[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2018-d82b617d6c)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Feb 6 10:08:04 PST 2018
Synopsis: FEDORA-2018-d82b617d6c can now be patched using Ksplice
CVEs: CVE-2017-5715 CVE-2018-1000004 CVE-2018-1000028 CVE-2018-5750
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-d82b617d6c.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Integer overflow when re queuing a futex.
A missing check when calling futex system call with "requeue" option could
lead to an integer overflow. A local attacker could use this flaw to
cause a denial-of-service.
* NULL pointer dereference when allocating context in Intel OPA Gen1 driver.
A logic error when allocating context through an ioctl in Intel OPA Gen1
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* Out-of-bounds access when querying queue-pairs in Mellanox Connect-IB HCA driver.
A missing check when querying queue-pairs in Mellanox Connect-IB HCA
driver could lead to an out-of-bounds access. A local attacker could use
this flaw to cause a denial-of-service.
* Out-of-bounds access when sending messages over a PF_KEYv2 socket.
A missing check when verifying address length of a message sent over a
PF_KEYv2 socket could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service.
* Use-after-free on connection error in iSCSI Extensions for RDMA driver.
A missing release of resources in handling of connection establishment
error in iSCSI Extensions for RDMA driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free while offlining a CPU when Intel Resource Director Technology is enabled.
A logic error when putting a CPU offline in Intel Resource Director
Technology could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.
* Denial-of-service when allocating an interrupt vector.
A logic error in error path when allocating an interrupt vector could
lead to an incorrect freeing of resource and flood the kernel log
buffer with warnings. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free in Synaptics RMI4 bus driver.
A logic error when using Synaptics RMI4 bus driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access when reading data over I2C bus.
A missing check on user input when reading data over I2C bus could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* Invalid memory access while reading process stat while a coredump happens.
A missing check when reading process stat while triggering a coredump on
this process could lead to an invalid memory access. A local attacker
could use this flaw to cause a denial-of-service.
* Out-of-bounds access when using DRM driver for VMware Virtual GPU.
A logic error when using DRM driver for VMware Virtual GPU could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* Invalid memory access when storing integrity information through device-mapper.
An access of a DMA to data stored in stack when storing integrity
information through device-mapper could lead to an invalid memory
access. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access when setting a key for a dm-crypt device.
A missing check when setting a key for a dm-crypt device could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* Data corruption when setting key for a cryptographic device mapper.
A logic error when setting a key for cryptographic device mapper could
lead to wrong initialization vector used to encrypt/decrypt and lead to
data corruption.
* Use-after-free when purging on-going requests on Orange filesystem.
A logic error when purging on-going requests on Orange filesystem could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.
* Use-after-free when doing a lookup using xfrm IP framework.
A race condition when doing a lookup using xfrm IP framework could lead
to use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Memory leak when sending packets over CCID-2 DCCP socket.
A logic error when sending packets over CCID-2 DCCP socket could lead
to a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.
* Denial-of-service when using too small MTU on udpv6 socket.
A missing check when sending messages over an udpv6 socket with a
too small MTU configured could lead to a kernel assert. A local attacker
could use this flaw to cause a denial-of-service.
* Invalid memory access when using corking over ipv6.
A logic error when using corking over ipv6 could lead to an invalid
memory access. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access when initializing network qdisc scheduler.
A logic error when initializing network qdisc scheduler could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when sending message over point-to-point protocol socket.
A missing check when sending message over a point-to-point protocol
socket connected to a GRE device could lead to a kernel assert. A local
attacker could use this flaw to cause a denial-of-service.
* Deadlock when registering a network point-to-point protocol device.
A locking error when registering a point-to-point protocol device could
lead to a deadlock. A local attacker could use this flaw to cause a
denial-of-service.
* Memory corruption when retrieving statistics of Realtek 8169 ethernet device.
A logic error when retrieving hardware statistics of Realtek 8169
gigabit ethernet device could lead to a memory corruption. A local
attacker could use this flaw to cause a denial-of-service.
* Denial-of-service when binding an ipv6 address to an ipv4 socket.
A logic error when binding a v4mapped ipv6 address to an ipv4 socket
could lead to a kernel crash. A local attacker could use this flaw to
cause a denial-of-service.
* Memory leak when parsing nodes using Transparent Inter Process Communication protocol.
A logic error in error path when parsing nodes using Transparent Inter
Process Communication protocol could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.
* NULL pointer dereference when using invalid GSO packets with segmentation offload.
A missing check when using invalid GSO packets with segmentation offload
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Memory leak when detaching a Universal TUN/TAP device.
A logic error when detaching a Universal TUN/TAP device could lead to a
memory leak. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when receiving packet over a Netlink socket.
A missing initialization when receiving packet over a Netlink socket
could lead to a kernel warning. A local attacker could use this flaw to
flood kernel log buffer and cause a denial-of-service.
* Divide by zero error when using Mellanox Technologies ConnectX-4 Ethernet driver.
A missing check when using Mellanox Technologies ConnectX-4 driver could
lead to a divide by zero error. A local attacker could use this flaw to
cause a denial-of-service.
* Use-after-free when using Transport Layer Security on listening TCP socket.
A missing check when initializing TLS for a listening TCP socket could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.
* Memory leak when setting options for Transport Layer Security socket.
A logic error in error path when setting socket options for Transport
Layer Security socket could lead to a memory leak. A local attacker
could use this flaw to exhaust kernel memory and cause a
denial-of-service.
* Memory leak when closing VMware VMXNET3 ethernet device.
A logic error when closing VMware VMXNET3 ethernet device could lead to
a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.
* CVE-2018-1000028: Permission bypass when using rootsquash with NFS.
A logic error when using rootsquash feature of NFS could lead to a
permission bypass. A remote attacker could use this flaw to access
sensitive information stored on a shared filesystem.
* Divide by zero errors when running an eBPF program.
A missing check when running an eBPF program could lead to a divide by
zero error. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access when using flow dissector on a SKB.
A logic error when using flow dissector on a SKB could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2018-5750: Information leak when registering ACPI Smart Battery System driver.
A too verbose printk when registering ACPI Smart Battery System driver
leaks kernel addresses. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.
* CVE-2018-1000004: Use-after-free when using MIDI sequencer ioctl.
A race condition when using MIDI sequencer ioctl could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Improved fix for CVE-2017-5715: Spectre bypass using return stack buffer on some CPUs.
A missing filling of return stack buffer on context switch for Intel
Skylake CPUs could lead to speculative code execution, potentially
allowing a malicious user to leak information from the host kernel.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list