[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-7810b7c59f)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Jan 5 04:17:33 PST 2018
Synopsis: FEDORA-2017-7810b7c59f can now be patched using Ksplice
CVEs: CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-7810b7c59f.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service when binding a packet on a socket while a notification is raised.
A race condition when binding a packet on a socket while a notification
is raised on this socket could lead to a kernel assert. A local attacker
could use this flaw to cause a denial-of-service.
* Memory leak when listening to Transparent Inter Process Communication socket.
A missing free in error path when listening to a Transparent Inter
Process Communication (TIPC) socket could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.
* Memory leak using Host kernel accelerator for virtio net.
An error in handling of SKB when receiving packets over Virtio Network
driver could lead to a memory leak. A local attacker could use this flaw
to cause a denial-of-service.
* NULL pointer dereference when setting options for RDS over Infiniband socket.
A missing check when setting RDS_GET_MR option for RDS over Infiniband
socket could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* Denial-of-service when using a socket filter on a TCP socket.
A logic error when using a socket filter on a TCP socket could lead to a
kernel stack corruption. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free while removing a packet socket from a fanout group.
A logic error while removing a packet socket from a fanout group could
lead to a race condition. A local attacker could use this flaw to cause
a denial-of-service.
* Invalid memory access when inserting a request socket into TCP inet hashtable.
A logic error when inserting a request socket into TCP inet hashtable
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
* Divide by zero error when using IP bearer with the TIPC protocol.
A logic error when using IP bearer with the TIPC protocol could lead to
a divide by zero error. A local attacker could use this flaw to cause a
denial-of-service.
* Memory leak when using TAP userspace interface.
A missing free of resources when using TAP userspace interface could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.
* Memory leak when using universal TUN/TAP device driver.
A missing free of resources when using universal TUN/TAP device driver
could lead to a memory leak. A local attacker could use this flaw to
cause a denial-of-service.
* NULL pointer dereference when accepting or peeling off a SCTP socket.
A logic error when accepting or peeling off a SCTP socket could lead to
a NuLL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* NULL pointer dereference when unregistering a NVMe device over Fabrics RDMA.
A logic error when unregistering a NVMe device over Fabrics RDMA could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.
* Denial-of-service when syncing hard disk partitions using RAID.
A logic error when syncing hard disk partitions using RAID could lead to
a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.
* Memory leak when bitmap is loaded in RAID or LVM driver.
A missing free when bitmap is loaded in RAID or LVM driver could lead to
a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.
* Deadlock when unmounting resctrl Intel file system.
A locking error when unmounting resctrl Intel file system could lead to
a deadlock. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when using DVB frontend.
Multiple errors when using DVB frontend could lead to a use-after-free
or a memory leak. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2017-17712: Information leak in raw IPV4 socket sendmsg().
A race condition in the raw_sendmsg() call for IPV4 raw sockets could
allow a local user to leak the contents of kernel memory.
* CVE-2017-17806: Denial-of-service in HMAC algorithms.
Invalid algorithm combinations could result in buffer overflows or other
undefined behaviour when using a keyed hash algorithm. A local,
unprivileged user could use this flaw to crash the system, or
potentially, escalate privileges.
* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.
Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash. A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.
* CVE-2017-17741: Denial-of-service in kvm_mmio tracepoint.
An out-of-bounds access in the kvm_mmio tracepoint could result in a
kernel crash. A malicious guest could use this flaw to crash the
virtualization host.
* Use-after-free in authenticated encryption NULL cipher.
Incorrect reference count manipulation when freeing a NULL authenticated
encryption cipher in the crypto subsystem can result in an early free
leading to a use-after-free. A local user could use this flaw to
escalate privileges.
* Denial-of-service during RSA verification operation.
A logic error when parsing an RSA key can result in reading one byte
past the end of an allocated buffer. A local user could use this flaw to
cause a Kernel crash, resulting in a denial-of-service.
* Denial-of-service in AF_ALG resource cleanup.
A failure to correctly handle an error case can result in a NULL pointer
dereference leading to a Kernel crash and denial-of-service.
* Denial-of-service during CIFS filesystem read operation.
A failure to correctly handle an error case can result in a NULL pointer
dereference leading to a Kernel crash and denial-of-service.
* Denial-of-service due to race condition in NFS permissions caching.
A race condition in the NFS server implementation when processing group
ownership information can result in corruption of groups leading to
permissions denials for clients. A remote user with access to an NFS
filesystem could use this flaw to cause a denial-of-service.
* CVE-2017-16914: Denial-of-service in USB over IP NULL transfer buffer handling.
A failure to correctly validate a NULL transfer buffer in the USB over
IP subsystem can result in a NULL pointer dereference, leading to a
Kernel crash. A local user with access to a USB over IP device could use
this flaw to cause a denial-of-service.
* Denial-of-service due to race in XHCI virtual device addition.
A race condition when adding new virtual XHCI devices can result in a
NULL pointer dereference leading to a Kernel crash.
* Denial-of-service in Infiniband alternate port number setting.
A failure to validate an alternate port number supplied from userspace
can result in a out-of-bounds access, leading to a Kernel crash. A local
user with access to an Infiniband device could use this flaw to cause a
denial-of-service.
* Denial-of-service in NFS server inode commit handling.
A logic error when processing an inode with no pending commit requests
can lead to a Kernel crash.
* Use-after-free in SCSI request queue debug information retrieval.
A race condition when fetching SCSI request queue debug information can
result in a use-after-free. A local user with access to debugfs could
use this flaw to cause a denial-of-service, or potentially escalate
privileges.
* Denial-of-service during device mapper thin pool module load.
A race condition when loading the thin pool device mapper target and
attempting to create a thin pool can result in a NULL pointer
dereference leading to a Kernel crash. A local user with the ability to
administer the device mapper could use this flaw to cause a
denial-of-service.
* Denial-of-service in ext4 access control list processing for new inodes.
A failure to handle an error case when an ACL is not available for an
inode can result in an invalid pointer dereference leading to a Kernel
crash. A local user with access to an ext4 filesystem could use this
flaw to cause a denial-of-service.
* Denial-of-service during mount of ext4 filesystem with small directory entry.
A failure to handle an error case where the size of a directory is
smaller than the block size of the filesystem can result in undefined
behaviour leading to a Kernel crash. A local user with the ability to
mount filesystems could use this flaw to cause a denial-of-service.
* Use-after-free in Thunderbolt PCI Express device activation.
A logic error when activating PCI Express devices over Thunderbolt can
result in a use-after-free. A local user could use this flaw to cause
undefined behaviour or potentially escalate privileges.
* Information disclosure in IP Virtual Server procfs output.
A failure to correctly handle network namespaces in the procfs output
from the IP Virtual Server implementation can result in the disclosure
of information from other network namespaces. A local user could use
this flaw to facilitate a further attack.
* Use-after-free in iSCSI target command rejection.
A race condition in the iSCSI target driver when rejecting a command can
result in a use-after-free.
* Denial-of-service in iSCSI target registration.
A failure to free memory in an error case can result in a memory leak. A
local user with the ability to configure iSCSI could use this flaw to
exhaust system memory resulting in a denial-of-service.
* Use-after-free when closing Bluetooth tty.
A race condition when closing a Bluetooth tty can result in a
use-after-free. A local user with access to a Bluetooth tty could use
this flaw to cause a Kernel crash or potentially escalate privileges.
* Denial-of-service in BTRFS panic handling.
A failure to check for a NULL pointer in the BTRFS panic handler can
result in a NULL pointer dereference leading to a Kernel crash. A local
user with the ability to mount filesystems could use this flaw to cause
a Denial-of-service.
* Use-after-free in NVMe namespace lookup.
A race condition when looking up an NVMe namespace can result in a
use-after-free. A local user with access to an NVMe device could use
this flaw to cause a Kernel crash or potentially escalate privileges.
* Denial-of-service in RTL8188EU WiFi command creation.
A logic error when creating some types of 802.11 command packets can
result in sleeping in an atomic section which can leading a Kernel crash
as a result of an assertion failure. A local user could use this flaw to
cause a denial-of-service.
* Denial-of-service in Brocade BFA Fibre Channel debugfs interface.
A failure to validate input to the Brocade BFA Fibre Channel debugfs
interface can result in a out-of-bounds memory access leading to a
Kernel crash. A local user with access to the BFA debugfs interface
could use this flaw to cause a denial-of-service.
* Out-of-bounds memory access in UDF Volume Structure Descriptor reading.
An arithmetic error in the UDF driver can result in an integer overflow
leading to and out-of-bounds memory access. A local user could use this
flaw to cause a Kernel crash or other unspecified impact.
* Denial-of-service in UDP fragmentation timeout.
A logic error when fragmented UDP packets take too long to be
reassembled can result an incorrect ICMP host unreachable packet being
sent, leading to a connection reset. A local user could use this flaw to
disrupt UDP connections, resulting in a denial-of-service.
* Use-after-free in LightNVM garbage collection invocation.
A race condition in the LightNVM NVMe driver can cause the garbage
collector to access freed memory. A local user could use this flaw to
crash the Kernel or potentially escalate privileges.
* Information disclosure in ath9k debugfs interface.
A failure to validate information from userspace could result in an
out-of-bounds memory access leading to stack information disclosure. A
local user with access to debugfs could use this flaw to facilitate a
further attack.
* CVE-2017-16911: Information disclosure in USB over IP HCI status report.
A failure to correctly sanitize information reported by the Kernel about
USB over IP HCI device can result in a sensitive memory address being
disclosed to userspace. A local, unprivileged user could use this flaw
to facilitate a further attack.
* CVE-2017-16912, CVE-2017-16913: Denial-of-service in USBIP command validation.
A validation error when parsing information from an USB over IP packet
can result in an out-of-bounds memory access leading to a Kernel crash.
A remote USB over IP client could use this flaw to cause a
denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list