[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2018-4ca01704a2)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Apr 26 03:02:23 PDT 2018
Synopsis: FEDORA-2018-4ca01704a2 can now be patched using Ksplice
CVEs: CVE-2018-10021
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-4ca01704a2.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service when shutting down iSCSI transport interface.
Logic errors when shutting down iSCSI transport interface without logging
out could cause a deadlock. A local attacker could use this flaw to
cause a denial-of-service.
* Denial-of-service in network device tunnel name setting.
Missing validation of user supplied tunnel names could result in kernel
stack corruption and a denial of service, or potentially privilege
escalation.
* Denial-of-service in network scheduler initialization.
Multiple NULL pointer dereferences in the network scheduler code could
result in a kernel crash. A local, privileged user could use this flaw
to crash the system.
* IPv6 IPSEC bypass with source address NAT.
Missing handling of source address Network Address Translation (NAT)
could result in failing to match a transformation policy and bypassing
an IPSEC tunnel.
* Denial-of-service in thermal power allocator.
Missing locking in the thermal power allocator could result in a
use-after-free and kernel crash during thermal zone updates.
* Use-after-free in Microchip LAN7800 USB network adapter.
Failure to clean up asynchronous work during initialization and removal
could cause a use-after-free and kernel crash. A physically present
user could use this flaw to crash the system.
* Denial-of-service in device frequency scaling governors.
A missing NULL pointer check when setting the device frequency scaling
governor could trigger a kernel crash. A local, privileged user could
use this flaw to crash the system.
* NULL pointer dereference in GPIO descriptor validation.
Incorrect assignment before checking of a GPIO descriptor could result
in dereferencing an invalid pointer and a kernel crash.
* Denial-of-service in F2FS filesystem ranges.
Missing locking could result in deadlock and a kernel hang when
inserting or collapsing ranges. A local, unprivileged user could use
this flaw to trigger a denial of service.
* Denial-of-service in Videobuf2 queue allocation.
Missing validation of the user supplied buffer count could result in an
out-of-bounds memory access and kernel crash. A local user with access
to the video device could use this flaw to crash the system or
potentially, escalate privileges.
* Use-after-free in block device queue mapping.
Missing reinitialization of the queue map when updating block multiqueue
queues could result in the dereference of an invalid pointer and kernel
crash.
* Use-after-free in block IO scheduler update.
Missing synchronization could result in a use-after-free when updating
the IO scheduler. A local, privileged user could use this flaw to crash
the system.
* Use-after-free in Mellanox MLX5 RoCE enable.
A race condition in enabling and disabling RoCE support on an MLX5
adapter could result in a use-after-free and kernel crash.
* NULL pointer dereference in block multiqueue cleanup.
A missing check for a mapped queue could result in a NULL pointer
dereference and kernel crash when removing a block device from the
system.
* Use-after-free in Intel 10GbE PCIE Virtual Function disable.
Missing synchronization when disabling or resetting a Virtual Function
could result in a use-after-free and kernel crash. A local, privileged
user could use this flaw to crash the system.
* Kernel hang in target core command queuing.
Incorrect handling of insufficient resources could result in deadlock
and a kernel hang under IO pressure.
* Use-after-free in Intel INT340X thermal driver.
Missing resource deallocation on probe failure could result in dangling
sysfs files and ACPI device which would trigger a kernel crash on
access.
* Denial-of-service in IPv6 header chain fragmentation.
Excessive extheaders in an IPv6 datagram beyond the PMTU size could
result in a kernel crash. A local, unprivileged user could use this
flaw to crash the system.
* Kernel crash in Microchip LAN78XX USB Ethernet bind failure.
Missing resource cleanup on bind failure could result in a
use-after-free and kernel crash.
* Kernel crash in Distributed Switch Architecture (DSA) with incorrect port.
Incorrect handling of a frame with an unexpected CPU port would result
in a kernel crash when incrementing receive statistics.
* Kernel information leak in network receive.
Incorrect accesses for the frame Ethernet header could result in an
out-of-bounds access and kernel information leak under specific
conditions when receiving a frame.
* Kernel information leak in netlink socket connect().
Missing validation of the socket address when performing connect() on a
netlink socket could result in leaking information from the kernel
stack. A local user could use this information to leak the kernel
address.
* NULL pointer dereference in network BPF cleanup.
Incorrect error handling when validating a BPF program could result in a
NULL pointer dereference and kernel crash. A local, privileged user
could use this flaw to crash the system.
* Use-after-free in PPTP connect().
Invalid reference counting could result in a use-after-free and kernel
crash in the PPTP connect() function.
* NULL pointer dereference in Realtek R8169 device probing.
A race condition between device registration and initialization could
result in a NULL pointer dereference and kernel crash.
* Information leak in SCTP recvmmsg().
Missing initialization of the address field could result in leaking up
to 8 bytes of kernel memory to user-space. A local, unprivileged user
could use this flaw to leak privileged memory contents.
* Uninitialized memory use in SCTP socket bind.
Missing validation could result in using uninitialized memory when
binding an SCTP socket resulting in incorrect address decoding.
* Denial-of-service Vhost virtio net accelerator polling.
Missing error handling in the vhost polling could result in a
use-after-free and kernel crash.
* Use-after-free in Virtual Routing and Forwarding (VRF) driver.
Missing error handling on VRF output could result in a use-after-free or
double-free and kernel crash.
* Denial-of-service in bonding enslave.
Incorrect error handling when enslaving a bonding device could result in
a deadlock and kernel hang. A local privileged user could use this flaw
to hang the system.
* Use-after-free in network scheduler key deletion.
Failure to remove a key from internal kernel data structures could
result in a use-after-free or memory leak.
* Kernel crash in Mellanox MLX5e device with IPv6 stub.
Incorrect handling of the IPv6 stub when IPv6 is disabled could result
in dereferencing an invalid pointer and subsequently, a kernel crash.
* Use-after-free in Mellanox MLX5 eswitch flow failure.
Missing error handling when configuring flows could result in a memory
leak or double-free followed by a kernel crash.
* Denial-of-service in network stream parser.
Incorrect error reporting in the network stream parser could result in
infinite loops or invalid data reporting.
* Kernel crash in vhost log bitmap.
Missing validation of a user supplied bitmap could result in triggering
a kernel assertion and crash. A local, privileged user could use this
flaw to crash the system.
* Denial-of-service in teaming port addition.
Incorrect error handling when adding a port to a teamed network device
could result in a deadlock and kernel hang. A local privileged user
could use this flaw to hang the system.
* CVE-2018-10021: Denial-of-service in SAS device abort and failover.
Incorrect error handling when aborting or failing over a SAS device
could result in resource starvation and IO hangs. A physically present
malicious user could use this flaw to cause a denial of service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list