[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-81c8b510a2)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Oct 12 05:43:37 PDT 2017


Synopsis: FEDORA-2017-81c8b510a2 can now be patched using Ksplice
CVEs: CVE-2017-1000252 CVE-2017-14156 CVE-2017-14489 CVE-2017-14954

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-81c8b510a2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-1000252: Denial-of-service when receiving out of bounds KVM's guest interrupts.

A kernel assert when receiving out of bounds guest interrupts in KVM
could lead to a kernel hang. A local attacker from a guest VM could use
this flaw to cause a denial-of-service.


* CVE-2017-14156: Information leak in the ATI Rage 128 video drivers when copying clock information.

A missing struct initialization when copying clock information could lead
to uninitialized memory being leaked to userspace.  This could help an
attacker bypass protections like ASLR or infer memory layouts that would
otherwise be hidden.


* Denial-of-service during CIFS connection opening.

A failure to clear memory in an error path can result in the Kernel
accessing invalid memory, leading to a Kernel crash or undefined
behaviour. A local user with access to a CIFS filesystem could use this
flaw to cause a denial-of-service.


* Out-of-bounds memory access during MMC probe.

A race condition during probe of an MMC device can result in an
out-of-bounds memory access leading to a Kernel crash or other undefined
behaviour. A local user with access to an MMC device could use this flaw
to cause a denial-of-service.


* Denial-of-service in SCSI FiberChannel job timeout handling.

A logic error in timeout handling of SCSI FiberChannel job timeouts can
result in a NULL pointer dereference, leading to a kernel crash.


* CVE-2017-14489: NULL pointer dereference in the SCSI transport layer.

A logic error when checking the bounds to be read from a netlink socket in
the SCSI could lead to a NULL pointer dereference.  A local user could use
this flaw to cause a denial-of-service.


* Denial-of-service in Deterministic Random Bits Generator cleanup.

A logic error in the Deterministic Random Bits Generator cleanup
handling can result in the Kernel attempting to free an invalid pointer,
leading to a Kernel crash. A local user with access to the crypto
subsystem could use this flaw to cause a denial-of-service.


* Information disclosure during free of a big_key.

A failure to correctly zero memory when freeing a big key in key
subsystem can result in sensitive information being left in memory. A
local user could use this flaw to facilitate a further attack.


* Use-after-free in SCSI Generic block device job error case.

An incorrect free during the error path of job creation for an SCSI
Generic block device can result in potential a use-after-free. A local
user with access to a SCSI Generic block device could use this flaw to
potentially escalate privileges.


* Denial-of-service in Chelsio gigabit ethernet adapter listen error handling.

A failure to correctly clean up after an error in the listen handler of
the cxgb4 driver can result in the access of freed memory, leading to a
kernel crash or undefined behaviour. A local user could use this flaw to
cause a denial-of-service.


* Denial-of-service due to unbalanced reference count during cxgb4 accept.

A failure to decrement a reference count can result in a memory leak
which could lead to kernel memory exhaustion. A local user could use
this flaw to cause a denial-of-service.


* Guest crash during KVM page fault.

A logic error in KVM page fault handling during a guest RCU critical
section can result in a guest crash.


* CVE-2017-14954: Information disclosure from waitid.

A logic error in the waitid implementation can result in Kernel memory
being disclosed to userspace. A local user could use this flaw to
facilitate a further attack.


* Denial-of-service in futex reference count manipulation.

A race condition due in improper locking in the futex implementation can
result in undefined behaviour, leading to a Kernel crash or potentially
other consequences. A local user could use this flaw to cause a
denial-of-service.


* Denial-of-service during BTRFS relocation removal.

A logic error when freeing a relocation can result in a NULL pointer
dereference, leading to a Kernel crash. A local user with the ability to
rebalance or remove devices from a BTRFS filesystem could use this flaw
to cause a denial-of-service.


* Denial-of-service in BTRFS extent cleanup.

A failure to correctly cleanup extents in BTRFS filesystems mounted with
nospace_cache can result in a Kernel crash. A local user with access to
a BTRFS filesystem could use this flaw to cause a denial-of-service.


* Denial-of-service in BTRFS deduplication implementation.

A failure to correctly handle an error case can result in the access of
freed pages, leading to undefined behaviour. A local user could use this
flaw to cause a denial-of-service.


* Denial-of-service due to invalid default subvolume ID.

A failure to validate the specified ID when setting the default
subvolume can result in an unmountable filesystem. A local user with the
ability to set the default subvolume ID of a BTRFS filesystem could use
this flaw to cause a denial-of-service.


* Denial-of-service in Memory Protection Key fault handling.

A logic error in the Memory Protection Keys subsystem can result in
undefined behavior, leading to a Kernel crash or other unspecified
consequence. A local user with access to Memory Protection Keys could
use this flaw to cause a denial-of-service.


* Information disclosure in FPU restoration after signal.

A failure to correctly handle an error case can result in a warning
being displayed and FPU information from another process being leaked. A
local user could use this flaw to facilitate a further attack.


* Use-after-free in seccomp filter reference count handling.

A logic error when manipulating reference counts for seccomp filters can
result in unbalanced references, leading to potential memory leaks or
use-after-free. A local user could use this flaw to potentially escalate
privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the Ksplice-Fedora-26-Updates mailing list