[Ksplice][Ubuntu-16.04-Updates] New updates available via Ksplice (4.4.0-34.53)

Mon Aug 8 18:31:58 PDT 2016

Synopsis: 4.4.0-34.53 can now be patched using Ksplice
CVEs: CVE-2016-4470 CVE-2016-5243

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.4.0-34.53.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 16.04 Xenial
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Use after free in netlink dump interface.

Incorrect locking in the generic netlink interface can cause a use after
free and kernel panic when attempting to dump multiple interfaces
concurrently.

* Memory leak when malformed UDP packets are tunneled.

A logic error when handling malformed UDP packets in a tunnel can
trigger a kernel memory leak and eventual kernel panic.

* Deadlock when configuring ethernet team interfaces.

The team network driver incorrectly locks data-structures when changing
configuration data which can trigger a deadlock and kernel panic.

* Kernel panic when creating UDP L2TP socket.

A logic error when creating a L2TP socket for UDP data can cause the
kernel to use an uninitialized pointer which triggers a kernel panic.

* Kernel panic when setting KVM emulated debug registers.

The KVM subsystem does not validate the value of emulated debug
registers which can trigger a kernel panic when resuming a guest. A
privileged guest can use this flaw to crash the host.

* Kernel panic in KVM emulated IRQ chip.

A privileged guest can trigger a NULL pointer dereference and kernel
panic in the host when a non-existent IRQ route is modified.

* Incorrect AES XTS encryption in AMD crypto-coprocessor.

A logic error when offloading AES XTS operations to an AMD crypto-
coprocessors can cause incorrect results when attempting to encrypt
large amounts of data.

* Kernel panic when destroying cgroup.

The kernel cgroup subsystem does not hold the correct locks when
destroying a cgroup which can lead to a kernel panic.

* Kernel panic when failing to create a Unix98 PTY.

A NULL pointer dereference and kernel panic is triggered when a Unix98
pseudo-terminal cannot be allocated because of memory pressure. A local
user could use this flaw to cause a denial of service.

* Use after free in network emulator packet dequeuing.

A reference counting error when the network emulator dequeues a packet
can trigger a use after free and kernel panic.

* Use after free when removing a BPF perf event.

A logic error when removing a perf event with associated BPF program can
trigger a use after free and kernel panic.

* Use-after-free when transmitting MultiProtocol Label Switching packets.

Incorrect RCU locking when transmitting MultiProtocol Label Switching
packets to a neighbor can trigger a use-after-free and kernel panic if the
transmission is preempted by a softirq.

* Kernel panic in crypto GETALG user interface.

A logic error when parsing GETALG netlink messages to the userspace
cryptographic subsystem can trigger an out-of-bounds read and kernel
panic.

* Memory leak in Moschip adapter USB device removal.

A logic error when a device is removed from a Moschip USB device is
removed can trigger a kernel memory leak and subsequent kernel panic.

* Deadlock in USB gadget userspace filesystem interface.

Incorrect locking in the USB gadget filesystem interface can trigger a
deadlock and kernel panic when queuing a request to a device.

* CVE-2016-4470: Denial-of-service in the keyring subsystem.

Failure to check that a key was properly added to a keyring before removing
it could lead to a kernel crash.  A local, unprivileged user could use this
flaw to cause a denial-of-service.

* CVE-2016-5243: Kernel information leak in TIPC compatibility dump ioctl.

The kernel TIPC driver does not correctly initialize kernel memory which
is copied to userspace leading to the contents of kernel memory being
leaked to userspace.

* Kernel panic when connecting HDMI/DisplayPort audio device.

A race condition when initializing an HDMI/DisplayPort audio device can
cause uninitialised kernel memory to be used which can trigger a kernel
panic.

* Use after free in Hyper-V RNDIS network filtering.

A race condition when adding RNDIS filter to a Hyper-V network interface
can trigger a use after free condition and kernel panic.

* Use after free when changing MTU on Hyper-V network device.

A logic error when changing the MTU on a Hyper-B network device can
trigger a use after free and kernel panic

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.