[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2024-12611)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Sep 18 18:47:29 UTC 2024 

Synopsis: ELSA-2024-12611 can now be patched using Ksplice
CVEs: CVE-2023-4244 CVE-2023-52796 CVE-2024-36016 CVE-2024-36286 CVE-2024-36484 CVE-2024-38558 CVE-2024-38578 CVE-2024-38599 CVE-2024-38618 CVE-2024-38659 CVE-2024-39276 CVE-2024-39488

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12611.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12611.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52796: Out-of-bounds access in IP-VLAN driver.

Improper usage of stack space when using the IP-VLAN driver could lead
to an out-of-bounds memory access.  A local attacker could potentially
use this flaw to cause memory corruption, arbitrary code execution, or
to leak privileged information.


* CVE-2024-36016: Privilege escalation in GSM MUX line discipline driver.

A missing check when using the GSM MUX line discipline driver could lead
to an out-of-bounds memory access. A local attacker could use this flaw
to escalate privileges.


* CVE-2024-36286: Denial-of-service in netfilter subsystem.

A missing read lock in the netfilter subsystem, when unbinding a program
from a specific queue, could lead to flushing in an incorrect way. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-36484: Denial-of-service in TCP/IP networking.

A logic error in the kernel's TCP/IP networking implementation could
lead to a kernel assertion failure.  A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-38558: Denial-of-service in Open vSwitch driver.

A logic error when using the Open vSwitch driver could lead to a
destination address being partially zeroed out. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-38578: Information leak in Linux filesystem encryption layer.

A logic error when using the Linux filesystem encryption layer could
lead to an out-of-bounds memory write. A local attacker could use this
flaw to extract sensitive information.


* CVE-2024-38599: Disk corruption in JFFS2 filesystem.

A missing check when using the JFFS2 filesystem could lead to an
out-of-bounds memory write. A local attacker could use this flaw to
cause disk corruption.


* CVE-2024-38618: Denial-of-service in the core sound subsystem (ALSA).

A missing check in the timer code of the core sound subsystem (ALSA)
could lead to tasks being stalled. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-38659: Information leak in Cisco VIC Ethernet driver.

A missing check when using the Cisco VIC Ethernet driver could lead to
an out-of-bounds memory read. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-39276: Resource leak in ext4 filesystem.

Incorrect reference counting when using the ext4 filesystem could lead
to a reference count leak. A local attacker could use this flaw to cause
a denial-of-service.


* Soft lockups while processing PARENT_WATCHED inode flags.

Lock contention when performing certain operations related to the
PARENT_WATCHED inode flag can lead to soft lockups.  This flaw degrades
performance on running systems.

Orabug: 36922242


* Note: Oracle has determined CVE-2024-39488 is not applicable.

An unaligned bug entry structure (used for detecting bugs), caused by a
conditional definition in core Arm64 code, can lead to a kernel crash
while fetching entries for modules. A local attacker can exploit this
flaw to cause a denial-of-service.

The kernel is not affected by CVE-2024-39488 since the condition
(CONFIG_DEBUG_BUGVERBOSE=n) required for the bad definition does
not exist.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-4244.

A race condition in the set implementation of nftables between
the control plane and the garbage collection worker could lead to a
use-after-free. A local user with CAP_NET_ADMIN access could use this
flaw to cause a crash or expose sensitive kernel information.

Oracle has determined that patching CVE-2023-4244 on a running system
would not be safe and recommends a reboot.

On workloads that permit it, a temporary mitigation is to disallow
unprivileged users from creating namespaces:

sudo sysctl -w kernel.unprivileged_userns_clone=0


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-38627, CVE-2024-38633, CVE-2024-38634, CVE-2024-38637,
CVE-2024-38780, CVE-2024-39292, CVE-2024-39489, CVE-2024-40968

Orabug: 36952386

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list