[El-errata] New Ksplice updates for RHCK 9 (ELSA-2024-2758)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Jul 1 12:06:45 UTC 2024 

Synopsis: ELSA-2024-2758 can now be patched using Ksplice
CVEs: CVE-2023-52455 CVE-2023-6240 CVE-2024-25742 CVE-2024-25743 CVE-2024-26945 CVE-2024-35926

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-2758.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-2758.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-6240: Side-Channel leakage in the RSA decryption operation.

The decryption and signing capabilities in the Linux kernel are
vulnerable to Marvin side-channel leakage. These capabilities are
not used inside the kernel. However, they are exposed to the
user-space through the keyctl system call. The flaw may allow an
attacker to decrypt ciphertexts or forge signatures.


* CVE-2024-25742, CVE-2024-25743: Disruption of AMD SEV-SNP With Interrupts.

A missing check in the AMD SEV Linux kernel driver can result in
malicious interrupts injection. An attacker with an access to a
hypervisor can potentially break confidentiality and integrity
of Linux SEV-SNP guests.


* CVE-2024-26945: Denial-of-service in Intel's IAA Compression Accelerator driver.

An incorrect logic while probing hardware configuration in Intel's IAA
Compression Accelerator driver can lead to a division-by-zero. A local
attacker with a hardware access can use this flaw to cause
denial-of-service.


* CVE-2024-35926: Resource leak in Intel's IAA Compression Accelerator driver.

A missing check in Intel's IAA Compression Accelerator driver in the
Linux kernel can lead to a resource leak. A local attacker can use
this flaw to cause denial-of-service.


* Note: Oracle has determined that CVE-2023-52455 is not applicable.

The kernel is not affected by CVE-2023-52455
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list