[El-errata] New Ksplice updates for RHCK 9 (ELSA-2024-12094)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Mar 27 16:24:34 UTC 2024 

Synopsis: ELSA-2024-12094 can now be patched using Ksplice
CVEs: CVE-2022-3545 CVE-2022-41858 CVE-2023-2166 CVE-2023-2176 CVE-2023-3777 CVE-2023-3812 CVE-2023-38409 CVE-2023-4015 CVE-2023-40283 CVE-2023-42753 CVE-2023-4622 CVE-2023-46813 CVE-2023-5178

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12094.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12094.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Enable livepatching of jump labels.




* Export a useable version of module_kallsyms_on_each_symbol.




* Prepare Ksplice options for entry/common.c.




* Provide an interface to freeze tasks.




* CVE-2023-5178: Privilege escalation in NVMe over Fabrics TCP.

A logic error when using NVMe over Fabrics TCP could lead to a
use-after-free. A remote attacker could use this flaw to escalate
privileges.


* CVE-2023-3812: Privilege escalation in TUN/TAP device driver.

A missing check on user input in TUN/TAP device driver could lead to an
out-of-bounds access. A local attacker could use this flaw to escalate
privileges.


* CVE-2023-2166: Denial-of-service when using CAN bus subsystem.

A missing check when using CAN bus subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2022-41858: Denial-of-service in the Serial Line Internet Protocol.

A race condition in the SLIP driver could lead to a NULL pointer
dereference.  A local, unprivileged user could use this flaw to cause a
denial-of-service.


* CVE-2022-3545: Use-after-free in Netronome Flow Processor Ethernet driver.

A logic flaw in error handling in Netronome Flow Processor Ethernet
driver could result in a use-after-free. A local attacker could use this
flaw for a denial-of-service or code execution.


* CVE-2023-46813: Permission bypass when using AMD Secure Encrypted Virtualization.

A logic error when using AMD Secure Encrypted Virtualization could let a
local attacker have arbitrary write access to kernel memory. A local
attacker could use this flaw to cause a denial-of-service or escalate
privileges.


* CVE-2023-4015: Use-after-free in Netfilter nf_tables.

Incorrect cleanup in the error path when building Netfilter nf_tables rules
can lead to use-after-free.  A local user could use this flaw for
denial-of-service or code execution.


* CVE-2023-40283: Use-after-free during Bluetooth socket teardown.

An incomplete cleanup operation when tearing down Bluetooth L2CAP
sockets can lead to a use-after-free.  This flaw could potentially be
exploited to cause a denial-of-service or other unexpected behavior.


* CVE-2023-3777: Denial-of-service when flushing netfilter rules tables.

When flushing netfilter rules, bound rule chains are erroneously freed.
A malicious user might exploit this to crash the kernel and cause a
denial-of-service.


* CVE-2023-4622: Use-after-free when sending data through Unix sockets.

A locking error when sending data through a Unix sockets that is
concurrently being pruned from garbage collected file descriptors could
lead to a use-after-free.  A local, unprivileged user could use this flaw
to cause a denial-of-service or escalate its privileges.


* CVE-2023-2176: Privilege escalation in RDMA subsystem.

A logic error when using RDMA subsystem could lead to an out-of-bounds
access. A local attacker could use this flaw to cause a denial-of-
service or escalate privilege.


* CVE-2023-42753: Privilege escalation in the netfilter subsystem.

A logic error when calculating an array offset in the netfilter
subsystem could lead to an out-of-bounds access. A local attacker could
use this flaw to escalate privileges or to cause a denial-of-service.


* CVE-2023-38409: Denial-of-service in the Framebuffer Console driver.

An incorrect array handling in the Framebuffer Console driver in the
Linux kernel could lead to a memory corruption flaw. A local attacker
may use this flaw to cause denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list