[Ksplice][EL8-Updates] New Ksplice updates for OL 8 and RHEL 8 (ELSA-2023-5244)

Oracle Ksplice quentin.casasnovas at oracle.com
Thu Sep 28 07:25:01 UTC 2023

Synopsis: ELSA-2023-5244 can now be patched using Ksplice
CVEs: CVE-2023-2002 CVE-2023-3090 CVE-2023-35001 CVE-2023-35788 CVE-2023-3776 CVE-2023-4004

Systems running RHCK on Oracle Linux 8 and Red Hat Enterprise Linux 8
can now use Ksplice to patch against the latest Red Hat kernel update,
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running OL 8 and RHEL 8
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.

Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.

* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.

A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.

* CVE-2023-4004: Privilege escalation in netfilter PIPAPO.

A use-after-free when removing a policy from the netfilter Pile Packet
Policies subsystem might result in a denial-of-service or arbitrary code

* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount error.

Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a

* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.

A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack.  This flaw could be exploited by a
local attack to cause a denial of service, or other undefined behavior.

* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.

An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted.  This can allow
escalation of privileges, denial-of-service and information leak.


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL8-updates mailing list