From el-errata at oss.oracle.com Sat Mar 1 12:22:53 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Sat, 1 Mar 2025 12:22:53 +0000 Subject: [El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20100) References: Message-ID: Synopsis: ELSA-2025-20100 can now be patched using Ksplice CVEs: CVE-2024-38538 CVE-2024-49996 CVE-2024-50264 CVE-2024-50265 CVE-2024-50273 CVE-2024-50278 CVE-2024-50279 CVE-2024-50301 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53140 CVE-2024-53141 CVE-2024-53146 CVE-2024-53155 CVE-2024-53173 CVE-2024-53174 CVE-2024-53680 CVE-2024-56558 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56637 CVE-2024-56650 CVE-2024-56739 CVE-2024-56770 CVE-2024-57850 CVE-2024-57901 CVE-2024-57902 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20100. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20100.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-38538: Data corruption in 802.1d Ethernet Bridging. A missing check when sending a short skb in the 802.1d Ethernet Bridging driver could lead to use of uninitialized memory. An attacker could use this flaw to cause data corruption. * CVE-2024-49996: Privilege escalation in SMB3 and CIFS driver. A missing check when parsing NFS reparse points in the SMB3 and CIFS driver could lead to an out-of-bounds memory access. A remote attacker could use this flaw to escalate privileges. * CVE-2024-50264: Privilege escalation in Virtual Socket protocol driver. A missing variable initialization during loopback communication in the Virtual Socket protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-50265: Denial-of-service in OCFS2 filesystem. A logic error when setting extended attributes in the OCFS2 filesystem could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50273: Denial-of-service in Btrfs filesystem driver. A logic error when handling delayed reference counting in the Btrfs filesystem driver could lead to a use-after-free. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50278, CVE-2024-50279: Privilege escalation in Cache target driver. Logic errors when manipulating cache in the Cache target driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-50301: Privilege escalation in Keyring subsystem. A missing check when checking if a key can be used in the Keyring subsystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-53103: Privilege escalation in Virtual Socket protocol driver. A missing variable initialization when destroying socket in the Virtual Socket protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53104: Privilege escalation in USB Video Class driver. A missing check when using the UVC driver could lead to an out-of-bounds memory write. A local attacker could use this flaw to escalate privileges. * CVE-2024-53112: Denial-of-service in OCFS2 filesystem. A missing check when using OCFS2_IOC_GROUP_ADD ioctl in the OCFS2 filesystem could lead to a kernel assertion failure. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-53140: Privilege escalation in netlink driver. A logic error when using the netlink driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53141: Privilege escalation in netfilter (IP set) subsystem. A missing check when updating the bitmap for IP addresses in the netfilter subsystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-53146: Information leak in NFS server driver. A logic error when using the NFS server driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to extract sensitive information. * CVE-2024-53155: Information leak in OCFS2 filesystem. A missing variable initialization when using the OCFS2 filesystem could lead to use of uninitialized memory. A local attacker could use this flaw to extract sensitive information. * CVE-2024-53173: Privilege escalation in NFS client driver. A logic error when opening multiple files concurrently in the NFS client driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53174: Privilege escalation in SUNRPC networking stack. A missing check when using the SUNRPC networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53680: Denial-of-service in IP virtual server driver. Undefined behaviour in the IP virtual server driver could lead to a kernel panic. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56558: Privilege escalation in NFS server driver. A missing check when using the NFS server driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56600: Privilege escalation in IPv6 networking stack. A missing variable initialization when creating a socket fails in the IPv6 networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56601: Privilege escalation in IPv4 networking stack. A missing variable initialization when creating a socket fails in the IPv4 networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56602: Privilege escalation in IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver. A missing variable initialization when creating a socket fails in the IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56603: Privilege escalation in CAN bus subsystem driver. A missing variable initialization when creating a CAN socket fails in the CAN bus subsystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56605: Privilege escalation in Bluetooth subsystem driver. A missing variable initialization when creating a l2cap socket fails in the Bluetooth subsystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56606: Privilege escalation in packet protocol networking stack. A logic error when using the packet protocol networking stack could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-56637: Denial-of-service in netfilter (IP set) subsystem. A logic error when using the netfilter (IP set) subsystem could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56650: Privilege escalation in netfilter subsystem. A missing check when using the netfilter subsystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-56739: Denial-of-service in RTC subsystem. A locking error when using the RTC subsystem could lead to kernel soft-lockup. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-56770: Privilege escalation in network emulator. A logic error when using the network emulator could lead to an integer overflow. A local attacker could use this flaw to escalate privileges. * CVE-2024-57850: Memory corruption in JFFS2 filesystem. A missing check when using the JFFS2 filesystem could lead to an out-of-bounds memory write. A local attacker could use this flaw to cause memory corruption. * CVE-2024-57901, CVE-2024-57902: Remote denial-of-service in packet protocol networking stack. A logic error when receiving a message using the packet protocol networking stack could lead to a kernel panic. A remote attacker could use this flaw to cause a denial-of-service. * Denial-of-service in Mellanox network adapter driver. A logic error in the Mellanox network adapter driver code causes truncation of the user access region (UAR) page index when using the dynamic UAR feature if there are more than 35,000 completion queues, leading to severe performance degradation and eventually a denial-of-service. Orabug: 37029739 * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2022-49034, CVE-2024-43098, CVE-2024-50051, CVE-2024-50269, CVE-2024-50287, CVE-2024-50296, CVE-2024-53130, CVE-2024-53131, CVE-2024-53145, CVE-2024-53148, CVE-2024-53158, CVE-2024-53161, CVE-2024-53165, CVE-2024-53181, CVE-2024-53183, CVE-2024-53184, CVE-2024-56548, CVE-2024-56562, CVE-2024-56567, CVE-2024-56572, CVE-2024-56581, CVE-2024-56586, CVE-2024-56595, CVE-2024-56596, CVE-2024-56597, CVE-2024-56598, CVE-2024-56619, CVE-2024-56634, CVE-2024-56643, CVE-2024-56645, CVE-2024-56659, CVE-2024-56691, CVE-2024-56700, CVE-2024-56704, CVE-2024-56723, CVE-2024-56724, CVE-2024-56746, CVE-2024-56766, CVE-2024-56781, CVE-2024-57849 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.