[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2024-12151)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Feb 22 08:15:20 UTC 2024
Synopsis: ELSA-2024-12151 can now be patched using Ksplice
CVEs: CVE-2021-44879 CVE-2023-25775 CVE-2023-28464 CVE-2023-4244 CVE-2023-45863 CVE-2023-45898 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782 CVE-2023-6121 CVE-2023-6531 CVE-2023-6606 CVE-2023-6932
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12151.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12151.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Slow loss recovery when receiving SACK for TLP retransmit.
When a SACK for a TLP retransmit is received with an RTT below the
current minimum RTT limit, slow loss recovery can occur.
This update provides system administrators with sysctl tunables
(net.ipv4.tcp_delack_min/max) to control the minimum/maximum amount of
time to delay before sending an ACK.
Orabug: 35875891
* Note: Oracle will not provide a zero-downtime update for CVE-2023-4244.
A race condition in the set implementation of nftables between
the control plane and the garbage collection worker could lead to a
use-after-free. A local user with CAP_NET_ADMIN access could use this
flaw to cause a crash or expose sensitive kernel information.
Oracle has determined that patching CVE-2023-4244 on a running system
would not be safe and recommends a reboot.
On workloads that permit it, a temporary mitigation is to disallow
unprivileged users from creating namespaces:
sudo sysctl -w kernel.unprivileged_userns_clone=0
* CVE-2023-25775: Information disclosure in the Intel(R) Ethernet Controller RDMA driver.
A flaw in irdma allows to program zero-length STAGs in hardware. An
attacker could use this flaw to access sensitive kernel information.
* CVE-2023-6606: Information disclosure in Common Internet File System.
The CIFS network file system implementation did not always
properly validate the server frame size, which could lead to
an out-of-bounds write. A local attacker could use this flaw
to cause a denial-of-service or potentially expose sensitive
information.
* CVE-2023-51780: Use-after-free in the ATM networking stack.
Asynchronous Transfer Mode (ATM) ioctl calls can race with datagram
reception causing a use-after-free error. A local attacker can
exploit this to cause a denial-of-service or privilege escalation.
* Note: Oracle has determined that CVE-2023-51781 is not applicable.
AppleTalk ioctl calls can race with datagram reception causing a
use-after-free error. A local attacker can exploit this to cause
a denial-of-service or privilege escalation.
The kernel is not affected by CVE-2023-51781 since the code under
consideration is not compiled.
* Note: Oracle has determined that CVE-2023-51782 is not applicable.
ROSE ioctl calls can race with accepting a connection, causing a
use-after-free error. A local attacker can exploit this to cause
a denial-of-service or privilege escalation.
The kernel is not affected by CVE-2023-51782 since the code under
consideration is not compiled.
* Note: Oracle has determined that CVE-2021-44879 is not applicable.
A NULL pointer dereference error can occur in the F2FS filesystem due
to an incorrect check during garbage collection. A local attacker can
exploit this to cause denial-of-service.
The kernel is not affected by CVE-2021-44879 since the code under
consideration is not compiled.
* CVE-2023-6121: Out-of-bounds read in NVMe-oF/TCP subsystem.
NVMe Qualified Names (NQNs) used to identify the endpoints when setting
up connections are not NULL terminated, leading to out-of-bounds read.
An attacker can exploit this remotely by sending a malicious payload to
extract sensitive information from the kernel memory.
* Potential NULL pointer dereference in netfilter subsystem.
Between some checks and use, a socket may get detached and have
an internal pointer set to NULL, leading to a NULL pointer
dereference. A local attacker can exploit this flaw to cause
denial-of-service.
* Overwriting of read-only files in BTRFS filesystem.
Incorrect checking during send command can lead to overwriting of
read-only files. An attacker can exploit this flaw to cause a
denial-of-service, privilege escalation, or aid in other types of
attacks.
* CVE-2023-45863: Out-of-bounds write in a library routine for handling generic kernel objects.
Handling of internal kernel objects can race, leading to an
out-of-bounds write. An attacker with root access can exploit
this to cause denial-of-service or aid in other types of attacks.
* CVE-2023-6531: Use-after-free in io_uring subsystem.
Garbage collection of io_uring files races with the operations of
Unix-domain sockets which use the files, leading to a use-after-free
error. A local attacker can exploit this to cause a denial-of-service
or privilege escalation.
* CVE-2023-6932: Privilege escalation in IGMP.
A race condition in the IGMP protocol implementation could lead
to a use-after-free vulnerability. A local attacker could use
this flaw to cause a denial-of-service or potentially escalate
privileges.
* Denial-of-service when using Broadcom NetXtreme-C/E ethernet network driver.
An invalid transfer completion by the Broadcom NetXtreme-C/E ethernet
network driver can cause a use-after-free error. A local attacker can
exploit this to cause denial-of-service.
Orabug: 36075755
* Note: Oracle has determined that CVE-2023-45898 is not applicable.
A use-after-free error was introduced in the ext4 filesystem after
an improvement was added which utilized pre-existing allocations.
A local attacker can exploit this to cause a denial-of-service or
privilege escalation.
The kernel is not affected by CVE-2023-45898 since the code introducing
the issue is not present.
* Denial-of-service when using InfiniBand driver.
Due to improper handling of disconnection requests in a specific case,
the RDMA connections will be blocked until a timeout is reached. A
local attacker can exploit this to cause a denial-of-service.
Orabug: 36143228
* CVE-2023-28464: Use-after-free in Bluetooth subsystem.
A double free was found in the bluetooth subsystem when cleaning up a
connection, leading to a use-after-free error. A local attacker can
exploit this to cause denial-of-service or privilege escalation.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20240222/75a291a7/attachment.sig>
More information about the El-errata
mailing list