[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2024-12582)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Sep 16 15:15:09 UTC 2024 

Synopsis: ELSA-2024-12582 can now be patched using Ksplice
CVEs: CVE-2024-26583 CVE-2024-36016 CVE-2024-36286 CVE-2024-36489 CVE-2024-38552 CVE-2024-38558 CVE-2024-38578 CVE-2024-38580 CVE-2024-38586 CVE-2024-38599 CVE-2024-38618 CVE-2024-38659 CVE-2024-39276 CVE-2024-39488 CVE-2024-39490 CVE-2024-39493 CVE-2024-39503 CVE-2024-42102

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12582.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12582.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-36286: Denial-of-service in netfilter subsystem.

Missing read lock in the netfilter subsystem when unbinding a program
from a specific queue could lead to flushing in an incorrect way. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-36489: Denial-of-service in Transport Layer Security support.

A race condition when initializing Upper Layer Protocols (ULPs) over TCP
sockets for Transport Layer Security support could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-38552: Memory corruption in AMD Display Core driver.

A missing check when using the color transformation function in the AMD Display
Core driver could lead to a buffer overflow. A local attacker could use this
flaw to cause memory corruption.


* CVE-2024-38558: Denial-of-service in Open vSwitch driver.

A logic error when using Open vSwitch driver could lead to the destination
address being partially zeroed out. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-38578: Information leak in Linux filesystem encryption layer.

A logic error in the in-kernel key management subsystem of the filesystem
encryption layer could lead to an out-of-bounds memory write. A local attacker
could use this flaw to extract sensitive information.


* CVE-2024-38580: Denial-of-service in epoll.

A race condition when using epoll could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-38586: Memory corruption in Realtek 8169/8168/8101/8125 ethernet driver.

A logic error when using Realtek 8169/8168/8101/8125 ethernet driver
could possibly lead to ring buffer corruption and NULL pointer
dereference. A local attacker could use this flaw to cause
denial-of-service.


* CVE-2024-38599: Disk corruption in JFFS2 filesystem.

A missing check when using the JFFS2 filesystem could lead to an out-of- bounds
memory write. A local attacker could use this flaw to cause disk corruption.


* CVE-2024-38618: Denial-of-service in the core sound subsystem (ALSA).

A missing check in the timer code of the core sound subsystem (ALSA)
could lead to tasks being stalled. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-38659: Information leak in Cisco VIC Ethernet driver.

A missing check when using the Cisco VIC Ethernet driver could lead to an
out-of-bounds memory read. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-39276: Resource leak in ext4 filesystem.

Incorrect reference counting in the ext4 filesystem could lead to a reference
count leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-39490: Denial-of-service in IPv6 Segment Routing.

A logic error when adding the Segment Routing Header to an IPv6 packet could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39493: Denial-of-service in Cryptographic API using Intel QAT.

A logic error in the Cryptographic API using Intel QuickAssist Technology could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39503: Privilege escalation in netfilter (IP set) subsystem.

A race condition when using netfilter (IP set) subsystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-42102: Memory corruption in kernel memory manager.

Incorrect cast of a divisor when setting dirty page writeback limits in the
memory management subsystem could lead to divide-by-zero. A local attacker
could use this flaw to cause denial-of-service.


* Inhibited APIC acceleration with legacy guests.

Incorrect logic in the local APIC virtualization can lead to high latency for
VFIO network devices.

Orabug: 36967641


* Interrupt Latency in KVM APICv.

When KVM APIC acceleration is inhibited, guests can experience spurious
interrupts and interrupt latency.

Orabug: 36967640


* Note: Oracle has determined CVE-2024-36016 is not applicable.

A logic error when using GSM 07.10 tty multiplexor could lead to a
buffer overflow. A local attacker could use this flaw to escalate
privileges.

The exploit for this CVE requires attaching to the line
discipline which requires CAP_NET_ADMIN privileges.


* Note: Oracle has determined CVE-2024-39488 is not applicable.

Unaligned bug entry structure (used for detecting bugs) due to
conditional definition in core Arm64 code can lead to a kernel
crash while fetching entries for modules. A local attacker can
exploit this flaw to cause a denial-of-service.

The kernel is not affected by CVE-2024-39488 since the condition
(CONFIG_DEBUG_BUGVERBOSE=n) required for the bad definition does
not exist.


* Note: Oracle will not provide a zero-downtime fix for CVE-2024-26583.

Oracle has determined that patching CVE-2024-26583 at runtime would
not be safe and recommends rebooting to resolve the issue.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-33847, CVE-2024-34027, CVE-2024-34777, CVE-2024-35247,
CVE-2024-36965, CVE-2024-38381, CVE-2024-38547, CVE-2024-38548,
CVE-2024-38549, CVE-2024-38550, CVE-2024-38571, CVE-2024-38583,
CVE-2024-38587, CVE-2024-38589, CVE-2024-38590, CVE-2024-38591,
CVE-2024-38607, CVE-2024-38613, CVE-2024-38623, CVE-2024-38624,
CVE-2024-38633, CVE-2024-38634, CVE-2024-38637, CVE-2024-38661,
CVE-2024-38780, CVE-2024-39277, CVE-2024-39292, CVE-2024-39466,
CVE-2024-39467, CVE-2024-39489

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list