[El-errata] New Ksplice updates for RHCK 9 (ELSA-2024-9315)

Mon Jan 13 15:00:36 UTC 2025

Synopsis: ELSA-2024-9315 can now be patched using Ksplice
CVEs: CVE-2019-25162 CVE-2022-20008 CVE-2022-48804 CVE-2023-0045 CVE-2023-47233 CVE-2023-52429 CVE-2023-52462 CVE-2023-52493 CVE-2023-52494 CVE-2023-52528 CVE-2023-52615 CVE-2023-52622 CVE-2023-52623 CVE-2023-52674 CVE-2023-52698 CVE-2023-52803 CVE-2024-0340 CVE-2024-1151 CVE-2024-23851 CVE-2024-24860 CVE-2024-25739 CVE-2024-25742 CVE-2024-26603 CVE-2024-26614 CVE-2024-26631 CVE-2024-26641 CVE-2024-26663 CVE-2024-26675 CVE-2024-26680 CVE-2024-26704 CVE-2024-26720 CVE-2024-26733 CVE-2024-26736 CVE-2024-26779 CVE-2024-26782 CVE-2024-26805 CVE-2024-26809 CVE-2024-26815 CVE-2024-26851 CVE-2024-26857 CVE-2024-26863 CVE-2024-26870 CVE-2024-26882 CVE-2024-26901 CVE-2024-26921 CVE-2024-26924 CVE-2024-26933 CVE-2024-26934 CVE-2024-26951 CVE-2024-26958 CVE-2024-26973 CVE-2024-27025 CVE-2024-27031 CVE-2024-27414 CVE-2024-35811 CVE-2024-35835 CVE-2024-35840 CVE-2024-35853 CVE-2024-35854 CVE-2024-35855 CVE-2024-35888 CVE-2024-35910 CVE-2024-35939 CVE-2024-35959 CVE-2024-35973 CVE-2024-36006 CVE-2024-36917 CVE-2024-36933 CVE-2024-36974 CVE-2024-38618 CVE-2024-39276 CVE-2024-39499 CVE-2024-40901 CVE-2024-40940 CVE-2024-40953 CVE-2024-40990 CVE-2024-41063 CVE-2024-41079 CVE-2024-41082 CVE-2024-41098 CVE-2024-42070 CVE-2024-42102 CVE-2024-42114 CVE-2024-42154 CVE-2024-42159 CVE-2024-43856 CVE-2024-44947

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-9315.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-9315.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-25162: Memory corruption in I2C subsystem.

A logic error when using the I2C subsystem could lead to a use-after-free. A
local attacker could use this flaw to cause memory corruption.

* CVE-2022-20008: Information disclosure in MMC/SD subsystem.

Improper errors handling in MMC/SD subsystem when reading from SD cards
could allow reading of kernel heap memory. A local user could use this
flaw for information disclosure.

* CVE-2022-48804: Information leak in Virtual terminal driver.

A missing check when using the Virtual terminal driver could lead to
leaking data using spectre variants. A local attacker could use this
flaw to extract sensitive information.

* CVE-2023-0045: Deficiency in existing speculative attack mitigation.

A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks.  This flaw could be exploited to leak information
from a running system.

* CVE-2023-47233, CVE-2024-35811: Privilege escalation when unplugging Broadcom FullMAC WLAN device.

A race condition when unplugging Broadcom FullMAC WLAN USB device during
initialization could lead to a use-after-free. A local attacker could
use this flaw to escalate privileges or facilitate an attack.

* CVE-2023-52429, CVE-2024-23851: Denial-of-service in kernel software RAID and LVM drivers.

Due to a lack of input validation in kernel software RAID and LVM
drivers. A local attacker could use this flaw to cause a denial-of-
service.

* CVE-2023-52462: Privilege escalation in the BPF subsystem.

Incorrect logic in the BPF verifier can allow corruption of a spilled pointer
on the stack. A local attacker can potentially use this flaw to escalate
privileges.

* CVE-2023-52493: Denial-of-service in the Modem Host Interface (MHI) protocol.

Incorrect synchronization logic in Modem Host Interface (MHI) protocol subsystem
when processing events from a client device can lead to a soft lockup. A user
with permissions on the client devices can use this flaw to cause
denial-of-service.

* CVE-2023-52494: Denial-of-service when using Modem Host Interface (MHI) bus.

A logic error when checking a user pointer when using Modem Host
Interface (MHI) bus could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service or cause
memory corruption.

* CVE-2023-52528: Memory corruption in SMSC LAN75XX based USB 2.0 gigabit ethernet device driver.

A missing check when using the SMSC LAN75XX based USB 2.0 gigabit ethernet
device driver could lead to use of uninitialized memory. A local
attacker could use this flaw to cause memory corruption.

* CVE-2023-52615: Denial-of-service in Hardware Random Number Generator.

A read from /dev/hwrng into a memory mapped by another read can
lead to a deadlock. A local attacker can exploit this flaw to
cause a denial-of-service.

* CVE-2023-52622: Denial-of-service in ext4 filesystem.

Missing checks for block group size provided by a user to resize an
ext4 filesystem online can lead to an attempt to allocate an oversized
array, which would fail and thus the resize fails. A local attacker can
exploit this flaw to cause denial-of-service.

* CVE-2023-52623: Denial-of-service in SUNRPC networking stack.

A locking error when using SUNRPC subsystem could lead to a race
condition. A local attacker could use this flaw to cause a
denial-of-service or facilitate an attack.

* CVE-2023-52674: Privilege escalation in Focusrite Scarlett Gen 2/3 Driver for ALSA.

A missing check on user input when using Focusrite Scarlett Gen 2/3
Driver for ALSA can lead to an out-of-bounds access. A local attacker
could use this flaw to escalate privileges or facilitate an attack.

* CVE-2023-52698: Memory leak in CALIPSO packet labeling protocol support.

When IPv6 support is disabled at boot (ipv6.disable=1), incorrect logic in
NetLabel CALIPSO/IPv6 Support can lead to a memory leak. A local attacker can
use this to cause denial-of-service.

* CVE-2023-52803: Privilege escalation in SUNRPC networking stack.

A missing check when using the SUNRPC networking stack could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.

* CVE-2024-0340: Information leak when using Vhost.

A missing zeroing of kernel memory when using Vhost could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.

* CVE-2024-1151: Denial-of-service in Open vSwitch.

Due to a lack of input validation in Open vSwitch, an attacker could cause 
denial-of-service.

* CVE-2024-24860: Race condition in the Bluetooth device driver.

Incorrect locking in the Bluetooth device driver interface to change the
maximum and minimum encryption key size can lead to inconsistent key size
restrictions. A privileged local attacker can potentially use this race
condition to cause a denial-of-service.

* CVE-2024-25739: Denial-of-service in Unsorted block images (UBI).

Incorrect validation of logical eraseblock sizes in UBI support could lead to a
kernel crash. A local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-25742: Disruption of AMD SEV-SNP With Interrupts.

A missing check in the AMD SEV Linux kernel driver can result in
malicious interrupts injection. An attacker with an access to a
hypervisor can potentially break confidentiality and integrity
of Linux SEV-SNP guests.

* CVE-2024-26603: Denial-of-service in fpu subsystem.

Incorrect checks on parameters passed from userspace when using the fpu
subsystem could lead to an infinite loop. A local attacker could exploit
this flaw to cause a denial-of-service.

* CVE-2024-26614: Denial-of-service during TCP handshake.

A locking error during TCP handshake could lead to a race condition. A
local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-26631: Race condition in IPv6 Multicast subsystem.

Insufficient locking when destroying a device in the Multicast support
for IPv6 can lead to a data race. This can be used by a local user to
cause a denial-of-service or other undefined behavior.

* CVE-2024-26641: Remote denial-of-service in IPv6 packet tunneling subsystem.

A flaw in the IPv6 packet tunneling subsystem could lead to use of uninitialized 
memory. A remote attacker could use this to cause denial-of-service.

* CVE-2024-26663: Denial-of-service in TIPC networking stack.

Missing bearer type check while adding IP addresses in TIPC bearer can
lead to a null-pointer dereference. A local attacker can exploit this
flaw to cause denial-of-service.

* CVE-2024-26675: Denial-of-service in PPP async serial channel driver.

Lack of maximum size check when setting Maximum Receive Unit using the
ppp_async ioctl can lead to an attempt to allocate an oversized sockets,
which would fail and thus the ioctl operation fails. A local attacker
can exploit this flaw to cause denial-of-service.

* CVE-2024-26680: Memory leak in AQtion Ethernet driver.

A memory leak in the AQtion Ethernet driver can occur during device
shutdown. A local attacker can use this to cause a denial-of-service.

* CVE-2024-26704: Denial-of-service in ext4 filesystem.

When moving extents in ext4 filesystem, a failure to cope for an
unsuccessful loop exit when calculating the moved length can lead
to a double-free and divide-by-zero error. A local attacker can
exploit this flaw to cause denial-of-service or aid in other types
of attacks.

* CVE-2024-26720, CVE-2024-42102: Memory corruption in kernel memory manager.

Incorrect cast of a divisor when setting dirty page writeback limits in the
memory management subsystem could lead to divide-by-zero. A local attacker
could use this flaw to cause denial-of-service.

* CVE-2024-26733: Memory corruption in TCP/IP networking.

Missing bounds check when using TCP/IP networking driver could lead to
an out-of-bounds memory write. A local attacker could use this flaw to
cause memory corruption.

* CVE-2024-26736: Denial-of-service in Andrew File System (AFS).

A logic error when updating volume status in Andrew File System (AFS)
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2024-26779: Denial-of-service in mac80211 due to incorrect fast-xmit check.

A logic error when performing fast-xmit checks in the mac80211 driver
can lead to the use of uninitialized data, and a subsequent kernel
panic.  This flaw could potentially be exploited to cause a
denial-of-service

* CVE-2024-26782: Privilege escalation when creating Multipath TCP socket.

A logic error when creating a Multipath TCP socket could lead to a use-
after-free. A local attacker could use this flaw to escalate privileges
or facilitate an attack.

* CVE-2024-26805: Information leak in Netlink driver during packet creation.

An incorrect buffer length calculation when creating new packets in
the Netlink driver causes uninitialized memory to be copied into a
packet buffer. This flaw could be exploited to leak sensitive
information from the running kernel.

* CVE-2024-26809: Denial-of-service when destroying pipapo socket.

A logic error when destroying pipapo socket could lead to
use-after-free.  A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-26815: Privilege escalation in Time Aware Priority (taprio) Scheduler.

Incorrect check on parameters passed from userspace when using tarprio
could lead to an out-of-bounds memory write. A local attacker could use
this flaw to escalate privileges.

* CVE-2024-26851: Denial-of-service in Network packet filtering framework.

A missing check when using Network packet filtering framework
(Netfilter) could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service or facilitate an
attack.

* CVE-2024-26857: Information leak in Generic Network Virtualization Encapsulation driver.

During reception of packets in GENEVE driver, uninitialised memory can
be accessed due to incorrect handling of headers of the socket buffer.
An attacker (local or remote) can exploit this flaw to access sensitive
information from the kernel memory or facilitate an attack.

* CVE-2024-26863: Information leak in HSR networking stack.

Missing check for the HSR tag after the Ethernet header in the
High-availability Seamless Redundancy networking stack can lead
to accessing uninitialised memory. An attacker (local or remote)
can exploit this flaw to extract sensitive information from the
kernel memory or facilitate an attack.

* CVE-2024-26870: Denial-of-service when listing xattr in NFS client driver.

A logic error when listing xattr in NFS client driver could lead to a
kernel assert. A local attacker could use this flaw to cause a denial-
of-service.

* CVE-2024-26882: Information leak in IP tunneling stack.

During reception of packets in IP tunneling stack, uninitialised memory
can be accessed due to incorrect handling of headers of the socket
buffer. An attacker (local or remote) can exploit this flaw to access
sensitive information from the kernel memory or facilitate an attack.

* CVE-2024-26901: Information leak in file handle syscalls.

Incorrect initialisation in file handle code in core fs subsystem can
lead to an information leak. A local attacker can exploit this flaw to
extract sensitive information from the kernel memory or aid in other
types of attacks.

* CVE-2024-26921: Code execution in TCP/IP networking.

A logic error when handling IP packet fragments in TCP/IP networking
could lead to a use-after-free. A local attacker could use this flaw to
execute arbitrary code in kernel mode.

* CVE-2024-26924: Denial-of-service in Netfilter PIPAPO.

A logic error when using Network packet filtering framework (Netfilter)
Pile Packet Policies could lead to a kernel crash. A local attacker
could use this flaw to cause a denial-of-service.

* CVE-2024-26933, CVE-2024-26934: Denial-of-service in Host-side USB.

A locking error when using Host-side USB could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-26951: Code execution in WireGuard secure network tunnel.

A race condition when dumping device information after peers were
recently removed from an interface in wireguard could lead to a use-
after-free. A local attacker could use this flaw to execute arbitrary
code in kernel mode.

* CVE-2024-26958: Denial-of-service in NFS client driver.

A race condition in NFS client driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.

* CVE-2024-26973: Information leak in FAT filesystem.

Uninitialised field in FAT filesystem can eventually lead to memory
leak. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or facilitate an attack.

* CVE-2024-27025: Denial-of-service in Network block device driver.

A missing check when using status command in the Network block device
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2024-27031: Denial-of-service in NFS client support.

A race condition when using NFS client caching support could lead to
deadlock. A local attacker could use this flaw to cause a denial-of-
service.

* CVE-2024-27414: Out-of-bounds write in core net subsystem.

A logical error when handling rtnetlink RTM_SETLINK messages (which
is about modifying link configuration by a user) in the core net
subsystem can lead to an out-of-bounds write. A local attacker with
necessary privileges can exploit this flaw to cause denial-of-service
or privilege escalation.

* CVE-2024-35835: Double free in Mellanox MLX5 ARFS support.

Incorrect error handling in Mellanox MLX5 ethernet accelerated receive flow
steering (ARFS) support can lead to a double free. A local attacker could use
this flaw to cause a denial-of-service.

* CVE-2024-35840: Denial-of-service when receiving data over Multipath TCP socket.

A missing check when receiving data over Multipath TCP socket could lead
to accessing stale data. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-35888: Information leak in GRE over IP protocol decoder.

A logical error in GRE over IP protocol decoder doesn't ensure
existence of header in socket buffer, leading to uninitialised
memory being used. A local attacker can exploit this flaw to
extract sensitive information from the kernel memory or
facilitate an attack.

* CVE-2024-35910: Denial-of-service in IPv4 TCP networking stack.

A logical error in IPv4 TCP networking stack when handling timers upon
a kernel socket release can lead to a NULL pointer dereference. A local
attacker can exploit this flaw to cause a denial-of-service.

* CVE-2024-35939: Information leak in kernel DMA facilities.

A logic error when using kernel DMA with Intel TDX could lead to memory
pages being mishandled. A local attacker could use this flaw to extract
sensitive information.

* CVE-2024-35959: Denial-of-service in Mellanox devices driver.

A locking error when using the Mellanox devices driver could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-35973: Denial-of-service in Generic Network Virtualization Encapsulation.

A logic error when using Generic Network Virtualization Encapsulation
driver could lead to use of uninitialized memory. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2024-36006, CVE-2024-35853, CVE-2024-35855, CVE-2024-35854: Denial-of-service in Mellanox Technologies Switch ASICs driver.

A logic error when using the Mellanox Technologies Switch ASICs driver
could lead to a use-after-free. A local attacker could use this flaw to
leak information or to cause a denial-of-service.

* CVE-2024-36917: Privilege escalation in block layer driver.

A missing check when discarding blocks in the block layer driver
could lead to a buffer overflow. A local attacker could use this flaw to
escalate privileges.

* CVE-2024-36933: Information leak in Network Service Header protocol stack.

A logic error when using the Network Service Header protocol stack could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to extract sensitive information.

* CVE-2024-36974: Privilege escalation in Time Aware Priority Scheduler driver.

A missing check when using the Time Aware Priority Scheduler driver
could lead to an out-of-bounds memory access. A local attacker could use
this flaw to escalate privileges.

* CVE-2024-38618: Denial-of-service in the core sound subsystem (ALSA).

A missing check in the timer code of the core sound subsystem (ALSA)
could lead to tasks being stalled. A local attacker could use this
flaw to cause a denial-of-service.

* CVE-2024-39276: Resource leak in ext4 filesystem.

Incorrect reference counting when using the ext4 filesystem could lead
to a reference count leak. A local attacker could use this flaw to cause
a denial-of-service.

* CVE-2024-39499: Information leak in VMware VMCI Driver.

A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.

* CVE-2024-40901: Memory corruption in LSI Fusion-MPT SAS driver.

A logic error when using the LSI Fusion-MPT SAS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.

* CVE-2024-40940: Memory corruption in Mellanox devices driver.

A logic error when using the Mellanox devices driver could lead to a
use-after-free. A local attacker could use this flaw to cause memory
corruption.

* CVE-2024-40953: Privilege escalation in KVM driver.

Missing atomicity barriers in the KVM driver when using a variable to
fetch a vCPU could lead to an out-of-bounds memory access. A local
attacker could use this flaw to escalate privileges.

* CVE-2024-40990: Privilege escalation in Mellanox 5th generation network adapter (ConnectX series) driver.

A logic error when using the Mellanox 5th generation network adapter
(ConnectX series) driver could lead to an out-of-bounds memory access. A
local attacker could use this flaw to escalate privileges.

* CVE-2024-41063: Denial-of-service in core bluetooth subsystem.

A logic error when using the core bluetooth subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.

* CVE-2024-41079: Information leak in NVMe over Fabrics target subsystem.

A missing structure field initialization in the NVMe over Fabrics target
code could lead to leaking data from kernel memory. An attacker could
potentially use this flaw to extract sensitive information.

* CVE-2024-41082: Denial-of-service in NVMe over Fabrics host subsystem.

A logic error in the common NVMe over Fabrics host code could lead
to exhaustion of admin queue tags, which in some scenarios could
make the kernel unresponsive. An attacker could use this flaw to
cause a denial-of-service.

* CVE-2024-41098: Denial-of-service in SATA/PATA driver.

A missing check when using the SATA/PATA driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-42070: Privilege escalation in netfilter subsystem.

A logic error when using the netfilter subsystem could lead to a memory
leak. A local attacker could use this flaw to escalate privileges.

* CVE-2024-42114: Denial-of-service in Wireless driver.

A logic error when using the Wireless driver could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-42154: Information leak in TCP/IP networking stack.

A missing check when using the TCP/IP networking stack could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.

* CVE-2024-42159: Data corruption in Broadcom MPI3 Storage Controller Device driver.

A missing check when adding a SAS device to the SAS transport layer in
the Broadcom MPI3 Storage Controller Device driver could lead to an out-
of-bounds memory access. A local attacker could use this flaw to cause
data corruption.

* CVE-2024-43856: Denial-of-service in core kernel DMA code.

A logic error when using direct memory access could lead to freeing
unintended things. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-44947: Information leak in FUSE driver.

A missing page initialization when using the FUSE driver could lead
to later use of uninitialized kernel memory by userspace via mmap. A
local attacker could use this flaw to extract sensitive information.

* Resource leak in kernel oops handler.

A missing restriction on the number of times the kernel can oops before
crashing may lead to a leak of kernel resource such as reference counts,
locks or memory allocations. An attacker could abuse the oops handler to
cause a denial-of-service or execute arbitrary code.

* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2021-47429, CVE-2021-47524, CVE-2021-47525, CVE-2021-47526,
CVE-2022-0487, CVE-2022-40982, CVE-2022-48626, CVE-2022-48656,
CVE-2022-48669, CVE-2022-48672, CVE-2022-48803, CVE-2022-48871,
CVE-2023-4921, CVE-2023-52451, CVE-2023-52503, CVE-2023-52598,
CVE-2023-52606, CVE-2023-52607, CVE-2023-52611, CVE-2023-52617,
CVE-2023-52618, CVE-2023-52675, CVE-2023-52686, CVE-2023-52690,
CVE-2023-52696, CVE-2023-52708, CVE-2023-52775, CVE-2023-52789,
CVE-2023-52811, CVE-2023-52836, CVE-2023-52859, CVE-2023-52902,
CVE-2023-52915, CVE-2024-24856, CVE-2024-26618, CVE-2024-26625,
CVE-2024-26636, CVE-2024-26678, CVE-2024-26691, CVE-2024-26712,
CVE-2024-26715, CVE-2024-26717, CVE-2024-26771, CVE-2024-26775,
CVE-2024-26814, CVE-2024-26818, CVE-2024-26881, CVE-2024-26890,
CVE-2024-26895, CVE-2024-26919, CVE-2024-26957, CVE-2024-27063,
CVE-2024-27391, CVE-2024-35878, CVE-2024-35942, CVE-2024-36884,
CVE-2024-36926, CVE-2024-36928, CVE-2024-36945, CVE-2024-36977,
CVE-2024-38550, CVE-2024-39488, CVE-2024-39507, CVE-2024-40989,
CVE-2024-41064, CVE-2024-41065, CVE-2024-42230, CVE-2024-43842,
CVE-2024-45005, CVE-2024-26635

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.