[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2024-12610)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2024-12610 can now be patched using Ksplice
CVEs: CVE-2022-3566 CVE-2022-3567 CVE-2023-52628 CVE-2023-52803 CVE-2024-36978 CVE-2024-39487 CVE-2024-39499 CVE-2024-40904 CVE-2024-40905 CVE-2024-40912 CVE-2024-40942 CVE-2024-40958 CVE-2024-40959 CVE-2024-40961 CVE-2024-40981 CVE-2024-40987 CVE-2024-40988 CVE-2024-40995 CVE-2024-41007 CVE-2024-41035 CVE-2024-41041 CVE-2024-41044 CVE-2024-41089 CVE-2024-41095 CVE-2024-42070 CVE-2024-42101 CVE-2024-42106 CVE-2024-42119 CVE-2024-42145 CVE-2024-42154 CVE-2024-42224 CVE-2024-42232

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12610.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12610.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-3566, CVE-2022-3567: Denial-of-service in IPv6 networking.

A race condition in IPv6 networking when converting an IPv6 socket into
IPv4 could lead to a data corruption. A local user could use this flaw
for a denial-of-service.


* CVE-2023-52628: Out-of-bounds access in Netfilter nf_tables exthdr subsystem.

Incorrect logic in the Netfilter nf_tables exthdr subsystem can lead to
out-of-bounds stack write.  This can potentially lead to stack corruption and
denial-of-service or information disclosure.


* CVE-2023-52803: Privilege escalation in SUNRPC networking stack.

A missing check when using the SUNRPC networking stack could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-36978: Privilege escalation in MULTIQ driver.

A logic error when using MULTIQ driver could lead to an out-of-bounds
memory write. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-39487: Information leak in bonding driver.

A missing check when using bonding driver could lead to an out-of-bounds
memory read. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-39499: Information leak in VMware VMCI Driver.

A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-40904: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to soft
lockup due to logging. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-40905: Denial-of-service in IPv6 networking stack.

A race condition when using IPv6 networking stack could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40912: Denial-of-service in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40942: Resource leak in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a memory
leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-40958: Denial-of-service in core net subsystem.

A logic error when using the core net subsystem could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40959, CVE-2024-40961: Denial-of-service in IPv6 networking stack.

A missing check when using IPv6 networking stack could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40981: Denial-of-service in BATMAN protocol stack.

A missing check when using BATMAN protocol stack could lead to a
soft lockup. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40987: Denial-of-service in AMDGPU driver.

A missing check when using AMDGPU driver could lead to an out-of-bounds
memory access. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-40988: Denial-of-service in Radeon graphics driver.

A missing check when using Radeon graphics driver could lead to an out-
of-bounds memory access. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40995: Denial-of-service in networking traffic control actions stack.

A logic error when using networking traffic control actions stack could
lead to a deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-41007: Remote denial-of-service in TCP/IP networking stack.

When using a TCP socket with TCP_USER_TIMEOUT, the peer can set its
window size as zero, causing the vulnerable kernel to superfluously
retransmit a packet for some minutes, leading to bandwidth hogging.
A remote attacker could use this flaw to cause a denial-of-service.


* CVE-2024-41035: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-41041: Denial-of-service in TCP/IP networking stack.

A race condition when using the TCP/IP networking stack could lead to a
kernel oops. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-41044: Information leak in PPP (point-to-point protocol) networking stack.

A missing check when using the PPP networking stack could lead to use of
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-41089, CVE-2024-41095, CVE-2024-42101: Denial-of-service in nouveau driver.

A missing check when using nouveau driver could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-42070: Privilege escalation in netfilter subsystem.

A logic error when using the netfilter subsystem could lead to a memory
leak. A local attacker could use this flaw to escalate privileges.


* CVE-2024-42106: Information leak in socket monitoring interface.

A missing variable initialization when using the socket monitoring
interface could lead to a use of uninitialized memory. A local
attacker could use this flaw to extract sensitive information.


* CVE-2024-42119: Information leak in AMD display core driver.

A missing check when using AMD display core driver could lead to an out-
of-bounds memory access. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-42145: Remote denial-of-service in InfiniBand driver.

A logic error when using InfiniBand driver could lead to resource 
exhaustion (uncontrolled resource consumption) when userspace does
not extract MAD packets at the same rate as the attacker is sending.
A remote attacker could use this flaw to cause a denial-of-service.


* CVE-2024-42154: Information leak in TCP/IP networking stack.

A missing check when using the TCP/IP networking stack could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-42224: Denial-of-service in Marvell 88E6xxx Ethernet Switch driver.

A logic error when using Marvell 88E6xxx Ethernet Switch driver could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-42232: Memory corruption in Ceph core library.

A logic error when using Ceph core library could lead to a use-after-
free. A local attacker could use this flaw to cause memory corruption.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2023-52887, CVE-2024-36894, CVE-2024-36974, CVE-2024-37078,
CVE-2024-39469, CVE-2024-39495, CVE-2024-39502, CVE-2024-39505,
CVE-2024-39506, CVE-2024-40902, CVE-2024-40932, CVE-2024-40963,
CVE-2024-40968, CVE-2024-40974, CVE-2024-40993, CVE-2024-41006,
CVE-2024-41034, CVE-2024-41046, CVE-2024-42076, CVE-2024-42087,
CVE-2024-42089, CVE-2024-42092, CVE-2024-42093, CVE-2024-42094,
CVE-2024-42104, CVE-2024-42105, CVE-2024-42127, CVE-2024-42143,
CVE-2024-42153, CVE-2024-42157, CVE-2024-42236

Orabug: 36947196

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://oss.oracle.com/pipermail/el-errata/attachments/20240921/4ce8f746/attachment.sig>