[Ksplice-Fedora-30-updates] New Ksplice updates for Fedora 30 (FEDORA-2019-a389ed905b)

Fri Nov 15 13:12:40 PST 2019

Synopsis: FEDORA-2019-a389ed905b can now be patched using Ksplice

Systems running Fedora 30 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-a389ed905b.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 30
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Race condition when failing to initialize xHCI device causes deadlock.

If any xHCI USB device fails during its initialization process, a race
condition could result in a circular lock dependency on the bandwidth
mutex, resulting in a deadlock. A malicious device might exploit this
flaw to create a denial-of-service.

* NULL-pointer dereference when enumerating halted xHCI device.

Missing validation of device data structures could result in a
NULL-pointer dereference if a halted xHCI control endpoint was iterated
over by an enumeration of system devices. This flaw might be exploited
by a malicious device to cause a denial-of-service.

* Use-after-free when disconnecting Code Mercenaries IO-Warrior USB device.

Misplaced synchronization in the disconnect path for a Code Mercenaries
IO-Warrior USB device interface could result in a use-after-free between
the release() and disconnect() code paths. A malicious device might
exploit this to create a denial-of-service or cause memory corruption.

* Use-after-free when disconnecting Ontrak ADU device due to race condition.

When disconnecting an Ontrak Control Systems ADU family USB relay
device, a race condition between the device disconnection and release
callback could result in a use-after-free, potentially causing memory
corruption or a denial-of-service.

* NULL-pointer dereference when connecting or writing to KeySpan device.

When connecting or writing to a KeySpan USB-to-serial device, unexpected
error conditions would result in partially initialized structure being
returned from the device code, resulting in a NULL-pointer dereference.
A malicious device might exploit this flaw to cause a denial-of-service.

* Information leak when connecting Microtek USB Scanner.

When connecting a Microtek Scanmaker USB Scanner device, unexpected
errors during setup could result in uninitialized stack data being
printed to the system log. A malicious attacker might exploit this flaw
to gain information about the running system.

* Information leak when connecting LEGO Mindstorms USB tower.

When connecting a LEGO Mindstorms infrared communications tower, an
unexpected error condition could result in uninitialized heap memory
being printed to the system log. A malicious attacker might exploit this
flaw to gain information about the running system.

* Memory leak when registering VIA Technologies VT6655 driver fails.

A missing free of resources when registering VIA Technologies VT6655
driver fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.