[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELBA-2024-12479)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Jul 22 19:48:50 UTC 2024 

Synopsis: ELBA-2024-12479 can now be patched using Ksplice
CVEs: CVE-2022-48627 CVE-2023-47233 CVE-2023-52429 CVE-2023-52502 CVE-2023-52578 CVE-2023-52620 CVE-2023-52628 CVE-2023-52699 CVE-2023-52880 CVE-2023-6606 CVE-2024-23851 CVE-2024-24861 CVE-2024-25739 CVE-2024-26642 CVE-2024-26643 CVE-2024-26654 CVE-2024-26766 CVE-2024-26923 CVE-2024-26957 CVE-2024-26965 CVE-2024-26966 CVE-2024-26973 CVE-2024-26981 CVE-2024-26993 CVE-2024-26994 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27398 CVE-2024-35806 CVE-2024-35811 CVE-2024-35819 CVE-2024-35825 CVE-2024-35849 CVE-2024-35893 CVE-2024-35910 CVE-2024-35915 CVE-2024-35973 CVE-2024-36883 CVE-2024-36886 CVE-2024-36919 CVE-2024-36933 CVE-2024-36934 CVE-2024-36941 CVE-2024-36964

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2024-12479.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2024-12479.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-48627: Data corruption in virtual terminal driver.

Optimisation of a function call in virtual terminal driver can lead to
data corruption due to copying between overlapping buffers. A local
attacker can exploit this flaw to cause a denial-of-service, corrupt
data, or aid in other types of attacks.


* CVE-2023-47233, CVE-2024-35811: Privilege escalation when unplugging Broadcom FullMAC WLAN device.

A race condition when unplugging Broadcom FullMAC WLAN USB device during
initialization could lead to a use-after-free. A local attacker could
use this flaw to escalate privileges or facilitate an attack.


* CVE-2023-52429, CVE-2024-23851: Denial-of-service in kernel software RAID and LVM drivers.

Due to a lack of input validation in kernel software RAID and LVM
drivers. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2023-52578: Data race in 802.1d Ethernet Bridging driver.

A missing lock in the 802.1d Ethernet Bridging driver in the Linux
kernel can lead to a data race. An attacker can use this flaw to
cause a corruption of internal kernel data structures and cause
instability.


* CVE-2023-52620, CVE-2024-26642, CVE-2024-26643: Privilege escalation in netfilter subsystem.

A logical error in the netfilter subsystem can cause a race between the
netfilter garbage collector and freeing of anonymous sets with timeouts
(wrongly allowed to create from userspace), leading to a use-after-free.
A local attacker can exploit this flaw to escalate privileges or
facilitate an attack.


* CVE-2023-52628: Out-of-bounds access in Netfilter nf_tables exthdr subsystem.

Incorrect logic in the Netfilter nf_tables exthdr subsystem can lead to
out-of-bounds stack write.  This can potentially lead to stack corruption and
denial-of-service or information disclosure.


* CVE-2023-52880: Privilege escalation in GSM 07.10 tty multiplexor.

An unprivileged user can attach to the line discipline of GSM 07.10 tty
multiplexor driver even though CAP_NET_ADMIN is needed to create a GSM
network. A local attacker can exploit this flaw to extract sensitive
information from kernel memory, execute arbitrary code, and eventually
escalate privileges or facilitate an attack.


* CVE-2023-6606: Information disclosure in Common Internet File System.

The CIFS network file system implementation did not always
properly validate the server frame size, which could lead to
an out-of-bounds write. A local attacker could use this flaw
to cause a denial-of-service or potentially expose sensitive
information.


* CVE-2024-24861: Denial-of-service in Xceive XC4000 silicon tuner driver.

Missing locking in Xceive XC4000 silicon tuner driver when reading and
modifying frequency could lead to inconsistent data. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2024-25739: Denial-of-service when using Unsorted Block Images driver.

A logic error when using Unsorted Block Images driver could lead to a
kernel crash. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-26923: Privilege escalation in Unix domain sockets.

A race condition when using Unix domain sockets could lead to garbage
collector racing with the connect() syscall. A local attacker could use
this flaw to escalate privileges.


* CVE-2024-26973: Information leak in FAT filesystem.

Uninitialised field in FAT filesystem can eventually lead to memory
leak. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or facilitate an attack.


* CVE-2024-26993: Resource leak in SysFS file system support.

An incorrect logic in SysFS file system support driver of the Linux
kernel when force removing an attribute can lead to a resource leak.
An attacker can use this flaw to destabilize the kernel and cause
excessive resource consumption of the kernel or as an additional
step in another types of attacks.


* CVE-2024-27398: Denial-of-service in Bluetooth Classic (BR/EDR) features.

A missing check when using Bluetooth Classic (BR/EDR) features could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-35849: Information leak in BTRFS filesystem.

A missing variable initialization when using BTRFS filesystem could lead
to a memory leak. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-35893: Information leak in core net subsystem.

When skb data modification is allowed, a hole in a struct causes kernel
memory to be leaked to userspace. A local attacker can exploit this
flaw to extract sensitive information from the kernel memory.


* CVE-2024-35910: Denial-of-service in IPv4 TCP networking stack.

A logical error in IPv4 TCP networking stack when handling timers upon
a kernel socket release can lead to a null-pointer dereference. A local
attacker can exploit this flaw to cause a denial-of-service.


* CVE-2024-35973: Denial-of-service in Generic Network Virtualization Encapsulation.

A logic error when using Generic Network Virtualization Encapsulation
driver could lead to use of uninitialized memory. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-36883: Denial-of-service in Networking namespace support.

A race condition when using Networking namespace support could lead to
an out-of-bounds memory access. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-36919: Denial-of-service in QLogic Fiber-Channel-over-Ethernet offload driver.

Unnecessary locking when using the QLogic FCoE offload driver could
lead to a kernel panic. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-36934: Information leak in QLogic BR-series Ethernet driver.

A logic error when using the QLogic BR-series Ethernet driver could lead to an
out-of-bounds memory read. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-36941: Denial-of-service in core WiFi subsystem.

A missing check when using the core WiFi subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-36964: Privilege escalation in Plan 9 Resource Sharing filesystem.

A logic error when using the Plan 9 Resource Sharing filesystem stack
could lead to garbage 9P mode bits setting the underlying Unix perm
bits, including the suid bit. A local attacker could use this flaw to
escalate privileges.


* Denial-of-service in SLUB allocator.

If the size of slab cache is very large, we can have a soft-lockup
where kernel is blocked from allocating more slabs, which can cause
I/O and network timeouts. This is very easily triggered by reading
the /proc/slabinfo file from userspace.

Orabug: 36655470


* Potential NULL pointer dereference in netfilter subsystem.

Between some checks and use, a socket may get detached and have
an internal pointer set to NULL, leading to a NULL pointer
dereference. A local attacker can exploit this flaw to cause
denial-of-service.


* Note: Oracle has determined that CVE-2023-52502 is not applicable.

The kernel is not affected by CVE-2023-52502 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2023-52699 is not applicable.

The kernel is not affected by CVE-2023-52699
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26654 is not applicable.

The kernel is not affected by CVE-2024-26654
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26766 is not applicable.

The kernel is not affected by CVE-2024-26766 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26957 is not applicable.

The kernel is not affected by CVE-2024-26957
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26965 is not applicable.

The kernel is not affected by CVE-2024-26965
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26966 is not applicable.

The kernel is not affected by CVE-2024-26966
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26981 is not applicable.

The kernel is not affected by CVE-2024-26981
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26994 is not applicable.

The kernel is not affected by CVE-2024-26994
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26999 is not applicable.

The kernel is not affected by CVE-2024-26999
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27000 is not applicable.

The kernel is not affected by CVE-2024-27000
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27001 is not applicable.

The kernel is not affected by CVE-2024-27001
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35806, CVE-2024-35819 are not applicable.

The kernel is not affected by CVE-2024-35806, CVE-2024-35819
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35825 is not applicable.

The kernel is not affected by CVE-2024-35825
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35915 is not applicable.

The kernel is not affected by CVE-2024-35915
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-36886 is not applicable.

The kernel is not affected by CVE-2024-36886
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-36933 is not applicable.

The kernel is not affected by CVE-2024-36933
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list