[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2024-12385)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jun 5 20:50:16 UTC 2024


Synopsis: ELSA-2024-12385 can now be patched using Ksplice
CVEs: CVE-2023-0386 CVE-2023-2598 CVE-2023-52434 CVE-2023-52497 CVE-2023-52620 CVE-2023-52640 CVE-2023-52641 CVE-2024-0565 CVE-2024-0841 CVE-2024-1086 CVE-2024-26622 CVE-2024-26736 CVE-2024-26748 CVE-2024-26749 CVE-2024-26751 CVE-2024-26771 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778 CVE-2024-26782 CVE-2024-26788 CVE-2024-26790 CVE-2024-26791 CVE-2024-26795 CVE-2024-26798 CVE-2024-26804 CVE-2024-26805 CVE-2024-26809 CVE-2024-26816 CVE-2024-26848 CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26863 CVE-2024-26870 CVE-2024-26874 CVE-2024-26875 CVE-2024-26877 CVE-2024-26881 CVE-2024-26882 CVE-2024-26889 CVE-2024-26895 CVE-2024-26901 CVE-2024-26906 CVE-2024-27028 CVE-2024-27030 CVE-2024-27037 CVE-2024-27053 CVE-2024-27076 CVE-2024-27078 CVE-2024-27405 CVE-2024-27414 CVE-2024-27417 CVE-2024-27419 CVE-2024-27432 CVE-2024-35829 CVE-2024-35844

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12385.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12385.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52434: Privilege escalation when mounting SMB3 filesystem.

An invalid check when mounting SMB3 filesystem with invalid contexts
could lead to an out-of-bounds access. A local attacker could use this
flaw to escalate privilege or facilitate an attack.


* CVE-2023-52620: Privilege escalation in the netfilter subsystem.

An incorrect parameter validation in netfilter subsystem can
lead to a change of data structures internal to the kernel. A local
attacker could use this flaw to escalate privileges.


* CVE-2024-0565: Out-of-bounds access when reading encrypted SMB2 data.

When receiving SMB2 encryption information, the kernel CIFS client fails
to correctly validate the remote "NextCommand" field. A malicious server
might exploit this to cause a denial-of-service on the client.


* CVE-2024-0841: Denial-of-service when configuring a HugeTLB file system.

A logic error when configuring a HugeTLB file system using fsconfig
syscall could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2024-26778: Denial-of-service in S3 Savage framebuffer driver.

Insufficient input sanitization in the S3 Savage framebuffer device
driver can lead to a division by zero. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-26782: Privilege escalation when creating Multipath TCP socket.

A logic error when creating Multipath TCP socket could lead to a use-
after-free. A local attacker could use this flaw to escalate privileges
or facilitate an attack.


* CVE-2024-26791: Out-of-bounds read in btrfs device name handling.

Improper validation of device names in the btrfs driver can lead to an
out-of-bounds kernel read. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* CVE-2024-26798: Denial-of-service when setting font in frame buffer based console driver.

A logic error when setting font in frame buffer based console driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2024-26804: Denial-of-service in IPv4 networking stack.

A logical error in IPv4 networking stack can lead to the continuous
increase of headroom size in socket buffer, eventually leading to a
use-after-free. A local attacker can exploit this flaw to cause a
denial-of-service.


* CVE-2024-26805: Information leak in Netlink driver during packet creation.

An incorrect buffer length calculation when creating new packets in
the Netlink driver causes uninitialized memory to be copied into a
packet buffer. A local attacker could use this flaw to leak information
about running kernel and facilitate an attack.


* CVE-2024-26809: Denial-of-service when destroying pipapo socket.

A logic error when destroying pipapo socket could lead to
use-after-free.  A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-26816: Information leak in /sys/kernel/notes for x86 systems.

An unprivileged attacker can read /sys/kernel/notes which contains
relocations of Xen variables. As System.map file is also readable
by an unprivileged attacker, KASLR can by bypassed since the attacker
can find out the relative offsets and combine that with the Xen
relocation address to find the address of any kernel symbol, which
can facilitate an attack, like privilege escalation.


* CVE-2024-26851: Denial-of-service in Network packet filtering framework.

A missing check when using Network packet filtering framework
(Netfilter) could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service or facilitate an
attack.


* CVE-2024-26852: Privilege escalation when using IPV6 multipath routes.

A logic error when using IPV6 multipath routes could lead to a
use-after-free. A local attacker could use this flaw to escalate
privilege.


* CVE-2024-26855: Denial-of-service in Intel Ethernet Connection E800 Series driver.

A logic error in Intel Ethernet Connection E800 Series driver could lead
to a NULL pointer dereference A local attacker can exploit this flaw to
cause a denial-of-service.


* CVE-2024-26857: Information leak in Generic Network Virtualization Encapsulation driver.

During reception of packets in GENEVE driver, uninitialised memory can
be accessed due to incorrect handling of headers of the socket buffer.
An attacker (local or remote) can exploit this flaw to access sensitive
information from the kernel memory or facilitate an attack.


* CVE-2024-26863: Information leak in HSR networking stack.

Missing check for the HSR tag after the Ethernet header in the
High-availability Seamless Redundancy networking stack can lead
to accessing uninitialised memory. An attacker (local or remote)
can exploit this flaw to extract sensitive information from the
kernel memory or facilitate an attack.


* CVE-2024-26870: Denial-of-service when listing xattr in NFS client driver.

A logic error when listing xattr in NFS client driver could lead to a
kernel assert. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-26875: Use-after-free in Hauppauge WinTV-PVR USB2 driver.

A race can happen in the Hauppauge WinTV-PVR USB2 driver between
context disconnect and check in another thread, leading to a
use-after-free. A local attacker can exploit this flaw to cause a
denial-of-service, privilege escalation, or run arbitrary code.


* CVE-2024-26882: Information leak in IP tunneling stack.

During reception of packets in IP tunneling stack, uninitialised memory
can be accessed due to incorrect handling of headers of the socket
buffer. An attacker (local or remote) can exploit this flaw to access
sensitive information from the kernel memory or facilitate an attack.


* CVE-2024-26889: Out-of-bounds write in core Bluetooth subsystem.

When using the HCIGETDEVINFO ioctl command, a buffer overflow is
possible if the device name is bigger than expected. A remote
attacker can exploit this flaw to cause a denial-of-service or
privilege escalation.


* CVE-2024-26901: Information leak in file handle syscalls.

Incorrect initialisation in file handle code in core fs subsystem can
lead to an information leak. A local attacker can exploit this flaw to
extract sensitive information from the kernel memory or aid in other
types of attacks.


* CVE-2024-26906: Denial-of-service when using a custom eBPF program.

A missing check when running a custom eBPF program using
probe_read_kernel helper could lead to an invalid memory access. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-27414: Out-of-bounds write in core net subsystem.

A logical error when handling rtnetlink RTM_SETLINK messages (which
is about modifying link configuration by a user) in the core net
subsystem can lead to an out-of-bounds write. A local attacker with
necessary privileges can exploit this flaw to cause denial-of-service
or privilege escalation.


* CVE-2024-27417: Resource exhaustion in IPv6 networking stack.

A logical error in the IPv6 networking stack when handling malformed
arguments given by the userspace for RTM_GETADDR messages can lead to
a resource leak. A local attacker can exploit this flaw to cause
resource exhaustion and thus denial-of-service.


* Note: Oracle has determined that CVE-2023-52497 is not applicable.

The kernel is not affected by CVE-2023-52497
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2023-52640 is not applicable.

The kernel is not affected by CVE-2023-52640
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2023-52641 is not applicable.

The kernel is not affected by CVE-2023-52641
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26622 is not applicable.

The kernel is not affected by CVE-2024-26622
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26736 is not applicable.

The kernel is not affected by CVE-2024-26736
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26748 is not applicable.

The kernel is not affected by CVE-2024-26748
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26749 is not applicable.

The kernel is not affected by CVE-2024-26749
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26751 is not applicable.

The kernel is not affected by CVE-2024-26751
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26771 is not applicable.

The kernel is not affected by CVE-2024-26771
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26776 is not applicable.

The kernel is not affected by CVE-2024-26776
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26777 are not applicable.

The kernel is not affected by CVE-2024-26777 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26788 is not applicable.

The kernel is not affected by CVE-2024-26788
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26790 is not applicable.

The kernel is not affected by CVE-2024-26790
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26795 is not applicable.

The kernel is not affected by CVE-2024-26795
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26848 is not applicable.

The kernel is not affected by CVE-2024-26848
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26856 is not applicable.

The kernel is not affected by CVE-2024-26856
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26874 is not applicable.

The kernel is not affected by CVE-2024-26874
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26877 is not applicable.

The kernel is not affected by CVE-2024-26877
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26881 is not applicable.

The kernel is not affected by CVE-2024-26881
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26895 is not applicable.

The kernel is not affected by CVE-2024-26895
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27028 is not applicable.

The kernel is not affected by CVE-2024-27028
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27030 is not applicable.

The kernel is not affected by CVE-2024-27030
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27037 is not applicable.

The kernel is not affected by CVE-2024-27037
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27053 is not applicable.

The kernel is not affected by CVE-2024-27053
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27076 is not applicable.

The kernel is not affected by CVE-2024-27076
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27078 is not applicable.

The kernel is not affected by CVE-2024-27078
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27405 is not applicable.

The kernel is not affected by CVE-2024-27405
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27419 is not applicable.

The kernel is not affected by CVE-2024-27419 since the code under
consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27432 is not applicable.

The kernel is not affected by CVE-2024-27432
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35829 is not applicable.

The kernel is not affected by CVE-2024-35829
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35844 is not applicable.

The kernel is not affected by CVE-2024-35844
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list