[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2024-12378)

Thu May 23 18:49:51 UTC 2024

Synopsis: ELSA-2024-12378 can now be patched using Ksplice
CVEs: CVE-2022-3061 CVE-2023-52486 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52615 CVE-2023-52619 CVE-2023-52623 CVE-2024-0340 CVE-2024-0607 CVE-2024-26600 CVE-2024-26602 CVE-2024-26613 CVE-2024-26625 CVE-2024-26635 CVE-2024-26636 CVE-2024-26663 CVE-2024-26675 CVE-2024-26679 CVE-2024-26685 CVE-2024-26696 CVE-2024-26697 CVE-2024-26704 CVE-2024-26720 CVE-2024-26722 CVE-2024-26735 CVE-2024-26744 CVE-2024-26752 CVE-2024-26764 CVE-2024-26772 CVE-2024-26773 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26791 CVE-2024-26793 CVE-2024-26801 CVE-2024-26805 CVE-2024-26825 CVE-2024-26839 CVE-2024-26840 CVE-2024-26917 CVE-2024-26920

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12378.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12378.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-52615: Denial-of-service in Hardware Random Number Generator.

A read from /dev/hwrng into a memory mapped by another read can
lead to a deadlock. A local attacker can exploit this flaw to
cause a denial-of-service.

* Note: Oracle has determined that CVE-2024-26636 is not applicable.

Transmission in Logical Link Layer type 2 subsystem involving
zero-length headroom socket can lead to out-of-bounds write. A
local attacker can exploit this flaw to cause denial-of-service
or privilege escalation.

The kernel is not affected by CVE-2024-26636 since the code under
consideration is not compiled (LLC2 support is not enabled).

* CVE-2024-26613: Information leak in RDS networking stack.

An incorrect bound-check when receiving path latency can lead to an
out-of-bounds read. A local attacker can exploit this flaw to extract
sensitive information from kernel memory or cause denial-of-service.

* CVE-2023-52486: Denial-of-service in Direct Rendering Manager subsystem.

When replacing the scanned-out framebuffer with a new one, a deadlock
is possible leading to a use-after-free. A local attacker can exploit
this flaw to cause denial-of-service or aid in other types of attacks.

* Note: Oracle has determined that CVE-2023-52607 is not applicable.

Failure to check memory allocation success can lead to a null-pointer
dereference in the PowerPC architecture's memory management code.

The kernel is not affected by CVE-2023-52607 since the code under
consideration is not compiled (kernel is not built for PowerPC).

* Note: Oracle has determined that CVE-2023-52606 is not applicable.

Invalid maximum size assumption for emulation of vector instructions by
the PowerPC architecture core can lead to kernel stack corruption. A
local attacker can exploit this flaw to cause privilege escalation or
denial-of-service.

The kernel is not affected by CVE-2023-52606 since the code under
consideration is not compiled (kernel is not built for PowerPC).

* CVE-2023-52605: Denial-of-service in Extended MCA Error Log driver.

A misplaced null check in the module exit function of ACPI Extended MCA
Error Log driver can lead to a null-pointer dereference. A privileged
attacker can exploit this flaw to cause denial-of-service.

* Note: Oracle has determined that CVE-2023-52604 is not applicable.

Updating an internal data structure in JFS filesystem can lead to
out-of-bounds access (both read and write). A local attacker can
exploit this flaw to extract sensitive information from kernel memory,
cause privilege escalation, denial-of-service, or aid in other types of
attacks.

The kernel is not affected by CVE-2023-52604 since the code under
consideration is not compiled (entire filesystem is not compiled).

* Note: Oracle has determined that CVE-2023-52603 is not applicable.

A logic error when creating directory in JFS filesystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service or escalate privileges.

The kernel is not affected by CVE-2023-52603
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2023-52602 is not applicable.

An invalid value in the internal entry table of JFS filesystem can lead
to out-of-bounds access (both read and write). A local attacker can
exploit this flaw to extract sensitive information from kernel memory,
cause privilege escalation, denial-of-service, or aid in other types of
attacks.

The kernel is not affected by CVE-2023-52602 since the code under
consideration is not compiled (entire filesystem is not compiled).

* Note: Oracle has determined that CVE-2023-52600 is not applicable.

A logic error during error handling when mounting JFS filesystem could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.

The kernel is not affected by CVE-2023-52600
since the code under consideration is not compiled.

* CVE-2023-52619: Denial-of-service in generic Persistent Storage filesystem layer.

RAM Oops/Panic Logger of the Persistent Storage layer can set the
number of CPU cores to an odd number, leading to a crash. A local
attacker can exploit this flaw to cause denial-of-service.

* Note: Oracle has determined that CVE-2023-52599 is not applicable.

An invalid value of allocation group number in JFS filesystem can lead
to an out-of-bounds access (both read and write). A local attacker can
exploit this flaw to extract sensitive information from kernel memory,
cause privilege escalation, denial-of-service, or aid in other types
of attacks.

The kernel is not affected by CVE-2023-52599 since the code under
consideration is not compiled (entire filesystem is not compiled).

* Note: Oracle has determined that CVE-2023-52598 is not applicable.

Racing of an IRQ and handling of floating point control register on a
System/390 machine can lead to corruption of the register. A local
attacker can exploit this flaw to cause denial-of-service, data
corruption, or aid in other types of attacks.

The kernel is not affected by CVE-2023-52598 since the code under
consideration is not compiled (kernel is not built for System/390).

* Note: Oracle has determined that CVE-2023-52597 is not applicable.

Racing of an IRQ and handling of floating point control register for a
KVM can lead to the corruption of said register on System/390 machines.
A local attacker can exploit this flaw to cause denial-of-service, data
corruption, or aid in other types of attacks.

The kernel is not affected by CVE-2023-52597 since the code under
consideration is not compiled (kernel is not built for System/390).

* CVE-2023-52623: Denial-of-service in SUNRPC networking stack.

A locking error when using SUNRPC subsystem could lead to a race
condition. A local attacker could use this flaw to cause a
denial-of-service or facilitate an attack.

* CVE-2023-52594: Information leak in Atheros HTC-based WiFi driver.

A missing bound-check in the transmit status operation after a config
request by an Atheros HTC-based WiFi card can lead to an out-of-bounds
read. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or cause denial-of-service.

* CVE-2023-52583: Denial-of-service in Ceph distributed filesystem.

Incorrect locking order between parent and child directory entries
during an operation in Ceph filesystem can lead to a deadlock. A
local attacker can exploit this flaw to cause a denial-of-service.

* Note: Oracle has determined that CVE-2024-26625 is not applicable.

Improper cleanup of Logical Link Layer type 2 sockets can lead to a
use-after-free error later. An attacker, possibly remote, can exploit
this flaw to cause denial-of-service or aid in other types of attacks.

The kernel is not affected by CVE-2024-26625 since the code under
consideration is not compiled (LLC2 support is not enabled).

* CVE-2024-26679: Denial-of-service in IP networking stack.

Reception of error can race with socket mutating from IPv6 to IPv4,
leading to no reception. A local attacker can exploit this flaw to
cause denial-of-service.

* Note: Oracle has determined that CVE-2024-26663 is not applicable.

Missing bearer type check while adding IP addresses in TIPC bearer can
lead to a null-pointer dereference. A local attacker can exploit this
flaw to cause denial-of-service.

The kernel is not affected by CVE-2024-26663
since the code under consideration is not compiled.

* CVE-2024-26675: Denial-of-service in PPP async serial channel driver.

Lack of maximum size check when setting Maximum Receive Unit using the
ppp_async ioctl can lead to an attempt to allocate an oversized sockets,
which would fail and thus the ioctl operation fails. A local attacker
can exploit this flaw to cause denial-of-service.

* CVE-2024-0340: Information leak when using Vhost.

A missing zeroing of kernel memory when using Vhost could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.

* Note: Oracle has determined that CVE-2024-26722 is not applicable.

Missing mutex unlock in RT5645 ALSA SoC audio codec driver can lead to
a deadlock. A local attacker can exploit this flaw to cause
denial-of-service.

The kernel is not affected by CVE-2024-26722 since the code under
consideration is not compiled (driver not present).

* CVE-2024-26720: Denial-of-service in kernel memory manager.

Incorrect cast of a divisor while setting dirty page writeback limits
can lead to a divide-by-zero error. A local privileged attacker can
exploit this flaw to cause denial-of-service.

* Note: Oracle has determined that CVE-2024-26825 is not applicable.

A device may get deallocated while receiving packets in NFC subsystem,
leading to socket buffers being leaked. A local attacker can exploit
this flaw to exhaust kernel memory and cause a denial-of-service.

The kernel is not affected by CVE-2024-26825 since the code under
consideration is not compiled (NFC support is not enabled).

* CVE-2024-26704: Denial-of-service in ext4 filesystem.

When moving extents in ext4 filesystem, a failure to cope for an
unsuccessful loop exit when calculating the moved length can lead
to a double-free and divide-by-zero error. A local attacker can
exploit this flaw to cause denial-of-service or aid in other types
of attacks.

* Note: Oracle has determined that CVE-2024-26697 is not applicable.

Incorrect offset calculation during block recovery in NILFS2 filesystem
can allow a local attacker to cause data corruption or leak sensitive
information from the kernel memory.

The kernel is not affected by CVE-2024-26697 since the code under
consideration is not compiled (entire filesystem is not compiled).

* Note: Oracle has determined that CVE-2024-26696 is not applicable.

Conditional waiting for writeback to complete in NILFS2 filesystem can
lead to a deadlock. A local attacker can exploit this flaw to cause
denial-of-service.

The kernel is not affected by CVE-2024-26696 since the code under
consideration is not compiled (entire filesystem is not compiled).

* CVE-2024-26602: Denial-of-service using membarrier system call.

membarrier syscall can slowdown some systems entirely to saturation.
A local attacker can exploit this flaw to cause a denial-of-service.

* Note: Oracle has determined that CVE-2024-26685 is not applicable.

Faulty manipulation of flags during async write in NILFS2 filesystem
can lead to a kernel BUG. A local attacker can exploit this flaw to
cause denial-of-service.

The kernel is not affected by CVE-2024-26685 since the code under
consideration is not compiled (entire filesystem is not compiled).

* CVE-2024-0607: Denial-of-service in the netfilter subsystem.

A logical error in the netfilter subsystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.

* Note: Oracle has determined that CVE-2024-26600 is not applicable.

The kernel is not affected by CVE-2024-26600
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2022-3061, CVE-2024-26777 are not applicable.

The kernel is not affected by CVE-2022-3061, CVE-2024-26777
since the code under consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26839 is not applicable.

The kernel is not affected by CVE-2024-26839
since the code under consideration is not compiled.

* CVE-2023-52587: Deadlock in ipoib multicast mode.

Incorrect locking when iterating the multicast list for an IP-over-IB
connection could result in an infinite loop. A malicious user able to
create IP-over-IB connections might be able to exploit this to cause a
denial-of-service on the system.

* CVE-2024-26917: Denial-of-service in Fibre Channel over Ethernet module.

Incorrect type of locking when handling controllers in FCoE module
results in interrupts by the FCoE devices being missed. A local
attacker can exploit this flaw to cause a denial-of-service.

* Note: Oracle has determined that CVE-2024-26635 is not applicable.

Improper removal of token ring support in 2012 from the net subsystem
can lead to dereferencing of uninitialised pointers when receiving
token ring packets in the Logical Link Layer type 2 subsystem. A
remote attacker can exploit this flaw to cause denial-of-service,
privilege escalation, or aid in other types of attacks.

The kernel is not affected by CVE-2024-26635 since the code under
consideration is not compiled (LLC2 support is not enabled).

* Note: Oracle has determined that CVE-2023-52601 is not applicable.

Missing bound check for accessing an internal data structure in JFS
filesystem can lead to out-of-bounds access (both read and write). A
local attacker can exploit this flaw to extract sensitive information
from kernel memory, cause privilege escalation, denial-of-service, or
aid in other types of attacks.

The kernel is not affected by CVE-2023-52601 since the code under
consideration is not compiled (entire filesystem is not compiled).

* Note: Oracle has determined that CVE-2024-26920 is not applicable.

This CVE is assigned to a commit which is incorrectly backported to the
stable trees, which will break things instead of fixing.

* CVE-2024-26779: Denial-of-service in mac80211 due to incorrect fast-xmit check.

A logic error when performing fast-xmit checks in the mac80211 driver
can lead to the use of uninitialized data, and a subsequent kernel
panic.  This flaw could potentially be exploited to cause a
denial-of-service

* CVE-2024-26778: Denial-of-service in S3 Savage framebuffer driver.

Insufficient input sanitization in the S3 Savage framebuffer device
driver can lead to a division by zero.  This flaw could potentially be
exploited be a local attacker to cause a denial-of-service.

* CVE-2024-26772, CVE-2024-26773: Filesystem corruption in ext4 during block allocation.

Failure to check for corrupted block group bitmaps in the ext4 driver
can lead to filesystem corruption.  A malicious local user could
exploit these flaws to cause data loss and corruption.

* CVE-2024-26752: Packet corruption during IPv6 header calculation in L2TP.

A mathematical error when calculating part of the IPv6 header can cause
the L2TP driver to transmit corrupted packets.  This flaw could
potentially be exploited to aid in another type of attack.

* CVE-2024-26744: Denial-of-service when loading the ib_srpt driver.

A logic error when loading the ib_srpt driver with the srpt_service_guid
parameter set causes a kernel panic.  A local attacker with permission
to load modules could exploit this flaw to cause a denial-of-service.

* Note: Oracle has determined that CVE-2024-26735 is not applicable.

The kernel is not affected by CVE-2024-26735 since the code under
consideration is not compiled.

* Note: Oracle has determined that CVE-2024-26735 is not applicable.

A running kernel is not affected by CVE-2024-26735, as this bug can only
be triggered at boot time.

* Note: Oracle has determined that CVE-2024-26764 is not applicable.

The kernel is not affected by CVE-2024-26764 since io_uring is not
present on the 4.14 kernel.

* CVE-2024-26805: Information leak in Netlink driver during packet creation.

An incorrect buffer length calculation in when creating new packets in
the Netlink driver causes uninitialized memory to be copied into a
packet buffer.  This flaw could be exploited to leak sensitive
information from the running kernel.

* CVE-2024-26801: Use-after-free in Bluetooth driver error path.

When handling a hardware error, a refcounting mistake in the Bluetooth
driver can lead to a use-after-free scenario.  An attacker could
potentially exploit this flaw to leak information about the running
system, or cause a denial-of-service.

* Note: Oracle has determined that CVE-2024-26793 is not applicable.

The kernel is not affected by CVE-2024-26793 since the code under
consideration is not compiled.

* CVE-2024-26791: Out-of-bounds read in btrfs device name handling.

Improper validation of device names in the btrfs driver can lead to an
out-of-bounds kernel read.  This flaw could be exploited by a local
attacker to leak information about the running system.

* CVE-2024-26840: Memory leak in CacheFiles caching backend.

Improper reference counting in the CacheFiles caching backed causes a
memory leak.  This flaw could be exploited by a local attacker to waste
system resources and degrade performance, and potentially to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.