[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2024-12618)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Sep 23 08:19:16 UTC 2024
Synopsis: ELSA-2024-12618 can now be patched using Ksplice
CVEs: CVE-2022-3566 CVE-2022-3567 CVE-2024-36901 CVE-2024-36974 CVE-2024-36978 CVE-2024-39487 CVE-2024-39499 CVE-2024-39502 CVE-2024-40901 CVE-2024-40904 CVE-2024-40905 CVE-2024-40911 CVE-2024-40912 CVE-2024-40914 CVE-2024-40929 CVE-2024-40937 CVE-2024-40942 CVE-2024-40954 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40981 CVE-2024-40983 CVE-2024-40990 CVE-2024-40995 CVE-2024-41007 CVE-2024-41027 CVE-2024-41035 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41089 CVE-2024-41093 CVE-2024-41095 CVE-2024-42070 CVE-2024-42077 CVE-2024-42098 CVE-2024-42101 CVE-2024-42106 CVE-2024-42119 CVE-2024-42145 CVE-2024-42152 CVE-2024-42154 CVE-2024-42224 CVE-2024-42225 CVE-2024-42232
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-12618.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-12618.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2022-3566, CVE-2022-3567: Denial-of-service in IPv6 networking.
A race condition in IPv6 networking when converting an IPv6 socket into
IPv4 could lead to data corruption. A local user could use this flaw
for a denial-of-service.
* CVE-2024-36901: NULL pointer dereference in IPv6.
A missing pointer check in the IPv6 protocol implementation
could potentially lead to a NULL pointer dereference. A local
attacker could exploit this flaw to cause a denial-of-service.
* CVE-2024-36974: Privilege escalation in Time Aware Priority Scheduler driver.
A missing check when using the Time Aware Priority Scheduler driver
could lead to an out-of-bounds memory access. A local attacker could use
this flaw to escalate privileges.
* CVE-2024-36978: Privilege escalation in MULTIQ driver.
A logic error when using the MULTIQ driver could lead to an
out-of-bounds memory write. A local attacker could use this flaw to
escalate privileges.
* CVE-2024-39487: Information leak in bonding driver.
A missing check when using the bonding driver could lead to an out-of-bounds
memory read. A local attacker could use this flaw to extract sensitive
information.
* CVE-2024-39499: Information leak in VMware VMCI Driver.
A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.
* CVE-2024-39502: Denial-of-service in Pensando Ethernet IONIC driver.
A logic error when using the Pensando Ethernet IONIC driver could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-40901: Memory corruption in LSI Fusion-MPT SAS driver.
A logic error when using the LSI Fusion-MPT SAS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.
* CVE-2024-40904: Denial-of-service in core USB subsystem.
A logic error when using the core USB subsystem could lead to soft
lockup due to excessive logging. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-40905: Denial-of-service in IPv6 networking stack.
A race condition when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-40911: Denial-of-service in 802.11 Wireless driver.
A locking error when using the 802.11 wireless driver could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-40912: Denial-of-service in core WiFi subsystem.
A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-40914: Denial-of-service in memory management subsystem.
A missing check when unpoisoning huge zero pages in the memory
management subsystem could lead to a kernel assertion failure.
A local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-40929: Memory corruption in Intel Wireless WiFi MVM Firmware driver.
A missing check when using the Intel Wireless WiFi MVM Firmware driver
could lead to an out-of-bounds memory read. A local attacker could use
this flaw to cause memory corruption.
* CVE-2024-40937: Denial-of-service in Google Virtual NIC driver.
A missing check when using the Google Virtual NIC driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.
* CVE-2024-40942: Resource leak in core WiFi subsystem.
A logic error when using the core WiFi subsystem could lead to a memory
leak. A local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-40954: Memory corruption in core net subsystem.
A missing check for a socket creation failure in the networking driver
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption or as a step in other kinds of attack.
* CVE-2024-40957: Denial-of-service in IPv6 Segment Routing Header encapsulation.
A logic error when using the IPv6 Segment Routing Header encapsulation
driver could lead to a NULL pointer dereference. An attacker could use
this flaw to cause a denial-of-service.
* CVE-2024-40958: Denial-of-service in core net subsystem.
A logic error when using the core net subsystem could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-40959, CVE-2024-40960, CVE-2024-40961: Denial-of-service in IPv6 networking stack.
A missing check when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-40981: Denial-of-service in BATMAN protocol stack.
A missing check when using the BATMAN protocol stack could lead to a
soft lockup. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-40983: Denial-of-service in the TIPC protocol driver.
Incorrect reference counting when using the TIPC protocol driver
could lead to a kernel crash. A local attacker could use this flaw
to cause a denial-of-service.
* CVE-2024-40990: Privilege escalation in Mellanox 5th generation network adapter (ConnectX series) driver.
A logic error when using the Mellanox 5th generation network adapter
(ConnectX series) driver could lead to an out-of-bounds memory access. A
local attacker could use this flaw to escalate privileges.
* CVE-2024-40995: Denial-of-service in networking traffic control actions stack.
A logic error when using the networking traffic control actions stack
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2024-41007: Remote denial-of-service in TCP/IP networking stack.
When using a TCP socket with TCP_USER_TIMEOUT, the peer can set its
window size as zero, causing the vulnerable kernel to superfluously
retransmit a packet for some minutes, leading to bandwidth hogging.
A remote attacker could use this flaw to cause a denial-of-service.
* CVE-2024-41027: Denial-of-service in userfaultd driver.
A missing check when using the userfaultd ioctl could lead to a kernel
warning. A local attacker could use this flaw to cause a denial-of-
service by repetitively triggering the warning.
* CVE-2024-41035: Denial-of-service in core USB subsystem.
A logic error when using the core USB subsystem could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.
* CVE-2024-41040: Memory corruption in tc connection tracking action subsystem.
A logic error when using the tc connection tracking action subsystem
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption.
* CVE-2024-41041: Denial-of-service in TCP/IP networking stack.
A race condition when using TCP/IP networking could lead to a
kernel oops. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-41044: Information leak in PPP (point-to-point protocol) networking stack.
A missing check when using the PPP networking stack could lead to use of
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.
* CVE-2024-41089, CVE-2024-41095, CVE-2024-42101: Denial-of-service in nouveau driver.
A missing check when using the nouveau driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-41093: Denial-of-service in AMD GPU driver.
A missing check when using the AMD GPU driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2024-42070: Privilege escalation in netfilter subsystem.
A logic error when using the netfilter subsystem could lead to a memory
leak. A local attacker could use this flaw to escalate privileges.
* CVE-2024-42077: Denial-of-service in OCFS2 file system driver.
A logic error when using the OCFS2 file system driver could lead to a
kernel panic. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-42098: Information leak in ECDH cryptographic driver.
A missing variable initialization when registering a private key in the
ECDH cryptographic driver could lead to leaking the previous value of a
private key. A local attacker could use this flaw to extract sensitive
information.
* CVE-2024-42106: Information leak in socket monitoring interface.
A missing variable initialization when using the socket monitoring
interface could lead to a use of uninitialized memory. A local
attacker could use this flaw to extract sensitive information.
* CVE-2024-42119: Information leak in AMD display core driver.
A missing check when using the AMD display core driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-42145: Remote denial-of-service in InfiniBand driver.
A logic error when using the InfiniBand driver could lead to resource
exhaustion (uncontrolled resource consumption) when userspace does not
extract MAD packets at the same rate as the attacker is sending. A
remote attacker could use this flaw to cause a denial-of-service.
* CVE-2024-42152: Denial-of-service in NVME driver.
A race condition when the client disconnects and the NVME admin connects
in the NVME driver could lead to a memory leak. An attacker could use
this flaw to cause a denial-of-service.
* CVE-2024-42154: Information leak in TCP/IP networking stack.
A missing check when using the TCP/IP networking stack could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.
* CVE-2024-42224: Denial-of-service in Marvell 88E6xxx Ethernet Switch driver.
A logic error when using the Marvell 88E6xxx Ethernet Switch driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2024-42225: Information leak in MediaTek MT7915E driver.
A missing variable initialization when using the MediaTek MT7915E driver
could lead to use of uninitialized memory. A local attacker could use
this flaw to extract sensitive information.
* CVE-2024-42232: Memory corruption in Ceph core library.
A logic error when using the Ceph core library could lead to a
use-after-free. A local attacker could use this flaw to cause memory
corruption.
* Note: Oracle has determined some CVEs are not applicable.
The kernel is not affected by the following CVEs
since the code under consideration is not compiled.
CVE-2024-25741, CVE-2024-37078, CVE-2024-39495, CVE-2024-39505,
CVE-2024-39506, CVE-2024-39507, CVE-2024-40902, CVE-2024-40932,
CVE-2024-40963, CVE-2024-40967, CVE-2024-40968, CVE-2024-40970,
CVE-2024-40971, CVE-2024-40974, CVE-2024-40976, CVE-2024-41002,
CVE-2024-41004, CVE-2024-41006, CVE-2024-42087, CVE-2024-42089,
CVE-2024-42092, CVE-2024-42093, CVE-2024-42094, CVE-2024-42095,
CVE-2024-42104, CVE-2024-42105, CVE-2024-42121, CVE-2024-42127,
CVE-2024-42130, CVE-2024-42137, CVE-2024-42140, CVE-2024-42153,
CVE-2024-42157, CVE-2024-42161
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list