[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELBA-2024-12436)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jun 25 08:58:57 UTC 2024 

Synopsis: ELBA-2024-12436 can now be patched using Ksplice
CVEs: CVE-2022-48627 CVE-2023-46862 CVE-2023-52620 CVE-2023-52656 CVE-2023-52699 CVE-2023-52880 CVE-2024-24861 CVE-2024-25739 CVE-2024-26642 CVE-2024-26643 CVE-2024-26654 CVE-2024-26925 CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26965 CVE-2024-26966 CVE-2024-26973 CVE-2024-35806 CVE-2024-35819 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35888 CVE-2024-35893 CVE-2024-35897 CVE-2024-35900 CVE-2024-35910 CVE-2024-35915 CVE-2024-35925 CVE-2024-35930 CVE-2024-36020

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2024-12436.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2024-12436.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-48627, CVE-2024-35823: Data corruption in virtual terminal driver.

Optimisation of a function call in virtual terminal driver can lead to
data corruption due to copying between overlapping buffers. A local
attacker can exploit this flaw to cause a denial-of-service, corrupt
data, or aid in other types of attacks.


* CVE-2023-52620, CVE-2024-26642, CVE-2024-26643: Privilege escalation in netfilter subsystem.

A logical error in the netfilter subsystem can cause a race between the
netfilter garbage collector and freeing of anonymous sets with timeouts
(wrongly allowed to create from userspace), leading to a use-after-free.
A local attacker can exploit this flaw to escalate privileges or
facilitate an attack.


* CVE-2023-52880: Privilege escalation in GSM 07.10 tty multiplexor.

An unprivileged user can attach to the line discipline of GSM 07.10 tty
multiplexor driver even though CAP_NET_ADMIN is needed to create a GSM
network. A local attacker can exploit this flaw to extract sensitive
information from kernel memory, execute arbitrary code, and eventually
escalate privileges or facilitate an attack.


* CVE-2024-24861: Denial-of-service in Xceive XC4000 silicon tuner driver.

Missing locking in Xceive XC4000 silicon tuner driver when reading and
modifying frequency could lead to inconsistent data. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2024-25739: Denial-of-service when using Unsorted Block Images driver.

A logic error when using Unsorted Block Images driver could lead to a
kernel crash. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-26925, CVE-2024-35897, CVE-2024-35900: Privilege escalation in netfilter subsystem.

A logical error in the netfilter subsystem in handling asynchronous
garbage collection and table updates can lead to a double free. A
local attacker can exploit this flaw to escalate privileges or aid
in other types of attacks.


* CVE-2024-26973: Information leak in FAT filesystem.

Uninitialised field in FAT filesystem can eventually lead to memory
leak. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or facilitate an attack.


* CVE-2024-35888: Information leak in GRE over IP protocol decoder.

A logical error in GRE over IP protocol decoder doesn't ensure
existence of header in socket buffer, leading to uninitialised
memory being used. A local attacker can exploit this flaw to
extract sensitive information from the kernel memory or
facilitate an attack.


* CVE-2024-35893: Information leak in core net subsystem.

When skb data modification is allowed, a hole in a struct causes kernel
memory to be leaked to userspace. A local attacker can exploit this
flaw to extract sensitive information from the kernel memory.


* CVE-2024-35910: Denial-of-service in IPv4 TCP networking stack.

A logical error in IPv4 TCP networking stack when handling timers upon
a kernel socket release can lead to a null-pointer dereference. A local
attacker can exploit this flaw to cause a denial-of-service.


* CVE-2024-35925: Denial-of-service in core block subsystem.

A calculation error in core block subsystem can lead to an integer
overflow, leading to a divide-by-zero error. A local attacker can
exploit this flaw to cause a denial-of-service or facilitate an
attack.


* CVE-2024-35930: Resource leak in Emulex LightPulse Fibre Channel driver.

A missing free in Emulex LightPulse Fibre Channel driver can lead to a
resource leak. A local attacker can exploit this flaw to cause resource
exhaustion and thus a denial-of-service.


* CVE-2024-36020: Denial-of-service in Intel Ethernet Controller XL710 Family driver.

A logical error in the Intel Ethernet Controller XL710 Family driver
can lead to a server hang. A local attacker can exploit this flaw to
cause a denial-of-service.


* Denial-of-service in generic CPU hotplug interrupt migration code.

Lack of interrupt vectors in the CPU while regular interrupts are being
migrated can lead to failure in servicing the interrupts. An example is
an intermittent loss of communication between KVM VMs. A local attacker
can exploit this flaw to cause a denial-of-service.

Orabug: 36378870


* Note: Oracle will not provide a zero-downtime update for CVE-2023-46862.

A race is possible in io_uring during thread exit leading to a
null-pointer dereference, which can be exploited to cause a
denial-of-service.

io_uring is known big attack surface in security circles, and thus we
recommend to disable it via sysfs in newer versions. It has already
been disabled via a previous ksplice update for older versions. Hence
this vulnerablity does not apply.

Orabug: 36544122


* Note: Oracle will not provide a zero-downtime update for CVE-2023-52656.

io_uring no longer supports passing file descriptors over SCM_RIGHTS,
but the resulting dead code was not removed and can be exploited to
escalate privileges or facilitate an attack.

io_uring is known big attack surface in security circles, and thus we
recommend to disable it via sysfs in newer versions. It has already
been disabled via a previous ksplice update for older versions. Hence
this vulnerablity does not apply.

Orabug: 36544122


* Note: Oracle has determined that CVE-2023-52699 is not applicable.

The kernel is not affected by CVE-2023-52699
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26654 is not applicable.

The kernel is not affected by CVE-2024-26654
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26955 is not applicable.

The kernel is not affected by CVE-2024-26955
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26956 is not applicable.

The kernel is not affected by CVE-2024-26956
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26957 is not applicable.

The kernel is not affected by CVE-2024-26957
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26965 is not applicable.

The kernel is not affected by CVE-2024-26965
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26966 is not applicable.

The kernel is not affected by CVE-2024-26966
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35806, CVE-2024-35819 are not applicable.

The kernel is not affected by CVE-2024-35806, CVE-2024-35819
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35822 is not applicable.

The kernel is not affected by CVE-2024-35822
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35825 is not applicable.

The kernel is not affected by CVE-2024-35825
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35915 is not applicable.

The kernel is not affected by CVE-2024-35915
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20240625/79e3a126/attachment.sig>

More information about the El-errata mailing list