[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2024-12815)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Nov 19 22:24:12 UTC 2024
Synopsis: ELSA-2024-12815 can now be patched using Ksplice
CVEs: CVE-2023-31083 CVE-2024-36028 CVE-2024-38538 CVE-2024-39472 CVE-2024-39503 CVE-2024-41009 CVE-2024-41012 CVE-2024-41015 CVE-2024-41020 CVE-2024-41042 CVE-2024-41060 CVE-2024-41063 CVE-2024-41072 CVE-2024-41073 CVE-2024-41090 CVE-2024-41091 CVE-2024-41098 CVE-2024-42114 CVE-2024-42228 CVE-2024-42259 CVE-2024-42265 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42292 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-43828 CVE-2024-43854 CVE-2024-43856 CVE-2024-43861 CVE-2024-43873 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43893 CVE-2024-44934 CVE-2024-44944 CVE-2024-44947 CVE-2024-44974 CVE-2024-44983 CVE-2024-44989 CVE-2024-44990 CVE-2024-45003 CVE-2024-45006 CVE-2024-45008 CVE-2024-45009 CVE-2024-45016 CVE-2024-45018 CVE-2024-45021 CVE-2024-45025 CVE-2024-46679 CVE-2024-46714 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46737 CVE-2024-46739 CVE-2024-46744 CVE-2024-46745 CVE-2024-46755 CVE-2024-46783 CVE-2024-46800 CVE-2024-46817 CVE-2024-46818 CVE-2024-47668 CVE-2024-49958
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12815.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12815.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2023-31083: Denial-of-service in Bluetooth HCI UART driver.
A race condition in the Bluetooth HCI UART driver between
HCIUARTSETPROTO and HCIUARTGETPROTO ioctl commands may lead to a NULL
pointer dereference. A local user could use this flaw to cause a system
crash.
* CVE-2024-36028: Memory corruption in generic HugeTLB support.
A race condition when using HugeTLB pages could lead to a
use-after-free. A local attacker could use this flaw to
cause memory corruption.
Orabug: 36683092
* CVE-2024-38538: Data corruption in 802.1d Ethernet Bridging.
A missing check when sending a short skb in the 802.1d Ethernet
Bridging driver could lead to use of uninitialized memory. An
attacker could use this flaw to cause data corruption.
Orabug: 36753371
* CVE-2024-39472: Denial-of-service in XFS filesystem driver.
A logic error when using the XFS filesystem driver could lead to an out-
of-bounds memory access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-41009: Denial-of-service in BPF ringbuf subsystem.
A logic error when using the BPF ringbuf subsystem could lead to a
kernel crash. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-41012, CVE-2024-41020: Privilege escalation in POSIX file locking driver.
A logic error when creating lock in the POSIX file locking driver could
lead to a use-after-free. A local attacker could use this flaw to gain
root privileges.
* CVE-2024-41015: Disk corruption in OCFS2 filesystem.
A missing check when using the OCFS2 filesystem could lead to an out-of-
bounds memory access. A local attacker could use this flaw to cause disk
corruption.
* CVE-2024-41042: Denial-of-service in netfilter subsystem.
A logic error when using the netfilter subsystem could lead to an
infinite loop / recursion. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-41060: Denial-of-service in ATI Radeon driver.
A missing check when using the ATI Radeon driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-41063: Denial-of-service in core bluetooth subsystem.
A logic error when using the core bluetooth subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-41072: Privilege escalation in core WiFi subsystem.
A missing check when using the core WiFi subsystem could lead to an out-
of-bounds memory access. A local attacker could use this flaw to cause a
denial-of-service or potentially escalate privileges.
* CVE-2024-41073: Memory corruption in NVME driver.
A logic error when a discard request is retried in the NVME driver could
lead to a double free. A local attacker could use this flaw to cause
memory corruption or as a step in another kind of attack.
* CVE-2024-41090, CVE-2024-41091: Information leak in Universal TUN/TAP device driver.
A missing check when using the Universal TUN/TAP device driver could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to cause information leak.
* CVE-2024-41098: Denial-of-service in SATA/PATA driver.
A missing check when using the SATA/PATA driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-42114: Denial-of-service in Wireless driver.
A logic error when using the Wireless driver could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-42228: Information leak in AMD GPU driver.
A missing variable initialization when using the AMD GPU driver could
lead to use of uninitialized memory. A local attacker could use this
flaw to extract sensitive information.
* CVE-2024-42259: Privilege escalation in Intel GFX driver.
A logic error when using the Intel GFX driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.
* CVE-2024-42265: Information leak in file descriptor driver.
A missing check when using the file descriptor driver could lead to
speculative execution. A local attacker could use this flaw to extract
sensitive information.
* CVE-2024-42280: Information leak in HFC-4S/8S/E1 ISDN controller driver.
A logic error when using the HFC-4S/8S/E1 ISDN controller driver could
lead to a use-after-free. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-42281: Denial-of-service in core net subsystem.
A logic error when using the BPF functionality could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-42283: Remote information leak in TCP/IP networking stack.
A missing variable initialization when using the TCP/IP networking stack
could lead to an out-of-bounds memory access. A remote attacker could
use this flaw to extract sensitive information.
* CVE-2024-42284: Privilege escalation in TIPC driver.
Incorrect return status when using the TIPC driver could lead to a
buffer overflow. A local attacker could use this flaw to escalate
privileges.
* CVE-2024-42285: Privilege escalation in InfiniBand driver.
A missing check when using the InfiniBand driver could lead to a use-
after-free. A local attacker could use this flaw to escalate privileges.
* CVE-2024-42292: Information leak in kernel userspace event delivery library.
A logic error when using the kernel userspace event delivery library
could lead to an out-of-bounds memory access. A local attacker could use
this flaw to extract sensitive information.
* CVE-2024-42304, CVE-2024-42305: Denial-of-service in ext4 filesystem.
Missing checks when using the ext4 filesystem could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-42306: Denial-of-service in UDF filesystem.
A logic error in data corruption handling when using the UDF filesystem
could lead to a kernel oops. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-43828: Denial-of-service in ext4 filesystem driver.
A missing variable initialization when using the ext4 filesystem driver
could lead to an integer overflow. A local attacker could use this flaw
to cause a denial-of-service.
* CVE-2024-43854: Information leak in Block layer data integrity driver.
A missing variable initialization when using the Block layer data
integrity driver could lead to use of uninitialized memory. A local
attacker could use this flaw to extract sensitive information.
* CVE-2024-43856: Denial-of-service in core kernel DMA code.
A logic error when using direct memory access could lead to freeing
unintended things. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-43861: Remote denial-of-service in QMI WWAN driver.
A missing free in the QMI WWAN driver could lead to a memory leak.
A remote attacker could use this flaw to cause a denial-of-service.
* CVE-2024-43873: Information leak in vhost driver.
A missing variable initialization when using the vhost driver could lead
to use of uninitialized memory. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-43882: Privilege escalation in core filesystem layer.
A missing check when executing an open file could race with changing
its permissions to remove privileges. A local attacker could use this
flaw to escalate privileges.
* CVE-2024-43883: Privilege escalation in USB/IP virtual host controller driver.
Locking errors when handling reset event by the USB/IP VHCI driver
could lead to a use-after-free. A physical attacker could use this
flaw to escalate privileges.
* CVE-2024-43884: Denial-of-service in Bluetooth subsystem.
A missing check when using the Bluetooth subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-43893: Denial-of-service in core serial tty driver.
A missing check when using the core serial tty driver could lead to
divide-by-zero error. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-44934: Privilege escalation in IGMP/MLD snooping driver.
A race condition when using the IGMP/MLD snooping driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.
* CVE-2024-44944: Information leak in netfilter subsystem.
A logic error when using the netfilter subsystem could lead to partial
address leak to userspace. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-44947: Information leak in FUSE driver.
A missing page initialization when using the FUSE driver could lead
to later use of uninitialized kernel memory by userspace via mmap. A
local attacker could use this flaw to extract sensitive information.
* CVE-2024-44974, CVE-2024-45009: Privilege escalation in Multipath TCP driver.
A locking error when using the Multipath TCP driver could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.
* CVE-2024-44983: Remote denial-of-service in Netfilter flow table driver.
A missing check on ingress data in the Netfilter flow table driver could
lead to use of uninitialized memory. A remote attacker could use this
flaw to cause a denial-of-service.
* CVE-2024-44989, CVE-2024-44990: Denial-of-service in Bonding driver.
A missing check when using the Bonding driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-45003: Denial-of-service in core filesystem layer.
A race condition when using the core filesystem layer could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-45006: Denial-of-service in PCI based USB host interface driver.
A missing check when using the PCI based USB host interface driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.
* CVE-2024-45008, CVE-2024-46745: Denial-of-service in user-level input subsystem.
A missing check when using the user-level input subsystem could lead to
an arbitrarily large memory allocation. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2024-45016: Privilege escalation in network emulator.
An incorrect return status when enqueuing duplicated packets in the
network emulator driver could lead to a use-after-free. A local attacker
could use this flaw to gain root privileges.
* CVE-2024-45018: Information leak in Network packet filtering framework.
A missing variable initialization in the Network packet filtering
framework (Netfilter) driver could lead to use of uninitialized memory.
A local attacker could use this flaw to extract sensitive information.
* CVE-2024-45021: Denial-of-service in memory controller.
A logic error when using the memory controller could lead to an out-of-
bounds memory access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-45025: Denial-of-service in core filesystem layer.
A logic error when using the core filesystem layer could lead to
corruption of file-descriptor bitmaps. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2024-46679: Denial-of-service in netlink interface for ethtool.
A missing check when using the netlink interface for ethtool could lead
to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-46714: Denial-of-service in AMD display core driver.
A missing check when using the AMD display core driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-46722, CVE-2024-46723: Denial-of-service in AMDGPU driver.
Missing checks when using the AMDGPU driver could lead to an out-of-
bounds memory read. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-46724, CVE-2024-46725: Denial-of-service in AMD gpu driver.
A missing check when using the AMD gpu driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-46737: Denial-of-service in NVMe over Fabrics TCP target driver.
An incorrect return status checks when using the NVMe over Fabrics TCP
target driver could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2024-46739: Denial-of-service in Hyper-V VMBus driver.
A logic error when using the Hyper-V VMBus driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-46744: Data corruption in SquashFS driver.
A missing check when using the SquashFS driver could lead to use of
uninitialized memory. A local attacker could use this flaw to cause data
corruption.
* CVE-2024-46755: Denial-of-service in Marvell WiFi-Ex driver.
A missing check when using the Marvell WiFi-Ex driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-46783: Denial-of-service in TCP/IP networking stack.
A logic error when using the TCP/IP networking stack could lead to a
kernel panic. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-46800: Privilege escalation in network emulator.
Missing update after a packet drop when using the network emulator
could lead to a use-after-free. A local attacker could use this
flaw to escalate privileges.
* CVE-2024-46817, CVE-2024-46818: Memory corruption in AMD display core driver.
Missing checks when using the AMD display core driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.
* CVE-2024-47668: Privilege escalation in core kernel radix tree library.
A race condition when using the core kernel radix tree library could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.
* CVE-2024-49958: Denial-of-service in OCFS2 filesystem.
A logic error when using the OCFS2 filesystem could lead to disk
corruption, and a potential kernel panic. A local attacker could use this
flaw to corrupt a filesystem, or cause a denial-of-service.
Orabug: 37199019
* Improved fix for CVE-2024-39503: Privilege escalation in netfilter (IP set) subsystem.
A race condition when using netfilter (IP set) subsystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.
* Note: Oracle has determined some CVEs are not applicable.
The kernel is not affected by the following CVEs
since the code under consideration is not compiled.
CVE-2023-52889, CVE-2024-41011, CVE-2024-41017, CVE-2024-41019,
CVE-2024-41059, CVE-2024-41064, CVE-2024-41065, CVE-2024-41068,
CVE-2024-41070, CVE-2024-41081, CVE-2024-42126, CVE-2024-42267,
CVE-2024-42271, CVE-2024-42277, CVE-2024-42295, CVE-2024-42296,
CVE-2024-42297, CVE-2024-42299, CVE-2024-42311, CVE-2024-42313,
CVE-2024-43841, CVE-2024-43846, CVE-2024-43849, CVE-2024-43858,
CVE-2024-43860, CVE-2024-43875, CVE-2024-43880, CVE-2024-44946,
CVE-2024-44960, CVE-2024-44966, CVE-2024-44969, CVE-2024-44995,
CVE-2024-44998, CVE-2024-44999, CVE-2024-45007, CVE-2024-45011,
CVE-2024-45026, CVE-2024-45028, CVE-2024-46674, CVE-2024-46676,
CVE-2024-46677, CVE-2024-46721, CVE-2024-46740, CVE-2024-46747,
CVE-2024-46761, CVE-2024-46781, CVE-2024-46782, CVE-2024-46795,
CVE-2024-46804, CVE-2024-46814, CVE-2024-46832, CVE-2024-46844,
CVE-2024-47659, CVE-2024-47663, CVE-2024-47665, CVE-2024-47667,
CVE-2024-47669
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list