[El-errata] New Ksplice updates for RHCK 9 (ELSA-2024-5928)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Sep 17 06:43:57 UTC 2024 

Synopsis: ELSA-2024-5928 can now be patched using Ksplice
CVEs: CVE-2023-52771 CVE-2023-52880 CVE-2024-26581 CVE-2024-26668 CVE-2024-26855 CVE-2024-26925 CVE-2024-27016 CVE-2024-35896 CVE-2024-35897 CVE-2024-35962 CVE-2024-36003 CVE-2024-38538 CVE-2024-38540 CVE-2024-38544 CVE-2024-40905 CVE-2024-40911 CVE-2024-40912 CVE-2024-40914 CVE-2024-40929 CVE-2024-40939 CVE-2024-40957 CVE-2024-40983 CVE-2024-41041 CVE-2024-41076 CVE-2024-41090 CVE-2024-41091 CVE-2024-42107 CVE-2024-42110 CVE-2024-42152

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-5928.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-5928.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52771: Denial-of-service in CXL (Compute Express Link) driver.

A logic error when using the CXL (Compute Express Link) devices driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2023-52880: Privilege escalation in GSM 07.10 tty multiplexor.

An unprivileged user can attach to the line discipline of GSM 07.10 tty
multiplexor driver even though CAP_NET_ADMIN is needed to create a GSM
network. A local attacker can exploit this flaw to extract sensitive
information from kernel memory, execute arbitrary code, and eventually
escalate privileges or facilitate an attack.


* CVE-2024-26581: Out-of-bounds write in netfilter subsystem.

Garbage collection while inserting an element in the internal kernel
data structure in the netfilter subsystem can lead to an out-of-bounds
write. A local attacker can exploit this flaw to cause privilege
escalation or denial-of-service.


* CVE-2024-26668: Denial-of-service when configuring Netfilter nf_tables limit.

A missing check on Netfilter nf_tables limit configuration could lead to
an integer overflow. A local attacker could use this flaw to cause a
denial-of-service or facilitate an attack.


* CVE-2024-26855: Denial-of-service in Intel Ethernet Connection E800 driver.

A logic error in the Intel Ethernet Connection E800 Series driver could
lead to a NULL pointer dereference A local attacker can exploit this flaw
to cause a denial-of-service.


* CVE-2024-26925, CVE-2024-35897: Privilege escalation in netfilter subsystem.

A logical error in the netfilter subsystem in handling asynchronous
garbage collection and table updates can lead to a double free. A
local attacker can exploit this flaw to escalate privileges or aid
in other types of attacks.


* CVE-2024-27016: Denial-of-service in Network packet filtering framework (Netfilter).

A missing check when handling Point-to-Point Protocol over Ethernet
(PPPoE) headers in Network packet filtering framework (Netfilter) could lead
to use of uninitialized memory. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-35896, CVE-2024-35962: Memory corruption in Netfilter.

A missing check on user input when operating on socket options in Netfilter
driver could lead to an out-of-bounds memory access. A local attacker
could use this flaw to cause memory corruption.


* CVE-2024-36003: Denial-of-service in Intel Ethernet Connection E800 driver.

A locking error when using the Intel Ethernet Connection E800 Series
driver could lead to a deadlock. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-38538: Data corruption in 802.1d Ethernet Bridging.

A missing check when sending a short skb in the 802.1d Ethernet
Bridging driver could lead to use of uninitialized memory. An
attacker could use this flaw to cause data corruption.


* CVE-2024-38540: Data corruption in Broadcom Netxtreme HCA driver.

A logic error when using the Broadcom Netxtreme HCA driver could lead
to an integer overflow. A local attacker could use this flaw to cause
data corruption.


* CVE-2024-38544: Denial-of-service in Software RDMA over Ethernet (RoCE) driver.

A race condition when using the Software RDMA over Ethernet (RoCE)
driver could lead to a use-after-free. An attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-40905: Denial-of-service in IPv6 networking stack.

A race condition when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-40911: Denial-of-service in 802.11 Wireless driver.

A locking error when using the 802.11 wireless driver could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-40912: Denial-of-service in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40914: Denial-of-service in memory management subsystem.

A missing check when unpoisoning huge zero pages in the memory
management subsystem could lead to a kernel assertion failure.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-40929: Memory corruption in Intel Wireless WiFi MVM Firmware driver.

A missing check when using the Intel Wireless WiFi MVM Firmware driver
could lead to an out-of-bounds memory read. A local attacker could use
this flaw to cause memory corruption.


* CVE-2024-40939: Memory corruption in IOSM Driver for Intel M.2 WWAN.

A logic error when using the IOSM Driver for Intel M.2 WWAN could lead
to release of not allocated memory. A local attacker could use this
flaw to cause internal data structures corruption.


* CVE-2024-40957: Denial-of-service in IPv6 Segment Routing Header encapsulation.

A logic error when using the IPv6 Segment Routing Header encapsulation
driver could lead to a NULL pointer dereference. An attacker could use
this flaw to cause a denial-of-service.


* CVE-2024-40983: Denial-of-service in the TIPC protocol driver.

Incorrect reference counting when using the TIPC protocol driver
could lead to a kernel crash. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-41041: Denial-of-service in TCP/IP networking stack.

A race condition when using TCP/IP networking could lead to a
kernel oops. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-41076: Denial-of-service in NFSv4 client support.

Missing memory release when setting xattrs the NFSv4 client support
leads to a memory leak. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-41090, CVE-2024-41091: Information leak in Universal TUN/TAP device driver.

A missing check when using the Universal TUN/TAP device driver could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to cause information leak.


* CVE-2024-42107: Denial-of-service in Intel Ethernet Connection E800 driver.

A race condition when using the PTP clock with Intel Ethernet
Connection E800 driver could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-42110: Denial-of-service in Virtual Ethernet over NTB Transport.

A logic error when using Virtual Ethernet over NTB Transport could
lead to a kernel assertion failure. An attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-42152: Denial-of-service in NVME driver.

A race condition when the client disconnects and the NVME admin connects
in the NVME driver could lead to a memory leak. An attacker could use
this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list