[El-errata] New Ksplice updates for RHCK 8 (ELSA-2024-7000)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Oct 23 11:00:33 UTC 2024
Synopsis: ELSA-2024-7000 can now be patched using Ksplice
CVEs: CVE-2021-47338 CVE-2021-47352 CVE-2021-47383 CVE-2021-47412 CVE-2022-48619 CVE-2022-48804 CVE-2023-52476 CVE-2023-52522 CVE-2023-6040 CVE-2024-26665 CVE-2024-26855 CVE-2024-26923 CVE-2024-35884 CVE-2024-36883 CVE-2024-36901 CVE-2024-38558 CVE-2024-38581 CVE-2024-38663 CVE-2024-39499 CVE-2024-39506 CVE-2024-40901 CVE-2024-40904 CVE-2024-40911 CVE-2024-40912 CVE-2024-40954 CVE-2024-40958 CVE-2024-40959 CVE-2024-40995 CVE-2024-41007 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41035 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41060 CVE-2024-41071 CVE-2024-41076 CVE-2024-41090 CVE-2024-41091 CVE-2024-42114 CVE-2024-42152 CVE-2024-42154 CVE-2024-42225 CVE-2024-42228 CVE-2024-42265
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-7000.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-7000.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running RHCK 8 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2021-47338: Denial-of-service in frame buffer driver.
A logic error when using the frame buffer driver could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2021-47352: Denial-of-service in Virtio network driver.
A missing check when receiving packets in the Virtio network driver
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2021-47383: Privilege escalation in Virtual Terminal driver.
A logic error when resizing screen in the Virtual Terminal driver could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to gain root privileges.
* CVE-2021-47412: Denial-of-service in Block layer driver.
A logic error when using the Block layer driver could lead to a kernel
panic. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2022-48619: Denial-of-service when handling input events.
A missing check on user input when handling input events could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2022-48804: Information leak in Virtual terminal driver.
A missing check when using the Virtual terminal driver could lead to
leaking data using spectre variants. A local attacker could use this
flaw to extract sensitive information.
* CVE-2023-52476: Denial-of-service in Performance monitoring driver.
A missing check when handling a vsyscall with LBR sampling active
in the Performance monitoring driver can lead to an incorrect memory
access. A local attacker can use this flaw to cause denial-of-service.
* CVE-2023-52522: Denial-of-service in Network driver.
A missing memory barrier in the network driver in the Linux kernel can
lead to a data race. A local attacker could use this to cause corruption
of kernel data structures and cause a denial-of-service.
* CVE-2023-6040: Privilege escalation in Netfilter.
The Netfilter subsystem did not properly validate network family
support while creating a new Netfilter table. A local attacker
could use this flaw to cause a denial-of-service or potentially
escalate privileges.
* CVE-2024-26665: Privilege escalation in TCP/IP networking driver.
A logic error in the TCP/IP networking driver when building IPv6 PMTU
error could lead to an out-of-bounds memory access. A local attacker
could use this flaw to escalate privilege.
* CVE-2024-26855: Denial-of-service in Intel Ethernet Connection E800 driver.
A logic error in the Intel Ethernet Connection E800 Series driver could
lead to a NULL pointer dereference. A local attacker can exploit this flaw
to cause a denial-of-service.
* CVE-2024-26923: Privilege escalation in Unix domain sockets.
A race condition when using Unix domain sockets could lead to garbage
collector racing with the connect() syscall. A local attacker could use
this flaw to escalate privileges.
* CVE-2024-35884: Denial-of-service in Generic Segmentation Offload driver.
An incorrect handling logic of packets in Generic Segmentation Offload
code in the Linux kernel networking stack can result in an internal
assertion triggering. An attacker can use this flaw to cause
denial-of-service.
* CVE-2024-36883: Denial-of-service in Networking namespace driver.
A race condition when using the Networking namespace driver could lead to
an out-of-bounds memory access. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-36901: Denial-of-service when using IPv6 protocol implementation.
A missing pointer check in the IPv6 protocol implementation could
potentially lead to a NULL pointer dereference. A local attacker could
exploit this flaw to cause a denial-of-service.
* CVE-2024-38558: Denial-of-service in Open vSwitch driver.
A logic error when using Open vSwitch driver could lead to destination
address being partially zeroed out. A local attacker could use this flaw
to cause a denial-of-service.
* CVE-2024-38581: Denial-of-service in AMD GPU driver.
A logic error when using the AMD GPU driver could lead to a use-after-
free. A local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-38663: Denial-of-service in block IO controller cgroup interface.
A logic error in generic block IO controller cgroup interface when resetting
io stat could lead to internal data structures corruption. A local attacker
could use this flaw to cause memory corruption.
* CVE-2024-39499: Information leak in VMware VMCI Driver.
A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.
* CVE-2024-39506: Denial-of-service in Cavium ethernet driver.
A logic error when using the Cavium ethernet driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-40901: Memory corruption in LSI Fusion-MPT SAS driver.
A logic error when using the LSI Fusion-MPT SAS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.
* CVE-2024-40904: Denial-of-service in core USB subsystem.
A logic error when using the core USB subsystem could lead to soft
lockup due to excessive logging. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-40911: Denial-of-service in 802.11 Wireless driver.
A locking error when using the 802.11 wireless driver could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-40912: Denial-of-service in core WiFi subsystem.
A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-40954: Memory corruption in core net subsystem.
A missing check for a socket creation failure in the networking driver
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption or as a step in other kinds of attack.
* CVE-2024-40958: Denial-of-service in core net subsystem.
A logic error when using the core net subsystem could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-40959: Denial-of-service in IPv6 networking stack.
A missing check when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-40995: Denial-of-service in networking traffic control actions stack.
A logic error when using the networking traffic control actions stack
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-41007: Remote denial-of-service in TCP/IP networking stack.
When using a TCP socket with TCP_USER_TIMEOUT, the peer can set its
window size as zero, causing the vulnerable kernel to superfluously
retransmit a packet for some minutes, leading to bandwidth hogging.
A remote attacker could use this flaw to cause a denial-of-service.
* CVE-2024-41012: Privilege escalation in POSIX file locking driver.
A logic error when creating lock in the POSIX file locking driver could
lead to a use-after-free. A local attacker could use this flaw to gain
root privileges.
* CVE-2024-41013: Privilege escalation in XFS filesystem driver.
A missing check when using the XFS filesystem driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw and a
crafted XFS image to gain root privileges.
* CVE-2024-41014: Privilege escalation in XFS filesystem driver.
A missing check when manipulating images in the XFS filesystem driver
could lead to an out-of-bounds memory access. A local attacker could use
this flaw to gain root privileges.
* CVE-2024-41035: Denial-of-service in core USB subsystem.
A logic error when using the core USB subsystem could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-41040: Memory corruption in tc connection tracking action subsystem.
A logic error when using the tc connection tracking action subsystem
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption.
* CVE-2024-41041: Denial-of-service in TCP/IP networking stack.
A race condition when using TCP/IP networking could lead to a
kernel oops. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-41044: Information leak in PPP (point-to-point protocol) networking stack.
A missing check when using the PPP networking stack could lead to use of
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.
* CVE-2024-41060: Denial-of-service in ATI Radeon driver.
A missing check when using the ATI Radeon driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-41071: Remote privilege escalation in Generic IEEE 802.11 Networking Stack (mac80211) driver.
A logic error when scanning networks in the Generic IEEE 802.11
Networking Stack (mac80211) driver could lead to an out-of-bounds memory
access. A remote attacker could use this flaw to escalate privileges.
* CVE-2024-41076: Denial-of-service in NFSv4 client driver.
Missing memory release when setting xattrs in the NFSv4 client driver
could lead to a memory leak. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-41090, CVE-2024-41091: Information leak in Universal TUN/TAP device driver.
A missing check when using the Universal TUN/TAP device driver could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to cause information leak.
* CVE-2024-42114: Denial-of-service in Wireless driver.
A logic error when using the Wireless driver could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-42152: Denial-of-service in NVME driver.
A race condition when the client disconnects and the NVME admin connects
in the NVME driver could lead to a memory leak. An attacker could use
this flaw to cause a denial-of-service.
* CVE-2024-42154: Information leak in TCP/IP networking stack.
A missing check when using the TCP/IP networking stack could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-42225: Information leak in MediaTek MT7915E driver.
A missing variable initialization when using the MediaTek MT7915E driver
could lead to use of uninitialized memory. A local attacker could use
this flaw to extract sensitive information.
* CVE-2024-42228: Information leak in AMD GPU driver.
A missing variable initialization when using the AMD GPU driver could
lead to use of uninitialized memory. A local attacker could use this
flaw to extract sensitive information.
* CVE-2024-42265: Information leak in file descriptor driver.
A missing check when using the file descriptor driver could lead to
speculative execution. A local attacker could use this flaw to extract
sensitive information.
* Note: Oracle has determined some CVEs are not applicable.
The kernel is not affected by the following CVEs
since the code under consideration is not compiled.
CVE-2024-26717, CVE-2024-41064, CVE-2024-41065, CVE-2024-42271,
CVE-2024-45026, CVE-2024-26720, CVE-2024-42102
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list