[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2018-bf60ec1389)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Mar 22 06:20:02 PDT 2018 

Synopsis: FEDORA-2018-bf60ec1389 can now be patched using Ksplice
CVEs: CVE-2018-1065 CVE-2018-5703 CVE-2018-5803 CVE-2018-7757 CVE-2018-7995 CVE-2018-8043

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-bf60ec1389.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference when receiving data over Intel(R) 10GbE PCI Express adapters.

A missing check when receiving data over Intel(R) 10GbE PCI Express
adapters could lead to a NULL pointer dereference. A remote attacker
could use this flaw to cause a denial-of-service.


* Buffer overflow while receiving data from Trusted Platform Module security chip.

A missing check when receiving data from TPM security chip could lead to
a buffer overflow. A local attacker could use this flaw to cause a
denial-of-service.


* Buffer overflow when using ALSA control interface from user space.

A logic error when reading an element using ALSA control interface could
lead to a buffer overflow. A local attacker could use this flaw to cause
a denial-of-service.


* Memory leak when requeuing I/O request using kyber scheduler.

A logic error when requeuing I/O request using kyber I/O scheduler could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.


* Data corruption when discarding blocks.

A logic error when discarding blocks on a block device could lead to
on-disk data corruption. A local attacker could use this flaw to corrupt
sensitive information.


* NULL pointer dereference when reading 'flush' sysfs field of network bridge.

A missing check when reading 'flush' sysfs field of network bridge could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* Use-after-free when decreasing number of network TX queues.

A race condition when decreasing number of network TX queues could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when using point-to-point protocol on unregistered channel.

A logic error when connecting unregistered channel to point-to-point
protocol could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.

A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.


* Memory leak of destination caches when using SCTP.

A logic error when handling destination caches using SCTP could lead to
a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* NULL pointer dereference when creating Mellanox Technologies Spectrum virtual routers.

A logic error when creating Mellanox Technologies Spectrum virtual
routers fails could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* Use-after-free when classifying network packets using a universal 32bit comparison.

A logic error when classifying network packets using a universal 32bit
comparison could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free when replacing a route using Mellanox Technologies Spectrum driver.

A logic error when replacing or deleting a route using Mellanox
Technologies Spectrum driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference when destroying L2TP tunnel.

A logic error when destroying a L2TP tunnel could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when closing a L2TP ppp session.

A logic error when closing a L2TP ppp session could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when registering Montage Technology M88DS3103 device.

A logic error when registering a Montage Technology M88DS3103 device
with an invalid chip ID could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when triggering System Management Interrupt in KVM.

A race condition when trying to enter System Management Mode in KVM
using System Management Interrupt could lead to kernel warning. A local
attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when overlapping different types of memory using KVM.

A logic error when overlapping a public memory slot with a private
memory slot in KVM could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service when interrupting unmapping of a KVM memory region.

A logic error when interrupting a process unmapping a special KVM
memslot with anonymous memory mapping could lead to a kernel warning. A
local attacker could use this flaw to spam kernel log.


* CVE-2018-1065: Invalid memory access when setting custom netfilter rules.

A missing check when a user set a custom netfilter rule could make
netfilter subsystem jump to an invalid memory address. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.

A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2018-5703: Denial-of-service when using TLS with IVP6 socket.

A logic error when using TLS with IVP6 socket could lead to invalid
memory accesses. A local attacker could use this flaw to cause a
denial-of-service.


* Memory leak in eBPF subsystem.

Logic errors in eBPF subsystem could lead to multiple memory leaks. A
local attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Denial-of-service when allocating percpu arrays in eBPF.

A scheduling error when allocating and freeing percpu arrays in eBPF
could lead to a stall. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when unloading LSI MPT Fusion SAS 3.0 driver.

A missing check when unloading LSI MPT Fusion SAS 3.0 driver could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.

A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-8043: NULL pointer dereference when registering Broadcom UniMAC MDIO bus controller.

A missing check when registering Broadcom UniMAC MDIO bus controller
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Improved fix for Spectre: Speculative execution in BPF compiled code.

A missing implementation of retpoline in the BPF Just in time compiler
could lead to speculative execution. A local attacker could use this
flaw to leak information about running system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-26-Updates mailing list