[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELBA-2024-12417)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Jun 14 17:26:56 UTC 2024 

Synopsis: ELBA-2024-12417 can now be patched using Ksplice
CVEs: CVE-2022-45884 CVE-2023-6270 CVE-2024-1086 CVE-2024-26816 CVE-2024-26851 CVE-2024-26857 CVE-2024-26859 CVE-2024-26863 CVE-2024-26874 CVE-2024-26875 CVE-2024-26889 CVE-2024-26898 CVE-2024-26901 CVE-2024-27028 CVE-2024-27078 CVE-2024-27419 CVE-2024-35828 CVE-2024-35830

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2024-12417.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2024-12417.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-26816: Information leak in /sys/kernel/notes for x86 systems.

An unprivileged attacker can read /sys/kernel/notes which contains
relocations of Xen variables. As System.map file is also readable
by an unprivileged attacker, KASLR can be bypassed since the attacker
can find out the relative offsets and combine that with the Xen
relocation address to find the address of any kernel symbol, which
can facilitate an attack, like privilege escalation.


* CVE-2024-26851: Denial-of-service in Network packet filtering framework.

A missing check when using Network packet filtering framework
(Netfilter) could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service or facilitate an
attack.


* CVE-2024-26857: Information leak in Generic Network Virtualization Encapsulation driver.

During reception of packets in GENEVE driver, uninitialised memory can
be accessed due to incorrect handling of headers of the socket buffer.
An attacker (local or remote) can exploit this flaw to access sensitive
information from the kernel memory or facilitate an attack.


* CVE-2024-26859: Denial-of-service in Broadcom NetXtremeII 10Gb driver.

Error handling logic in the Broadcom NetXtremeII 10Gb driver can lead
to a race between timeout and reset codepaths, leading to null-pointer
dereference in an attempt to free an already freed pointer. A local
attacker can exploit this flaw to cause a denial-of-service.


* CVE-2024-26863: Information leak in HSR networking stack.

Missing check for the HSR tag after the Ethernet header in the
High-availability Seamless Redundancy networking stack can lead
to accessing uninitialised memory. An attacker (local or remote)
can exploit this flaw to extract sensitive information from the
kernel memory or facilitate an attack.


* CVE-2024-26875: Use-after-free in Hauppauge WinTV-PVR USB2 driver.

A race can happen in the Hauppauge WinTV-PVR USB2 driver between
context disconnect and check in another thread, leading to a
use-after-free. A local attacker can exploit this flaw to cause a
denial-of-service, privilege escalation, or run arbitrary code.


* CVE-2024-26889: Out-of-bounds write in core Bluetooth subsystem.

When using the HCIGETDEVINFO ioctl command, a buffer overflow is
possible if the device name is bigger than expected. A remote
attacker can exploit this flaw to cause a denial-of-service or
privilege escalation.


* CVE-2024-26901: Information leak in file handle syscalls.

Incorrect initialisation in file handle code in core fs subsystem can
lead to information leak. A local attacker can exploit this flaw to
extract sensitive information from the kernel memory or aid in other
types of attacks.


* CVE-2024-35828: Resource leak in Marvell 8xxx Libertas WLAN driver.

Missing free in Marvell 8xxx Libertas WLAN driver when allocating
command buffers (typically done during device add) will lead to a
resource leak. A local or physical attacker can exploit this flaw
to cause a denial-of-service.


* Note: Oracle will not provide a zero-downtime update for CVE-2024-35830.

The kernel is not affected by CVE-2024-35830
since the code under consideration is not compiled.


* Note: Oracle will not provide a zero-downtime update for CVE-2022-45884.

A logic error when using Digital TV driver could lead to a
use-after-free or a memory leak. A local attacker could use this flaw to
cause a denial-of-service.

Oracle has determined that creating a zero-downtime update would not be
safe and recommends a reboot if such mitigation is required.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-6270 or CVE-2024-26898.

Due to incorrect handling of device refcount in the ATA-over-Ethernet
(AoE) driver, a race is possible between freeing of an AoE device and
access through associated socket buffers, leading to a use-after-free.
A local attacker can exploit this flaw to cause a denial-of-service or
execute arbitrary code.

Oracle has determined that patching CVE-2023-32258 on a running system
would not be safe and therefore recommends rebooting affected hosts into
the newest kernel to mitigate the vulnerability.


* Note: Oracle has determined that CVE-2024-26874 is not applicable.

The kernel is not affected by CVE-2024-26874
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27028 is not applicable.

The kernel is not affected by CVE-2024-27028
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27078 is not applicable.

The kernel is not affected by CVE-2024-27078
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27419 is not applicable.

The kernel is not affected by CVE-2024-27419
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list