[Ksplice-Fedora-27-updates] New Ksplice updates for Fedora 27 (FEDORA-2018-e71875c4aa)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed May 2 23:47:12 PDT 2018 

Synopsis: FEDORA-2018-e71875c4aa can now be patched using Ksplice
CVEs: CVE-2018-1092 CVE-2018-1094 CVE-2018-1095 CVE-2018-1108

Systems running Fedora 27 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-e71875c4aa.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 27
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when initializing ReseirFs journal.

A format string error in one of the warning print during ReseirFs
journal initialization could lead to a kernel panic. A local attacker
could use this flaw to cause a denial-of-service.


* NULL pointer dereference when remapping shm file.

A logic error when remapping shm file could lead to a NULL-pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when unregistering remote controllers.

A logic error when unregistering remote controllers could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Memory leak when opening a file on SMB2 CIFS filesystem.

A wrong error handling logic when opening a file on SMB2 CIFS filesystem
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* Deadlock when reconnecting a CIFS share.

A logic error when reconnecting a CIFS share could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds access when using HID devices.

A variable type error when using HID devices could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when using Thunderbolt with failing firmware.

A missing check when using Thunderbolt while firmware is failing could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2018-1095: NULL pointer dereference when writing xattr on ext4 filesystem.

An incorrect return type of a function when writing xattr on ext4
filesystem could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2018-1092: NULL pointer dereference when using unallocated root directory on ext4 filesystem.

A missing check when using unallocated root directory on ext4 filesystem
could lead to a NULL pointer dereference. A local attacker could mount a
crafted ext4 filesystem and cause a denial-of-service.


* CVE-2018-1094: NULL pointer dereference when filling extended attributes on ext4 filesystem.

A missing initialization of crypto driver used to fill extended
attributes on ext4 filesystem could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when mounting a corrupted ext4 filesystem.

A missing check when mounting a corrupted ext4 filesystem where metadata
blocks override super block could lead to a memory corruption. A local
attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds access when using seekdir on ext4 filesystem.

A logic error when using seekdir on ext4 filesystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when setting RDMA option on an invalid device.

A missing check when user try to set RDMA option on a non-existing
device could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* NULL pointer dereference on allocation failure in Mellanox Connect-IB HCA driver.

A missing check after an allocation failure in Mellanox Connect-IB HCA
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* Out-of-bounds access when initializing TX transfer in Software RDMA over Ethernet (RoCE) driver.

A logic error when initializing TX transfer in Software RDMA over
Ethernet (RoCE) driver could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds access when draining send-queue in RDMA core driver.

A missing check when draining send-queue in RDMA core driver could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.


* Use-after-free when releasing Audio PCM.

A logic error when releasing Audio PCM could lead to a use-after-free. A
local attacker could use this flaw to cause a denial-of-service.


* Out-of-bounds access in InfiniBand SCSI RDMA Protocol driver.

A logic error when sending data over InfiniBand SCSI RDMA Protocol
device could lead to an out-of-bounds access. A local attacker could use
this flaw to cause a denial-of-service.


* NULL pointer dereference when using Non-Volatile Memory Device driver.

A missing check when using Non-Volatile Memory Device driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service when loading/unloading mmc module multiple times.

A missing free of resources when unloading mmc module could lead to a
kernel warning on next load. A local attacker could use this flaw to
flood the kernel log and facilitate an attack.


* NULL pointer dereference when using AMDGPU Southern Islands cards.

Missing callbacks when using AMDGPU Southern Islands cards could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* NULL pointer deference when using compat ioctls of ALSA rawmidi driver.

A missing check on user input when using compat ioctls of ALSA rawmidi
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-1108: Information leak when relying on kernel random generator for cryptographic use.

Cryptographic drivers may use kernel random generator which doesn't have
enough entropy to generate true random data after boot. A local attacker
could use this flaw to decrypt sensitive data and leak information.


* NULL pointer dereference when removing HID raw devices.

A missing check when removing HID raw devices while calling get_report
ioctl could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* NULL pointer dereference when using pagecache.

A logic error when handling page in the pagecache could lead to a NULL
pointer deference. A local attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-27-Updates mailing list