[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELBA-2024-12205)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Mar 14 07:31:20 UTC 2024 

Synopsis: ELBA-2024-12205 can now be patched using Ksplice
CVEs: CVE-2023-46838 CVE-2023-52340 CVE-2023-52439 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52454 CVE-2023-52470 CVE-2023-6040 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6915 CVE-2024-0646 CVE-2024-26581

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2024-12205.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2024-12205.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-6040: Privilege escalation in Netfilter.

The Netfilter subsystem did not properly validate network family
support while creating a new Netfilter table. A local attacker
could use this flaw to cause a denial-of-service or potentially
escalate privileges.


* CVE-2024-0646: Out-of-bounds write in the TLS networking stack.

Incorrect handling of plaintext message buffers during transmission
can lead to an out-of-bounds write. A local attacker can exploit
this flaw to cause denial-of-service or privilege escalation.


* CVE-2023-6915: Denial-of-service in kernel ID allocator.

During the freeing operation, if there are no nearby IDs allocated,
a NULL pointer is stored which is not checked for and thus is later
dereferenced. A local attacker can exploit this flaw to cause a
denial-of-service.


* XSA-448, CVE-2023-46838: Denial-of-service in Xen virtual networking stack.

Zero-length transmission requests can lead to NULL pointer dereference
in the Xen hypervisor's virtual networking stack. A remote attacker
can exploit this flaw to cause denial-of-service.


* CVE-2023-52340: Uncontrolled resource consumption in IPv6 stack.

ICMPv6 "Package Too Big" response from the remote receiver causes the
the routing table being cloned for each such packet transmission, which
can increase the table size to more than a set low threshold for the
garbage collector. Continuous reception of messages will starve the CPU
such that a remote attacker can exploit this to cause denial-of-service.


* CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-52454: Denial-of-service when using NVMe over TCP.

Incorrect handling of lengths and offsets in fields of TCP packets
by the NVMe driver could lead to a NULL pointer dereference. A remote
attacker could exploit this flaw to cause a denial-of-service by
sending specially-crafted malicious packets.


* CVE-2023-52439: Use-after-free and double-free in Userspace IO.

A race between open and unregister functions will lead to a
use-after-free and a double-free. A local attacker can exploit this
flaw to cause denial-of-service or aid in other type of attacks.


* CVE-2023-52449: Denial-of-service in Memory Technology Device layer.

Incorrect handling of unsorted block images after creating
a partition in the memory technology device layer can lead
to a null-pointer dereference. A local attacker can exploit
this flaw to cause denial-of-service.


* CVE-2023-52448: Denial-of-service in GFS2 filesystem.

Printing a resource group from the GFS2 filesystem can lead to a
null-pointer dereference. A local attacker can exploit this flaw
to cause denial-of-service.


* CVE-2023-52445: Use-after-free in Hauppauge WinTV-PVR USB2 driver.

Disconnecting a context in pvrusb2 driver can lead to a use-after-free
error. A local attacker can exploit this flaw to cause a privilege
escalation or denial-of-service.


* CVE-2023-52470: Denial-of-service in AMD Radeon display driver.

Allocation of scanout buffers for AMD Radeon GPUs can lead to a
null-pointer dereference. A local attacker can exploit this flaw
to cause denial-of-service.


* CVE-2024-26581: Out-of-bounds write in netfilter subsystem.

Garbage collection while inserting an element in the internal kernel
data structure in the netfilter subsystem can lead to an out-of-bounds
write. A local attacker can exploit this flaw to cause privilege
escalation or denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20240314/0aacc98e/attachment.sig>

More information about the El-errata mailing list