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-0590: Use-after-free in network scheduler.

A race condition in net scheduler when dropping the reference of a queue
discipline object in qdisc_graft() may lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service.

* CVE-2023-1077: Memory Corruption in Real-Time Scheduling Class.

Incorrect error checking logic in the Real-Time Scheduling Class can lead to
memory corruption. This can allow a local user to cause denial-of-service or
escalate privileges.

Orabug: 35181559

* CVE-2023-45863: Out-of-bounds write in a library routine for handling generic kernel objects.

Handling of internal kernel objects can race, leading to an
out-of-bounds write. An attacker with root access can exploit
this to cause denial-of-service or aid in other types of attacks.

* CVE-2023-6932: Use-after-free in IGMP networking stack.

A use-after-free error was found in the IGMP networking stack when
receiving query message if the device is down. A local attacker can
exploit this to cause a denial-of-service or privilege escalation.

* Note: Oracle will not provide a zero-downtime update for CVE-2021-44879.

Oracle has determined that the vulnerability does not affect a running
system.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-51782.

Oracle has determined that the vulnerability does not affect a running
system.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-51781.

Oracle has determined that the vulnerability does not affect a running
system.

* CVE-2023-51780: Use-after-free in the ATM driver's message receive path.

A race condition in the Asynchronous Transfer Mode network driver's
receive path can lead to a use-after-free.  This flaw could allow a
local attacker to leak privileged information from the kernel, or to
cause a denial-of-service.

* Denial-of-service when using InfiniBand driver.

Due to improper handling of disconnection requests in a specific case,
the RDMA connections will be blocked until a timeout is reached. A
local attacker can exploit this to cause a denial-of-service.

Orabug: 36143229

* Performance regression due to incorrect calculation by fair scheduler.

Not taking into account the offline state of a CPU causes incorrect
load calculation while scheduling, leading to a performance hit as
less CPU time is allotted to processes.

Orabug: 36185208

* CVE-2023-25775: Information disclosure in the Intel(R) Ethernet Controller RDMA driver.

A flaw in irdma allows to program zero-length STAGs in hardware. An
attacker could use this flaw to access sensitive kernel information.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.