[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2018-bf60ec1389)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Mar 22 06:20:02 PDT 2018
Synopsis: FEDORA-2018-bf60ec1389 can now be patched using Ksplice
CVEs: CVE-2018-1065 CVE-2018-5703 CVE-2018-5803 CVE-2018-7757 CVE-2018-7995 CVE-2018-8043
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-bf60ec1389.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference when receiving data over Intel(R) 10GbE PCI Express adapters.
A missing check when receiving data over Intel(R) 10GbE PCI Express
adapters could lead to a NULL pointer dereference. A remote attacker
could use this flaw to cause a denial-of-service.
* Buffer overflow while receiving data from Trusted Platform Module security chip.
A missing check when receiving data from TPM security chip could lead to
a buffer overflow. A local attacker could use this flaw to cause a
denial-of-service.
* Buffer overflow when using ALSA control interface from user space.
A logic error when reading an element using ALSA control interface could
lead to a buffer overflow. A local attacker could use this flaw to cause
a denial-of-service.
* Memory leak when requeuing I/O request using kyber scheduler.
A logic error when requeuing I/O request using kyber I/O scheduler could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.
* Data corruption when discarding blocks.
A logic error when discarding blocks on a block device could lead to
on-disk data corruption. A local attacker could use this flaw to corrupt
sensitive information.
* NULL pointer dereference when reading 'flush' sysfs field of network bridge.
A missing check when reading 'flush' sysfs field of network bridge could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.
* Use-after-free when decreasing number of network TX queues.
A race condition when decreasing number of network TX queues could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free when using point-to-point protocol on unregistered channel.
A logic error when connecting unregistered channel to point-to-point
protocol could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.
A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.
* Memory leak of destination caches when using SCTP.
A logic error when handling destination caches using SCTP could lead to
a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.
* NULL pointer dereference when creating Mellanox Technologies Spectrum virtual routers.
A logic error when creating Mellanox Technologies Spectrum virtual
routers fails could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.
* Use-after-free when classifying network packets using a universal 32bit comparison.
A logic error when classifying network packets using a universal 32bit
comparison could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.
* Use-after-free when replacing a route using Mellanox Technologies Spectrum driver.
A logic error when replacing or deleting a route using Mellanox
Technologies Spectrum driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when destroying L2TP tunnel.
A logic error when destroying a L2TP tunnel could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free when closing a L2TP ppp session.
A logic error when closing a L2TP ppp session could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when registering Montage Technology M88DS3103 device.
A logic error when registering a Montage Technology M88DS3103 device
with an invalid chip ID could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.
* Denial-of-service when triggering System Management Interrupt in KVM.
A race condition when trying to enter System Management Mode in KVM
using System Management Interrupt could lead to kernel warning. A local
attacker could use this flaw to cause a denial-of-service.
* Denial-of-service when overlapping different types of memory using KVM.
A logic error when overlapping a public memory slot with a private
memory slot in KVM could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.
* Denial-of-service when interrupting unmapping of a KVM memory region.
A logic error when interrupting a process unmapping a special KVM
memslot with anonymous memory mapping could lead to a kernel warning. A
local attacker could use this flaw to spam kernel log.
* CVE-2018-1065: Invalid memory access when setting custom netfilter rules.
A missing check when a user set a custom netfilter rule could make
netfilter subsystem jump to an invalid memory address. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.
A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.
* CVE-2018-5703: Denial-of-service when using TLS with IVP6 socket.
A logic error when using TLS with IVP6 socket could lead to invalid
memory accesses. A local attacker could use this flaw to cause a
denial-of-service.
* Memory leak in eBPF subsystem.
Logic errors in eBPF subsystem could lead to multiple memory leaks. A
local attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.
* Denial-of-service when allocating percpu arrays in eBPF.
A scheduling error when allocating and freeing percpu arrays in eBPF
could lead to a stall. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free when unloading LSI MPT Fusion SAS 3.0 driver.
A missing check when unloading LSI MPT Fusion SAS 3.0 driver could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.
A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2018-8043: NULL pointer dereference when registering Broadcom UniMAC MDIO bus controller.
A missing check when registering Broadcom UniMAC MDIO bus controller
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Improved fix for Spectre: Speculative execution in BPF compiled code.
A missing implementation of retpoline in the BPF Just in time compiler
could lead to speculative execution. A local attacker could use this
flaw to leak information about running system.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list