[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 ( FEDORA-2019-1d4a023c66)

[Oracle Ksplice]

Synopsis:  FEDORA-2019-1d4a023c66 can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update,  FEDORA-2019-1d4a023c66.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Integer overflow when setting socket timeout.

The setsockopt syscall can accept negative values for timeout,
potentially resulting in an integer overflow and undefined behavior.


* Data corruption when terminating VM attached to IOMMU.

When terminating a virtual machine using an IOMMU device, the device's
memory page entries are not properly marked as invalid, potentially
resulting in corruption.


* NULL-pointer dereference when accessing Infiniband RDMA memory.

Missing synchronization could allow a race condition when allocating
Infiniband RDMA memory that could result in a NULL-pointer dereference
and denial-of-service.


* Use-after-free when transmitting IP-over-Infiniband data.

When transmitting data via an IP-over-Infiniband connection, a race
condition between transmitting threads could result in a use-after-free,
potentially resulting in memory corruption or a denial-of-service.


* Privilege escalation when accessing iomap buffered write mapping.

When accessing a file on a filesystem that uses the kernel iomap
buffered write infrastructure, missing synchronization could lead to a
function callback pointing into freed memory, potentially allowing a
malicious user to escalate their privileges or cause a
denial-of-service.


* NULL-pointer dereference when mounting NFS filesystem with missing device name.

Mounting an NFS filesystem with a missing device name could result in a
the NULL device name pointer being dereferenced, resulting in a kernel
oops and denial-of-service.


* Denial-of-service when transmitting via QLogic ethernet device.

When transmitting data via a QLogic ethernet device, a race condition
could lead to accessing the underlying packet buffers after they were
freed, resulting in a potential kernel crash and denial-of-service.


* Information leak in QLogic ethernet driver.

During error condition when connecting a QLogic ethernet device, invalid
type conversions could result in out-of-bounds data on the stack being
written as error output.


* Integer underflow in sys_rt_sigqueueinfo syscall.

The sys_rt_sigqueueinfo syscall contains an integer underflow and
undefined behavior when called with a signal value of 0.


* Potential deadlock when running BPF socket program.

When transmitting socket data with a BPF program attached, the kernel
fails to disable preemption, potentially resulting in a system deadlock
and denial-of-service.


* Potential deadlock when adding or removing BPF trace program.

Flawed mutex ordering when adding or removing a BPF trace program could
result in a system deadlock and denial-of-service.


* Potential deadlock when setting up BPF syscall trace.

When setting up a BPF program to trace syscalls, a race condition might
occur between other BPF programs running, resulting in a system deadlock
and denial-of-service.


* Denial-of-service when __find_get_block_slow fails.

__find_get_block_slow can produce messages 100+ times a second in its
failure case. A malicious user could exploit this to waste system
resources, resulting in a soft denial-of-service.


* Use-after-free in sk_msg generic socket parsing infrastructure.

When detaching an sk_msg (BPF, kTLS) socket parser, the internal socket
structure is not marked as shutting down, potentially allowing for a
use-after-free and denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.