[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2024-12779)

Mon Oct 21 15:00:30 UTC 2024

Synopsis: ELSA-2024-12779 can now be patched using Ksplice
CVEs: CVE-2022-3566 CVE-2022-3567 CVE-2024-39487 CVE-2024-39499 CVE-2024-40901 CVE-2024-40904 CVE-2024-40912 CVE-2024-40942 CVE-2024-40959 CVE-2024-40981 CVE-2024-40987 CVE-2024-41035 CVE-2024-41044 CVE-2024-41089 CVE-2024-41095 CVE-2024-42070 CVE-2024-42101 CVE-2024-42106 CVE-2024-42145 CVE-2024-42154 CVE-2024-42224 CVE-2024-42232

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12779.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12779.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-3566, CVE-2022-3567: Denial-of-service in IPv6 networking.

A race condition in IPv6 networking when converting an IPv6 socket into
IPv4 could lead to data corruption. A local user could use this flaw
for a denial-of-service.

* CVE-2024-39487: Information leak in bonding driver.

A missing check when using the bonding driver could lead to an out-of-bounds
memory read. A local attacker could use this flaw to extract sensitive
information.

* CVE-2024-39499: Information leak in VMware VMCI Driver.

A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.

* CVE-2024-40901: Memory corruption in LSI Fusion-MPT SAS driver.

A logic error when using the LSI Fusion-MPT SAS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.

* CVE-2024-40904: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to soft
lockup due to excessive logging. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2024-40912: Denial-of-service in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.

* CVE-2024-40942: Resource leak in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a memory
leak. A local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-40959: Denial-of-service in IPv6 networking stack.

A missing check when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.

* CVE-2024-40981: Denial-of-service in BATMAN protocol stack.

A missing check when using the BATMAN protocol stack could lead to a
soft lockup. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-40987: Denial-of-service in AMDGPU driver.

A missing check when using AMDGPU driver could lead to an out-of-bounds
memory access. A local attacker could use this flaw to cause a denial-
of-service.

* CVE-2024-41035: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-41044: Information leak in PPP (point-to-point protocol) networking stack.

A missing check when using the PPP networking stack could lead to use of
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.

* CVE-2024-41089, CVE-2024-41095, CVE-2024-42101: Denial-of-service in nouveau driver.

A missing check when using the nouveau driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-42070: Privilege escalation in netfilter subsystem.

A logic error when using the netfilter subsystem could lead to a memory
leak. A local attacker could use this flaw to escalate privileges.

* CVE-2024-42106: Information leak in socket monitoring interface.

A missing variable initialization when using the socket monitoring
interface could lead to a use of uninitialized memory. A local
attacker could use this flaw to extract sensitive information.

* CVE-2024-42145: Remote denial-of-service in InfiniBand driver.

A logic error when using the InfiniBand driver could lead to resource
exhaustion (uncontrolled resource consumption) when userspace does not
extract MAD packets at the same rate as the attacker is sending.  A
remote attacker could use this flaw to cause a denial-of-service.

* CVE-2024-42154: Information leak in TCP/IP networking stack.

A missing check when using the TCP/IP networking stack could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.

* CVE-2024-42224: Denial-of-service in Marvell 88E6xxx Ethernet Switch driver.

A logic error when using the Marvell 88E6xxx Ethernet Switch driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2024-42232: Memory corruption in Ceph core library.

A logic error when using the Ceph core library could lead to a
use-after-free. A local attacker could use this flaw to cause memory
corruption.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-36894, CVE-2024-37078, CVE-2024-40932, CVE-2024-40974,
CVE-2024-41006, CVE-2024-42089, CVE-2024-42094, CVE-2024-42104,
CVE-2024-42105, CVE-2024-42157

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.