[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2019-196ab64d65)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Mar 19 10:54:49 PDT 2019 

Synopsis: FEDORA-2019-196ab64d65 can now be patched using Ksplice
CVEs: CVE-2019-8980 CVE-2019-9162 CVE-2019-9213

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-196ab64d65.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference in VMWare vsock destruction.

A failure to check for initialization failure when destroying a VMWare vsock
can result in a NULL pointer dereference, leading to a kernel crash.


* Use-after-free during Vxlan device dismantle.

A failure to correctly clear incoming packets from buffers when dismantling a
Vxlan device can result in a use-after-free.


* Kernel crash in STMMAC Energy Efficient Ethernet configuration.

A race condition when enabling Energy Efficient Ethernet in the STMMAC driver
can result in accessing an uninitialized timer, leading to a kernel crash.


* Kernel crash in IPv4 TCP unreachable destination error handling.

A race condition when processing a destination unreachable ICMP message in a
TCP stream can result in a NULL pointer dereference, leading to a kernel crash.


* Kernel crash in SCSI target transport allocation.

Mismatched memory allocation and free routines in the error handling of the
SCSI target session allocation can result in a kernel crash.


* Deadlock in lm80 fan divisor configuration.

A failure to unlock a mutex after an error when reading an lm80 fan divisor
register can result in a deadlock.


* CVE-2019-9162: Privilege escalation in SNMP NAT ASN.1 parsing.

Incorrect length checks in the ASN.1 decoder implementation for SNMP NAT can
result in an out-of-bounds read or write. A local user could use this flaw to
cause a kernel crash or potentially escalate privileges.


* Use-after-free during modular ISDN device close.

A race condition when removing timers during close of a modular ISDN device
could result in a use-after-free. A local user with the ability to configure a
modular ISDN device could use this flaw to cause a kernel crash or potentially
escalate privileges.


* CVE-2019-8980: Denial-of-service in kernel read file implementation.

A failure to free memory after a read error can result in a memory leak. A
local user could use this flaw to exhaust system memory, leading to a kernel
crash.


* Memory leak when inserting a new mesh path in mac80211 mesh networking.

A missing free when inserting a new mesh path in mac80211 mesh
networking fails could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* Denial-of-service when triggering OOM on a process with many alien threads.

A too verbose print when setting OOM on a process sharing memory with
thousands of alien threads could lead to a rcu stall. A local attacker
could use this flaw to cause a denial-of-service.


* Double-free when using RPC-over-RDMA transport driver.

A logic error when using RPC-over-RDMA transport driver could lead to a
double free. A local attacker could use this flaw to cause a
denial-of-service.


* Memory leak when updating Mellanox Ternary content-Addressable Memory.

A missing free when updating Mellanox Ternary content-Addressable Memory
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* Memory leak when adding a new element in Netfilter nf_tables.

A refcount error when adding a new element in Netfilter nf_tables fails
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* NULL pointer dereference when destroying queue pairs in Mellanox HCA driver.

A missing initialization of queue pairs could lead to a NULL pointer
dereference when destroying it later. A local attacker could use this
flaw to cause a denial-of-service.


* Double free when setting termios and modem status in Old ISDN4Linux driver.

A locking error when setting termios and modem status in Old ISDN4Linux
driver could lead to a double free. A local attacker could use this flaw
to cause a denial-of-service.


* NULL pointer dereference when validating inode on using Andrew File System.

A logic error when validating inode on using Andrew File System could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* Denial-of-service when running SCTP GSO over GRE over VLAN.

A logic error when running SCTP GSO over GRE over VLAN could lead to a
kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* Double-free when migrating stream queues in SCTP driver.

A logic error when migrating stream queues in SCTP driver could lead to
a double-free. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when using network Distributed Switch Architecture.

A missing check when using network Distributed Switch Architecture could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* NULL pointer dereference when using Generic Network Virtualization Encapsulation.

A missing check when looking up IPV6 rules whereas IPV6 is disabled
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* NULL pointer dereference when using SIT driver with IPV6 disabled.

A missing check when using SIT driver with IPV6 disabled could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* Memory leaks in Traffic-Control Index network driver.

Logic errors when using Traffic-Control Index network driver could lead
to multiple memory leaks. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* NULL pointer dereference when resetting InfiniBand SCSI RDMA devices.

A logic error when resetting InfiniBand SCSI RDMA devices could lead to
a NULL pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when a process request a key without subscribing to any keyring.

A missing initialization when a process request a key without
subscribing to any keyring could lead to a kernel assert. A local
attacker could use this flaw to cause a denial-of-service.


* Invalid memory access when sending an excessively large packet using Segmentation Offloads.

A missing check when sending an excessively large packet using
Segmentation Offloads could lead to an invalid memory access. A local
attacker could use this flaw to cause a denial-of-service.


* Use-after-free when deleting a target in Netfilter x_tables over nf_tables driver.

A logic error when deleting a target in Netfilter x_tables over
nf_tables driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* Information disclosure in ALSA SoC dynamic power management debugfs interface.

Incorrect string handling in the ALSA SoC dynamic power management debugfs
interface can result in the copy of uninitialised kernel memory to userspace.


* Kernel crash in Chelsio FCoE remote port registration.

A race condition between allocating a virtual node port and setting its state
can result in a NULL pointer dereference, leading to a kernel crash.


* Memory leak in CIFS access control query error handling.

A failure to free memory after a failed CIFS access control list query can
result in a memory leak.


* Denial-of-service in mac80211 Tunneled Direct Link Setup.

A race condition between associating a station with an Access Point and
initializing a Tunneled Direct Link Setup can result in a warning. A local user
with the ability to configure a mac80211 device could use this flaw to flood
the kernel message buffer, leading to a denial-of-service.


* CVE-2019-9213: Bypass of mmap_min_addr restriction.

An incorrect capability check in the mmap memory expansion implementation can
result in applications being able to bypass the minimum mmap address
restriction. A local user on a system without SMAP enabled could use this flaw
to exploit kernel NULL pointer dereferences.


* Use-after-free in asynchronous DRM framebuffer plane updates.

A logic error when performing asynchronous plane updates in the DRM driver can
result in a use-after-free.


* SMAP bypass during user memory copy.

A logic error when copying information to userspace can result in kernel code
executing without SMAP protection.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-28-Updates mailing list