[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2018-18754260e4)

[Oracle Ksplice]

Synopsis: FEDORA-2018-18754260e4 can now be patched using Ksplice
CVEs: CVE-2017-5753

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-18754260e4.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service with Bluetooth HCI send failure.

A logic error in the Bluetooth code could allow a double free to occur in
cases of a HCI send failure, leading to possible memory corruption or a
kernel crash.  A local user could exploit this to cause a denial-of-service.


* Memory leak in Snapdragon SoC driver when failing to get pages.

A logic error in the Snapdragon SoC driver causes a memory leak when
the get pages code fails.  This could be exploited to cause a
denial-of-service.


* Memory leak in MMC Extended CSD retrieval.

A missing free in the MMC code could lead to a memory leak after retrieving
the Extended CSD for a card.  This could be used to cause a denial-of-service.


* NULL pointer dereference in AC100 RTC driver interrupts.

A race condition in the AC100 RTC driver could lead to a NULL pointer
dereference and kernel panic.  This could cause a denial-of-service.


* Denial-of-service in Infiniband MLX5 Shared Receive Queue creation.

A failure to validate user input when creating a SRQ in the MLX5 driver
could lead to an integer overflow. A local user could use this flaw to
cause a denial-of-service.


* Information leak in Infiniband VMware Paravirtualized RDMA user ABI.

A failure to properly initialize user structures in the ABI functions for
the Infiniband vmw_pvdma code could result in uninitialized memory being
returned to the user, leading to a kernel information leak.


* Denial-of-service in RDMA UCMA IP multicast join request.

A failure to validate user input in the RDMA User Connection Manager Access
(UCMA) code could lead to an invalid pointer access and subsequent kernel
memory corruption or panic.  This could be used to cause a denial-of-service.


* Denial-of-service in ALSA loopback open and close.

A race condition in the ALSA driver's loopback code could cause an
invalid memory access, leading to kernel memory corruption or panic.
This could be used to cause a denial-of-service.


* Denial-of-service in Infiniband MLX5 memory region release.

A logic error in the Infiniband MLX5 driver could lead to invalid memory
being accessed and cause memory corruption of a kernel panic.  A malicious
user could exploit this to cause a denial-of-service.


* Denial-of-service in ATAPI-relayed SCSI commands.

A missing check in the SCCI atapi code could lead to an invalid
memory write and possible memory corruption or kernel panic.  A
malicious user could use this to cause a denial-of-service.


* Invalid rule checking for threaded modes in cgroup.

A logic mistake in the cgroup code could allow a domain cgroup
to become threaded when it shouldn't be.


* Denial-of-service in NFS server when clients leave.

A failure to properly remove lock owners on client teardown in the nfsd
code could lead to kernel panics.  This could be exploited by a client
to cause a denial-of-service.


* Denial-of-service in remap_file_pages with hugetlbfs.

A failure to verify passed-in values in the hugetlb code could
to an integer overflow and subsequent kernel BUG.  An attacker
could exploit this to cause a denial-of-service.


* Denial-of-service with USB displaylink video adapter framebuffers mmap.

A missing check in the USB displaylink video adapter code could allow
some invalid numbers to be passed into the framebuffer mmap. This could
be used to cause a denial-of-service.


* Denial-of-service when flushing dirty cgroup pages.

A failure to properly wake up threads when flushing pages used by
cgroups could lead to a memory leak and subsequent OOM.  This could
be used to cause a denial-of-service.


* Denial-of-service in NCP filesystem server during mmap.

A failure to verify bounds in the NCP filesystem on the server side
could lead to memory corruption and a kernel panic.  This could be
exploited to cause a denial-of-service.


* Improved fix for CVE-2017-5753: Speculative execution in posix timers.

The posix timers clock array is vulnerable to a Spectre variant 1
side-channel attack.  An attacker could exploit this flaw to read
arbitrary memory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.