[Ksplice][EL7-Updates] New Ksplice updates for OL 7, RHEL 7, CentOS 7, and Scientific Linux 7 (RHSA-2024:2004)

Oracle Ksplice gregory.herrero at oracle.com
Wed May 8 21:42:14 UTC 2024 

Synopsis: RHSA-2024:2004 can now be patched using Ksplice
CVEs: CVE-2020-36558 CVE-2023-2002 CVE-2023-25775 CVE-2023-4622 CVE-2023-4623

Systems running RHCK on Oracle Linux 7, Red Hat Enterprise Linux 7,
CentOS 7, and Scientific Linux 7 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2024:2004.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 7, RHEL 7,
CentOS 7, and Scientific Linux 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-4622: Use-after-free when sending data through Unix sockets.

A locking error when sending data through a Unix sockets that is
concurrently being pruned from garbage collected file descriptors could
lead to a use-after-free.  A local, unprivileged user could use this flaw
to cause a denial-of-service or escalate its privileges.


* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.

An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted.  This can allow
escalation of privileges, denial-of-service and information leak.


* CVE-2023-25775: Information disclosure in the Intel(R) Ethernet Controller RDMA driver.

A flaw in irdma allows to program zero-length STAGs in hardware. An
attacker could use this flaw to access sensitive kernel information.


* CVE-2020-36558: Denial-of-service in control plane of VT subsystem.

A NULL pointer dereference in the VT subsystem could result in a kernel
crash when issuing ioctl. A local user could use this flaw to crash
the system.


* CVE-2023-4623: Use-after-free in in the Traffic Control subsystem.

A flaw in net/sched: sch_hfsc component may lead to a use-after-free. A
local user could use this flaw for privilege escalation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL7-updates mailing list