[Ksplice-Fedora-27-updates] New Ksplice updates for Fedora 27 (FEDORA-2018-2bce10900e)

Thu Mar 22 00:59:54 PDT 2018

Synopsis: FEDORA-2018-2bce10900e can now be patched using Ksplice
CVEs: CVE-2018-1065 CVE-2018-5703 CVE-2018-5803 CVE-2018-7757

Systems running Fedora 27 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-2bce10900e.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 27
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* NULL pointer dereference when receiving data over Intel(R) 10GbE PCI Express adapters.

A missing check when receiving data over Intel(R) 10GbE PCI Express
adapters could lead to a NULL pointer dereference. A remote attacker
could use this flaw to cause a denial-of-service.

* Buffer overflow while receiving data from Trusted Platform Module security chip.

A missing check when receiving data from TPM security chip could lead to
a buffer overflow. A local attacker could use this flaw to cause a
denial-of-service.

* Buffer overflow when using ALSA control interface from user space.

A logic error when reading an element using ALSA control interface could
lead to a buffer overflow. A local attacker could use this flaw to cause
a denial-of-service.

* Memory leak when requeuing I/O request using kyber scheduler.

A logic error when requeuing I/O request using kyber I/O scheduler could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.

* Data corruption when discarding blocks.

A logic error when discarding blocks on a block device could lead to
on-disk data corruption. A local attacker could use this flaw to corrupt
sensitive information.

* NULL pointer dereference when reading 'flush' sysfs field of network bridge.

A missing check when reading 'flush' sysfs field of network bridge could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.

* Use-after-free when decreasing number of network TX queues.

A race condition when decreasing number of network TX queues could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.

* Use-after-free when using point-to-point protocol on unregistered channel.

A logic error when connecting unregistered channel to point-to-point
protocol could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.

A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.

* Memory leak of destination caches when using SCTP.

A logic error when handling destination caches using SCTP could lead to
a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.

* NULL pointer dereference when creating Mellanox Technologies Spectrum virtual routers.

A logic error when creating Mellanox Technologies Spectrum virtual
routers fails could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.

* Use-after-free when classifying network packets using a universal 32bit comparison.

A logic error when classifying network packets using a universal 32bit
comparison could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.

* Use-after-free when replacing a route using Mellanox Technologies Spectrum driver.

A logic error when replacing or deleting a route using Mellanox
Technologies Spectrum driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.

* NULL pointer dereference when destroying L2TP tunnel.

A logic error when destroying a L2TP tunnel could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.

* Use-after-free when closing a L2TP ppp session.

A logic error when closing a L2TP ppp session could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.

* NULL pointer dereference when registering Montage Technology M88DS3103 device.

A logic error when registering a Montage Technology M88DS3103 device
with an invalid chip ID could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.

* Denial-of-service when triggering System Management Interrupt in KVM.

A race condition when trying to enter System Management Mode in KVM
using System Management Interrupt could lead to kernel warning. A local
attacker could use this flaw to cause a denial-of-service.

* Denial-of-service when overlapping different types of memory using KVM.

A logic error when overlapping a public memory slot with a private
memory slot in KVM could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.

* Denial-of-service when interrupting unmapping of a KVM memory region.

A logic error when interrupting a process unmapping a special KVM
memslot with anonymous memory mapping could lead to a kernel warning. A
local attacker could use this flaw to spam kernel log.

* CVE-2018-1065: Invalid memory access when setting custom netfilter rules.

A missing check when a user set a custom netfilter rule could make
netfilter subsystem jump to an invalid memory address. A local attacker
could use this flaw to cause a denial-of-service.

* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.

A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.

* CVE-2018-5703: Denial-of-service when using TLS with IVP6 socket.

A logic error when using TLS with IVP6 socket could lead to invalid
memory accesses. A local attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.