[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (4.4.0-146.172)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Jun 3 02:31:38 PDT 2019 

Synopsis: 4.4.0-146.172 can now be patched using Ksplice

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.4.0-146.172.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Double free when setting termios and modem status in Old ISDN4Linux driver.

A locking error when setting termios and modem status in Old ISDN4Linux
driver could lead to a double free. A local attacker could use this flaw
to cause a denial-of-service.


* NULL pointer dereference when resetting InfiniBand SCSI RDMA devices.

A logic error when resetting InfiniBand SCSI RDMA devices could lead to
a NULL pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when a process request a key without subscribing to any keyring.

A missing initialization when a process request a key without
subscribing to any keyring could lead to a kernel assert. A local
attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference when using SIT driver with IPV6 disabled.

A missing check when using SIT driver with IPV6 disabled could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* Information disclosure in ALSA SoC dynamic power management debugfs interface.

Incorrect string handling in the ALSA SoC dynamic power management debugfs
interface can result in the copy of uninitialised kernel memory to userspace.


* Kernel crash in Chelsio FCoE remote port registration.

A race condition between allocating a virtual node port and setting its state
can result in a NULL pointer dereference, leading to a kernel crash.


* Denial-of-service in mac80211 Tunneled Direct Link Setup.

A race condition between associating a station with an Access Point and
initializing a Tunneled Direct Link Setup can result in a warning. A local user
with the ability to configure a mac80211 device could use this flaw to flood
the kernel message buffer, leading to a denial-of-service.


* SMAP bypass during user memory copy.

A logic error when copying information to userspace can result in kernel code
executing without SMAP protection.


* Memory leak when registering a kobject associated to a net device.

A missing free of resources when registering a kobject for a net device
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* Memory leak when unregistering an Ethernet team driver.

A missing free of a BPF filter when unregistering an Ethernet team
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* NULL pointer dereference when registering an NFC device.

A missing check when registering an NFC device could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Out-of-bounds memory accesses when using netlabel subsystem.

Logic errors when using netlabel subsystem could lead to out-of-bounds
memory accesses. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when adding a multicast forwarding entry in IPV6.

A logic error when adding a multicast forwarding entry in IPV6 could
lead to a deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* Integer overflow when setting socket timeout while IP virtual server is enabled.

The setsockopt syscall can accept negative values for timeout,
potentially resulting in an integer overflow and undefined behavior
while IP virtual server is enabled.


* Data corruption when terminating VM attached to IOMMU.

When terminating a virtual machine using an IOMMU device, the device's
memory page entries are not properly marked as invalid, potentially
resulting in corruption.


* NULL-pointer dereference when mounting NFS filesystem with missing device name.

Mounting an NFS filesystem with a missing device name could result in
the NULL device name pointer being dereferenced, resulting in a kernel
oops and denial-of-service.


* Memory leak when creating client in Plan 9 Resource Sharing Support driver.

A wrong error handling when creating client in Plan 9 Resource Sharing
Support driver could lead to a memory leak. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free when opening trace_pipe in trace filesystem.

A logic error in error path when opening trace_pipe in trace filesystem
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* Deadlock when releasing commands in Linux-iSCSI.org iSCSI Target Mode Stack driver.

A locking error when releasing commands in Linux-iSCSI.org iSCSI Target
Mode Stack driver could lead to a deadlock. A local attacker could use
this flaw to cause a denial-of-service.


* Divide by zero error when mounting a corrupted BTRFS image.

A logic error when mounting a corrupted BTRFS image could lead to a
divide by zero error. A local attacker could use this flaw with a
crafted BTRFS image to cause a denial-of-service.


* Denial-of-service during online resizing with EXT4 filesystems.

A missing check during online resizing with EXT4 filesystems could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* Invalid memory access when mapping vmalloc pages to userspace.

A logic error when mapping vmalloc pages to userspace while guard page
is enabled could lead to an invalid memory access. A local attacker
could use this flaw to cause a denial-of-service.


* Memory corruption during NFSv3 readdir request.

A logic error during NFSv3 readdir request could lead to a memory
corruption or an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* Out-of-bounds access when getting netfilter tables entries.

A missing null termination of strings when getting netfilter tables
entries could lead to an out-of-bounds access. A local attacker could
use this flaw to cause a denial-of-service.


* Memory leak when failing to add NFS requests to the I/O queue.

Missing free of resources when failing to add NFS requests to the I/O
queue could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* Improved fix for Spectre v1: Bounds-check bypass when using Applicom intelligent fieldbus card.

An array access when using Applicom intelligent fieldbus card driver
could lead to userspace controlled arbitrary out-of-bounds speculation.
This could serve as a side-channel leaking privileged memory into
userspace.


* NULL pointer dereference when allocating a Netfilter NFACCT over NFNETLINK interface.

A missing check when allocating a Netfilter NFACCT over NFNETLINK
interface could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* Out-of-bounds access when parsing TCP options in netfilter TCP connection tracking driver.

A missing check when parsing TCP options in netfilter TCP connection
tracking driver could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.


* Information leak when checking keys through /proc/keys.

An invalid check on current credentials when checking /proc/keys could
let an user list all the keys of the system. A local attacker could use
this flaw to facilitate an attack.


* Undefined behavior when using IPv6 Rapid Deployment.

A missing check when using IPv6 Rapid Deployment could lead to an
undefined behavior. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when handling device status changes in X.25 Packet Layer.

A logic error when handling device status changes in X.25 Packet Layer
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service when binding sockets in X.25 Packet Layer driver.

A logic error when binding sockets in X.25 Packet Layer driver could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-service.


* Memory leak when destructing PPP over IPv4 socket.

A reference count issue when destructing PPP over IPv4 socket could lead
to a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* Resource leak when deleting FIB nexthop exception.

When removing an entry from the FIB nexthop exception table, a race
condition might cause the destination device structure to become leaked,
potentially resulting in system instability or a denial-of-service.


* Permissions bypass setting mode on ipvlan slave devices.

The CAP_NET_ADMIN permission is not properly enforced for some on ipvlan
slave devices, potentially allowing a malicious user to change device
mode for other devices in the same ipvlan group.


* Denial-of-service when deleting VXLAN device.

If a packet is received on a VXLAN device while it is being deleted, a
race condition might cause an invalid pointer dereference, resulting in
a kernel crash and denial-of-service.


* Denial-of-service when using High-availability Seamless Redundancy driver.

A wrong usage of kernel timers when using High-availability Seamless
Redundancy driver could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service when using System Trace Module driver.

Multiple errors when using System Trace Module driver could lead to a
divide by zero or deadlock. A local attacker could use this flaw to
cause a denial-of-service.


* NULL pointer dereference when using Intel(R) Trace Hub controller.

A logic error when using Intel(R) Trace Hub controller could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-16.04-updates mailing list