[El-errata] New Ksplice updates for RHCK 9 (ELSA-2024-5363)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Sep 4 17:08:00 UTC 2024 

Synopsis: ELSA-2024-5363 can now be patched using Ksplice
CVEs: CVE-2021-47606 CVE-2023-52796 CVE-2024-21823 CVE-2024-26808 CVE-2024-26828 CVE-2024-26853 CVE-2024-26868 CVE-2024-27049 CVE-2024-27417 CVE-2024-27434 CVE-2024-35823 CVE-2024-35852 CVE-2024-35911 CVE-2024-35937 CVE-2024-36477 CVE-2024-36489 CVE-2024-36903 CVE-2024-36921 CVE-2024-36922 CVE-2024-36941 CVE-2024-36971 CVE-2024-38558 CVE-2024-38575 CVE-2024-39487 CVE-2024-40928 CVE-2024-40954 CVE-2024-40958 CVE-2024-40960 CVE-2024-40961

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-5363.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-5363.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2021-47606: Denial-of-service in Netlink driver.

A missing check in Netlink driver when sending zero length messages
could lead to divide-by-zero error. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2023-52796: Denial-of-service in IP-VLAN driver.

A logic error when using IP-VLAN driver could lead to stack overflow.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-21823: Denial-of-service in Intel Data Accelerators hardware.

A hardware flaw on Intel DSA and Intel IAA hardware could lead
to a kernel crash. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-26808: Stale reference in Netfilter nf_tables subsystem.

Incorrect cleanup in the Netfilter nftables subsystem during an
NETDEV_UNREGISTER event can leave a stale reference to netdevice. A
local user can use this to cause denial-of-service.


* CVE-2024-26828: Remote privilege escalation in SMB3 and CIFS driver.

An invalid check when using SMB3 and CIFS driver could lead to an
out-of-bounds memory access. A remote attacker could use this flaw to
escalate privileges.


* CVE-2024-26853: Denial-of-service in Intel(R) Ethernet Controller I225-LM/I225-V.

A logic error in Intel Ethernet Controller I225-LM/I225-V driver when
user generates a high amount of transmission traffic can result in a
memory corruption and a kernel crash. An attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-26868: Denial-of-service in NFS client support.

Incorrect return status check when nfs4_ff_layout_prepare_ds() fails in
NFS client support could lead to a null pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-27049: Denial-of-service in MediaTek driver.

A race condition in MediaTek driver could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-27417: Resource exhaustion in IPv6 networking stack.

A logical error in the IPv6 networking stack when handling malformed
arguments given by the userspace for RTM_GETADDR messages can lead to
a resource leak. A local attacker can exploit this flaw to cause
resource exhaustion and thus denial-of-service.


* CVE-2024-27434: Denial-of-service in Intel WiFi MVM driver.

A missing check when using Intel WiFi MVM driver could lead to
a firmware crash. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-35823: Denial-of-service in virtual terminal driver.

Optimisation of a function call in virtual terminal driver can lead to
data corruption due to copying between overlapping buffers. A local
attacker can exploit this flaw to cause a denial-of-service, corrupt
data, or aid in other types of attacks.


* CVE-2024-35852: Denial-of-service in Mellanox Technologies Switch ASICs.

A logic error when canceling rehash work in Mellanox Technologies Switch
ASICs could lead to a memory leak. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-35911: Denial-of-service in Intel(R) Ethernet Connection E800 driver.

A logic error in Intel(R) Ethernet Connection E800 Series driver when
suspending could lead to an out-of-bounds memory access. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-35937: Denial-of-service in core WiFi subsystem.

A missing check in core WiFi subsystem when parsing A-MSDU could lead to
an out-of-bounds memory read. An attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-36477: Data corruption in TPM driver.

Incorrect buffer allocation size in TPM Hardware support driver
could lead to an out-of-bounds memory access during SPI transfer
buffer access. A local attacker could use this flaw to cause data
corruption.


* CVE-2024-36489: Denial-of-service in Transport Layer Security support.

A race condition when initializing Upper Layer Protocols (ULPs) over TCP
sockets for Transport Layer Security support could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-36903: Information leak in IPv6 networking support.

A race condition in IPv6 networking support could lead to use of an
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-36921: Denial-of-service in Intel WiFi MVM driver.

A missing check when using Intel WiFi MVM driver could lead
to an out-of-bounds memory access. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-36922: Denial-of-service in Intel WiFi AGN driver.

A locking error when using Intel WiFi AGN driver could lead to a
kernel warning trigger. A local attacker could use this flaw to
cause a denial-of-service when panic_on_warn=1.


* CVE-2024-36941: Denial-of-service in core WiFi subsystem.

A missing check when using the core WiFi subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-36971: Remote code execution in TCP/IP networking stack.

A logic error when using TCP/IP networking stack could lead to a use-
after-free. A remote attacker could use this flaw to execute arbitrary
code in kernel mode.


* CVE-2024-38558: Denial-of-service in Open vSwitch driver.

A logic error when using Open vSwitch driver could lead to destination
address being partially zeroed out. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-38575: Denial-of-service in Broadcom FullMAC WLAN driver.

A missing check when using Broadcom FullMAC WLAN driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-39487: Information leak in bonding driver.

A missing check when using bonding driver could lead to an out-of-bounds
memory read. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-40928: Denial-of-service in core net subsystem.

A missing check in networking support driver when using ethtool could
lead to a NULL pointer dereference. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-40954: Memory corruption in core net subsystem.

A missing check for socket creation failure in networking driver could
lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption or as a step in other kinds of attack.


* CVE-2024-40958: Denial-of-service in core net subsystem.

A logic error when using the core net subsystem could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40960, CVE-2024-40961: Denial-of-service in IPv6 networking stack.

A missing check when using IPv6 networking stack could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-26600, CVE-2024-35800

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list