[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELBA-2024-12478)

Thu Jul 11 06:47:02 UTC 2024

Synopsis: ELBA-2024-12478 can now be patched using Ksplice
CVEs: CVE-2023-52429 CVE-2024-23851 CVE-2024-26923 CVE-2024-26993 CVE-2024-27398 CVE-2024-31076 CVE-2024-35849 CVE-2024-35950 CVE-2024-35973 CVE-2024-36883 CVE-2024-36886 CVE-2024-36904 CVE-2024-36919 CVE-2024-36933 CVE-2024-36934 CVE-2024-36941 CVE-2024-36964

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2024-12478.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2024-12478.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-52429, CVE-2024-23851: Denial-of-service in kernel software RAID and LVM drivers.

Due to a lack of input validation in kernel software RAID and LVM
drivers. A local attacker could use this flaw to cause a denial-of-
service.

* CVE-2024-26923: Privilege escalation in Unix domain sockets.

A race condition when using Unix domain sockets could lead to garbage
collector racing with the connect() syscall. A local attacker could use
this flaw to escalate privileges.

* CVE-2024-26993: Resource leak in SysFS filesystem.

A logic error in the SysFS filesystem can lead to a resource leak.
An attacker can exploit this flaw to cause a denial-of-service or
aid in other types of attacks.

* CVE-2024-27398: Denial-of-service in Bluetooth Classic (BR/EDR) features.

A missing check when using Bluetooth Classic (BR/EDR) features could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.

* CVE-2024-31076: Denial-of-service in generic CPU hotplug interrupt migration code.

An interrupt race during migration of interrupts could lead to CPU
vector leak if the original CPU goes offline. A local attacker could
exploit this flaw to cause a denial-of-service.

Orabug: 36592398

* CVE-2024-35849: Information leak in BTRFS filesystem.

A missing variable initialization when using the BTRFS filesystem could
lead to a memory leak. A local attacker could use this flaw to extract
sensitive information.

* CVE-2024-35950: Memory corruption in Direct Rendering Manager.

A locking error when using Direct Rendering Manager driver could lead to
a use-after-free. A local attacker could use this flaw to cause memory
corruption.

* CVE-2024-35973: Denial-of-service in Generic Network Virtualization Encapsulation.

A logic error when using Generic Network Virtualization Encapsulation
driver could lead to use of uninitialized memory. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2024-36883: Denial-of-service in Networking namespace support.

A race condition when using Networking namespace support could lead to
an out-of-bounds memory access. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2024-36886: Remote code execution in TIPC networking stack.

A logic error when using the TIPC networking stack could lead to a
use-after-free. A remote attacker could use this flaw to execute
arbitrary code in kernel mode, escalate privileges, cause a
denial-of-service, or aid in other types of attacks.

* CVE-2024-36904: Remote code execution in TCP/IP networking stack.

A race condition in TCP/IP networking stack can cause a data race
with a refcount value, leading to an underflow, which can cause a
use-after-free elsewhere in the kernel depending on the refcount.
A remote attacker could use this flaw to execute arbitrary code in
kernel mode, escalate privileges, cause a denial-of-service, or aid
in other types of attacks.

* CVE-2024-36919: Denial-of-service in QLogic Fiber-Channel-over-Ethernet offload driver.

Unnecessary locking when using the QLogic FCoE offload driver could
lead to a kernel panic. A local attacker could use this flaw to cause
a denial-of-service.

* CVE-2024-36933: Information leak in Network Service Header protocol stack.

A logic error when using the Network Service Header protocol stack could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to extract sensitive information.

* CVE-2024-36934: Information leak in QLogic BR-series Ethernet driver.

A logic error when using QLogic BR-series Ethernet driver could lead to
an out-of-bounds memory read. A local attacker could use this flaw to
extract sensitive information.

* CVE-2024-36941: Denial-of-service in core WiFi subsystem.

A missing check when using the core WiFi subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-36964: Privilege escalation in Plan 9 Resource Sharing filesystem.

A logic error when using the Plan 9 Resource Sharing filesystem stack
could lead to garbage 9P mode bits setting the underlying Unix perm
bits, including the suid bit. A local attacker could use this flaw to
escalate privileges.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2022-48655, CVE-2024-26926, CVE-2024-26981, CVE-2024-26994,
CVE-2024-26999, CVE-2024-27000, CVE-2024-27001, CVE-2024-35852,
CVE-2024-35853, CVE-2024-35854, CVE-2024-35855, CVE-2024-36006,
CVE-2024-36007, CVE-2024-38381, CVE-2024-38587

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20240711/8b6e96df/attachment.sig>