[Ksplice-Fedora-27-updates] New Ksplice updates for Fedora 27 (FEDORA-2018-cf76003e1f)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Mar 22 06:20:37 PDT 2018 

Synopsis: FEDORA-2018-cf76003e1f can now be patched using Ksplice
CVEs: CVE-2018-7995 CVE-2018-8043

Systems running Fedora 27 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-cf76003e1f.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 27
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory leak in eBPF subsystem.

Logic errors in eBPF subsystem could lead to multiple memory leaks. A
local attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Denial-of-service when allocating percpu arrays in eBPF.

A scheduling error when allocating and freeing percpu arrays in eBPF
could lead to a stall. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when unloading LSI MPT Fusion SAS 3.0 driver.

A missing check when unloading LSI MPT Fusion SAS 3.0 driver could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.

A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-8043: NULL pointer dereference when registering Broadcom UniMAC MDIO bus controller.

A missing check when registering Broadcom UniMAC MDIO bus controller
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Improved fix for Spectre: Speculative execution in BPF compiled code.

A missing implementation of retpoline in the BPF Just in time compiler
could lead to speculative execution. A local attacker could use this
flaw to leak information about running system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-27-Updates mailing list