[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2024-12433)

Fri Jun 28 20:25:40 UTC 2024

Synopsis: ELSA-2024-12433 can now be patched using Ksplice
CVEs: CVE-2022-38096 CVE-2022-43945 CVE-2023-52488 CVE-2023-52699 
CVE-2023-52880 CVE-2024-25739 CVE-2024-26642 CVE-2024-26643 
CVE-2024-26654 CVE-2024-26814 CVE-2024-26923 CVE-2024-26925 
CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 
CVE-2024-26965 CVE-2024-26966 CVE-2024-26970 CVE-2024-26973 
CVE-2024-27393 CVE-2024-35791 CVE-2024-35796 CVE-2024-35806 
CVE-2024-35819 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 
CVE-2024-35871 CVE-2024-35884 CVE-2024-35888 CVE-2024-35890 
CVE-2024-35893 CVE-2024-35896 CVE-2024-35897 CVE-2024-35900 
CVE-2024-35910 CVE-2024-35915 CVE-2024-35934 CVE-2024-35940 
CVE-2024-35950 CVE-2024-35962 CVE-2024-35973

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12433.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12433.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-38096: Denial-of-service in DRM driver for VMware Virtual GPU.

Incorrect return status checks when using improperly initialized
rendering contexts in vmwgfx could lead to a null pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.

* CVE-2023-52880: Privilege escalation in GSM 07.10 tty multiplexor.

An unprivileged user can attach to the line discipline of GSM 07.10 tty
multiplexor driver even though CAP_NET_ADMIN is needed to create a GSM
network. A local attacker can exploit this flaw to extract sensitive
information from kernel memory, execute arbitrary code, and eventually
escalate privileges or facilitate an attack.

* CVE-2024-25739: Denial-of-service when using Unsorted Block Images driver.

A logic error when using Unsorted Block Images driver could lead to a
kernel crash. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-26642, CVE-2024-26643: Privilege escalation in netfilter 
subsystem.

A logical error in the netfilter subsystem can cause a race between the
netfilter garbage collector and freeing of anonymous sets with timeouts
(wrongly allowed to create from userspace), leading to a use-after-free.
A local attacker can exploit this flaw to escalate privileges or
facilitate an attack.

* CVE-2024-26923: Denial-of-service in Garbage Collector For AF_UNIX 
sockets.

A race condition in Garbage Collector For AF_UNIX sockets driver could 
lead to
a memory leak. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-26925, CVE-2024-35897, CVE-2024-35900: Privilege escalation 
in netfilter subsystem.

A logical error in the netfilter subsystem in handling asynchronous
garbage collection and table updates can lead to a double free. A
local attacker can exploit this flaw to escalate privileges or aid
in other types of attacks.

* CVE-2024-26958: Denial-of-service in NFS client driver.

A race condition in NFS client driver could lead to a use-after-free. A 
local
attacker could use this flaw to cause a denial-of-service.

* CVE-2024-26973: Information leak in FAT filesystem.

Uninitialised field in FAT filesystem can eventually lead to memory
leak. A local attack can exploit this flaw to extract sensitive
information from the kernel memory or facilitate an attack.

* CVE-2024-27393: Denial-of-service in Xen network device frontend driver.

A logic error when using Xen network device frontend driver driver could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-35791: Denial-of-service in AMD SVM-SEV.

A locking error when using AMD SVM-SEV driver could lead to a use-after-
free. A local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-35823: Denial-of-service in virtual terminal driver.

Optimisation of a function call in virtual terminal driver can lead to
data corruption due to copying between overlapping buffers. A local
attacker can exploit this flaw to cause a denial-of-service, corrupt
data, or aid in other types of attacks.

* CVE-2024-35884: Denial-of-service in Generic Segmentation Offload driver.

An incorrect handling logic of packets in Generic Segmentation Offload
code in the Linux kernel networking stack can result in an internal
assertion triggering. An attacker can use this flaw to cause
denial-of-service.

* CVE-2024-35888: Information leak in GRE over IP protocol decoder.

A logical error in GRE over IP protocol decoder doesn't ensure
existence of header in socket buffer, leading to uninitialised
memory being used. A local attacker can exploit this flaw to
extract sensitive information from the kernel memory or
facilitate an attack.

* CVE-2024-35890: Denial-of-service in Generic Receive Offload driver.

An incorrect handling logic of frames in Generic Receive Offload code
in the Linux kernel networking stack can result in an internal
assertion triggering. An attacker can use this flaw to cause
denial-of-service.

* CVE-2024-35893: Information leak in core net subsystem.

When skb data modification is allowed, a hole in a struct causes kernel
memory to be leaked to userspace. A local attacker can exploit this
flaw to extract sensitive information from the kernel memory.

* CVE-2024-35896, CVE-2024-35962: Memory corruption in Netfilter.

A missing check on user input when operating on socket options in Netfilter
driver could lead to an out-of-bounds memory access. A local attacker
could use this flaw to cause memory corruption.

* CVE-2024-35910: Denial-of-service in IPv4 TCP networking stack.

A logical error in IPv4 TCP networking stack when handling timers upon
a kernel socket release can lead to a null-pointer dereference. A local
attacker can exploit this flaw to cause a denial-of-service.

* CVE-2024-35950: Denial-of-service in Direct Rendering Manager.

A locking error when using Direct Rendering Manager driver could lead to
a use-after-free. A local attacker could use this flaw to cause
denial-of-service.

* CVE-2024-35973: Denial-of-service in Generic Network Virtualization 
Encapsulation.

A logic error when using Generic Network Virtualization Encapsulation
driver could lead to use of uninitialized memory. A local attacker could
use this flaw to cause a denial-of-service.

* Improved fix for CVE-2022-43945: Out-of-bounds memory access in NFSD.

A logic error in NFSD when a small RPC Call message arrives in an
oversized RPC record can lead to a buffer overflow. A remote attacker
could use this flaw for a denial-of-service or privilege escalation.

* Note: Oracle has determined that CVE-2023-52488 is not applicable.

The kernel is not affected by CVE-2023-52488
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2023-52699 is not applicable.

The kernel is not affected by CVE-2023-52699
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26654 is not applicable.

The kernel is not affected by CVE-2024-26654
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26814 is not applicable.

The kernel is not affected by CVE-2024-26814
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26955 is not applicable.

The kernel is not affected by CVE-2024-26955
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26956 is not applicable.

The kernel is not affected by CVE-2024-26956
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26957 is not applicable.

The kernel is not affected by CVE-2024-26957
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26965 is not applicable.

The kernel is not affected by CVE-2024-26965
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26966 is not applicable.

The kernel is not affected by CVE-2024-26966
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26970 is not applicable.

The kernel is not affected by CVE-2024-26970
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35796 is not applicable.

The kernel is not affected by CVE-2024-35796
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35806, CVE-2024-35819 are 
not applicable.

The kernel is not affected by CVE-2024-35806, CVE-2024-35819
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35822 is not applicable.

The kernel is not affected by CVE-2024-35822
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35825 is not applicable.

The kernel is not affected by CVE-2024-35825
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35871 is not applicable.

The kernel is not affected by CVE-2024-35871
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35915 is not applicable.

The kernel is not affected by CVE-2024-35915
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35934 is not applicable.

The kernel is not affected by CVE-2024-35934
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-35940 is not applicable.

The kernel is not affected by CVE-2024-35940
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.