[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2024-12813)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Nov 19 05:00:30 UTC 2024 

Synopsis: ELSA-2024-12813 can now be patched using Ksplice
CVEs: CVE-2023-31083 CVE-2024-26951 CVE-2024-36028 CVE-2024-41011 CVE-2024-41098 CVE-2024-42228 CVE-2024-43854 CVE-2024-43884 CVE-2024-44947 CVE-2024-44987 CVE-2024-44999 CVE-2024-45003 CVE-2024-45008 CVE-2024-45016 CVE-2024-45021 CVE-2024-45025 CVE-2024-46677 CVE-2024-46679 CVE-2024-46714 CVE-2024-46722 CVE-2024-46723 CVE-2024-46737 CVE-2024-46739 CVE-2024-46744 CVE-2024-46745 CVE-2024-46755 CVE-2024-46783 CVE-2024-46800 CVE-2024-46817 CVE-2024-46818 CVE-2024-47668 CVE-2024-49958

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12813.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12813.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-31083: Denial-of-service in Bluetooth HCI UART driver.

A race condition in the Bluetooth HCI UART driver between
HCIUARTSETPROTO and HCIUARTGETPROTO ioctl commands may lead
to a null pointer dereference. A local user could use this
flaw to cause a system crash.


* CVE-2024-26951: Code execution in WireGuard secure network tunnel.

A race condition when dumping device information after peers were
recently removed from an interface in wireguard could lead to a use-
after-free. A local attacker could use this flaw to execute arbitrary
code in kernel mode.

Orabug: 36596766


* CVE-2024-36028: Memory corruption in generic HugeTLB support.

A race condition when using HugeTLB pages could lead to a
use-after-free. A local attacker could use this flaw to
cause memory corruption.

Orabug: 36683094


* CVE-2024-41011: Information leak in AMD display core driver.

A missing check when using the AMD display core driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-41098: Denial-of-service in SATA/PATA driver.

A missing check when using the SATA/PATA driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-42228: Information leak in AMD GPU driver.

A missing variable initialization when using the AMD GPU driver could
lead to use of uninitialized memory. A local attacker could use this
flaw to extract sensitive information.


* CVE-2024-43854: Information leak in Block layer data integrity driver.

A missing variable initialization when using the Block layer data
integrity driver could lead to uninitialised kernel memory being written
to disk. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-43884: Denial-of-service in Bluetooth subsystem.

A missing check when using the Bluetooth subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-44947: Information leak in FUSE driver.

A missing page initialization when using the FUSE driver could lead
to later use of uninitialized kernel memory by userspace via mmap. A
local attacker could use this flaw to extract sensitive information.


* CVE-2024-44987: Privilege escalation in IPv6 networking stack.

A locking error when using the IPv6 networking stack could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-44999: Remote information leak in GPRS Tunneling Protocol stack.

A missing check when using the GPRS Tunneling Protocol stack could
lead to an out-of-bounds memory access. A remote attacker could use
this flaw to extract sensitive information.


* CVE-2024-45003: Denial-of-service in core filesystem layer.

A race condition when using the core filesystem layer could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-45008, CVE-2024-46745: Denial-of-service in user-level input subsystem.

A missing check when using the user-level input subsystem could lead to
an arbitrarily large memory allocation. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-45016: Privilege escalation in network emulator.

An incorrect return status when enqueuing duplicated packets in the
network emulator driver could lead to a use-after-free. A local
attacker could use this flaw to gain root privileges.


* CVE-2024-45021: Denial-of-service in memory controller.

A logic error when using the memory controller could lead to an out-of-
bounds memory access. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-45025: Denial-of-service in core filesystem layer.

A logic error when using the core filesystem layer could lead to
corruption of file-descriptor bitmaps. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-46677: Denial-of-service in GPRS Tunneling Protocol stack.

A logic error when using the GPRS Tunneling Protocol stack could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-46679: Denial-of-service in netlink interface for ethtool.

A missing check when using the netlink interface for ethtool could lead
to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-46714: Denial-of-service in AMD display core driver.

A missing check when using the AMD display core driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-46722, CVE-2024-46723: Denial-of-service in AMDGPU driver.

Missing checks when using the AMDGPU driver could lead to an out-of-
bounds memory read. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-46737: Denial-of-service in NVMe-oF/TCP target driver.

A failure to clear a variable when using the NVMe-oF/TCP target driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2024-46739: Denial-of-service in generic Hyper-V VMBus driver.

A logic error when using the generic Hyper-V VMBus driver could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-46744: Information leak in SquashFS filesystem.

A missing check when using the SquashFS filesystem could lead to use of
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-46755: Denial-of-service in Marvell WiFi-Ex driver.

A missing check when using the Marvell WiFi-Ex driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-46783: Denial-of-service in TCP/IP networking stack.

A logic error when using the TCP/IP networking stack could lead to a
kernel panic. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-46800: Privilege escalation in network emulator.

Missing update after a packet drop when using the network emulator
could lead to a use-after-free. A local attacker could use this
flaw to escalate privileges.


* CVE-2024-46817, CVE-2024-46818: Memory corruption in AMD display core driver.

Missing checks when using the AMD display core driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.


* CVE-2024-47668: Privilege escalation in core kernel radix tree library.

A race condition when using the core kernel radix tree library could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-49958: Disk corruption and denial-of-service in OCFS2 filesystem.

A logic error when using the OCFS2 filesystem could lead to disk
corruption, and a potential kernel panic. A local attacker could
use this flaw to corrupt the filesystem, or cause a denial-of-service.

Orabug: 37199020


* Denial-of-service in generic Hyper-V VMBus driver.

A missing device unregister when rescind offer is handled by the
generic Hyper-V VMBus driver could lead to device being unusable.
A local attacker could use this flaw to cause a denial-of-service.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-44946, CVE-2024-44995, CVE-2024-44998, CVE-2024-45026,
CVE-2024-45028, CVE-2024-46674, CVE-2024-46676, CVE-2024-46721,
CVE-2024-46740, CVE-2024-46747, CVE-2024-46761, CVE-2024-46780,
CVE-2024-46781, CVE-2024-46782, CVE-2024-46815, CVE-2024-46828,
CVE-2024-46844, CVE-2024-47659, CVE-2024-47663, CVE-2024-47667,
CVE-2024-47669

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20241119/e9545286/attachment.sig>

More information about the El-errata mailing list