[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4095-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Oct 4 10:30:17 PDT 2019
Synopsis: USN-4095-1 can now be patched using Ksplice
CVEs: CVE-2019-10126 CVE-2019-1125 CVE-2019-11599 CVE-2019-13272 CVE-2019-15807 CVE-2019-3846
Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4095-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-3846: Heap overflow when parsing BSS descriptor in Marvell WiFi-Ex driver.
A missing check on user input when parsing BSS descriptor in Marvell
WiFi-Ex driver could let a local attacker cause a heap overflow and a
denial-of-service.
* CVE-2019-10126: Heap overflow when parsing IEs in Marvell WiFi-Ex driver.
A missing check when parsing IEs in Marvell WiFi-Ex driver could lead to
a heap overflow. A local attacker could use this flaw to cause a
denial-of-service.
* Data corruption on power failure during FAT filesystem writeback.
A missing flush after a write operation on a FAT filesystem could lead
to data corruption or loss of data.
* Deadlock when using POSIX Message Queues on large memory SMP systems.
A logic error when using POSIX Message Queues on large memory SMP
systems could lead to a deadlock. A local attacker could use this flaw
to cause a denial-of-service.
* Denial-of-service when using F2FS filesystem with a crafted filesystem.
A logic error when using a specially crafted F2FS filesystem could lead
to multiple kernel asserts. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when receiving IRQ while registering Intel HD Audio driver.
A logic error when registering Intel HD Audio driver while receiving an
interrupt could lead to a NULL pointer dereference.
* Deadlock in NFS server driver when unlinking a file twice.
A logic error when unlinking a file twice in NFS server could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when using ChromeOS EC communication protocol helpers.
A missing check when using ChromeOS EC communication protocol helpers
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Information leak in MediaTek SoC during cipher initialization.
A failure to properly handle an error condition could lead to a kernel
message being printed using uninitialized data, potentially leaking kernel
memory contents.
* NULL pointer dereference in FrameBuffer card detection on multiple devices.
A failure to deal with an ioremap failure in the Hercules and IMS Twin
Turbo graphics drivers could lead to a NULL pointer dereference. This could
be used for a denial-of-service.
* NULL pointer dereference in PCIe Xilinx host device during MSI enable.
A failure to properly deal with an error condition in the PCIe Xilinx
driver could lead to a NULL pointer dereference, leading to possible memory
corruption or a kernel panic. This could be exploited for a
denial-of-service.
* Deadlock when unregistering a PWM device.
A logic error when removing a PWM device could lead to a deadlock.
A local attacker could use this flaw to cause a denial-of-service.
* Memory leak in error path in LRU infrastructure.
A missing free of resources in error path when using LRU infrastructure
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.
* Use-after-free in dentry cache handling code of OCFS2 driver.
A race condition in dentry cache handling code of OCFS2 driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Information leak in ptrace when reading signal information from a process.
A missing initialization of on-stack data when reading signal
information from a process could lead to an information leak. A local
attacker could use this flaw to leak information about running kernel
and facilitate an attack.
* Information leak when changing credentials of a process while another one try to ptrace it.
A race condition could let a process ptrace another one it is not
allowed to if this other process is changing its credentials. A local
attacker could use this flaw to leak information about running process
and facilitate an attack.
* Stack corruption when inserting a key in Block device as cache driver.
A logic error when using Block device as cache driver could lead to
using corrupted stack data. A local attacker could use this flaw to
cause a denial-of-service.
* Deadlock when a dying task tries to get a cgroup_subsys_state object.
A logic error when a dying task tries to get a cgroup_subsys_state object
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.
* Undefined behavior when handling unsolicited event notification in QLogic FCoE offload driver.
A logic error when handling unsolicited event notification in QLogic
FCoE offload driver could lead to undefined behavior.
* Out-of-bounds access in DRM driver for VMware Virtual GPU when setting shader.
A missing check when setting shader in DRM driver for VMware Virtual GPU
could lead to an out-of-bounds access. A local attacker could use this
flaw to cause a denial-of-service.
* NULL pointer dereference when setting a view in DRM driver for VMware Virtual GPU.
A missing check when setting a view in DRM driver for VMware Virtual GPU
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Deadlock when connecting Amateur Radio AX.25 Level 2 protocol socket.
A locking error when connecting Amateur Radio AX.25 Level 2 protocol
socket could lead to a deadlock. A local attacker could use this flaw to
cause a denial-of-service.
* Use-after-free in IPV6 flowlabel socket lookup.
A refcount issue in IPV6 flowlabel socket lookup could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service in LAPB Data Link driver during unregister.
A logic error in the lapb driver could lead to a memory leak while
unregistering a device. This could be used to cause a denial-of-service.
* Buffer overflow when getting device name in Modular ISDN driver.
A missing check on user input when getting device name in Modular ISDN
driver could lead to a buffer overflow. A local attacker could use this
flaw to cause a denial-of-service.
* Memory leak when using combined read/write transfer with an I2C device.
A missing free of resources when using combined read/write transfer with
an I2C device could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.
* Use-after-free when registering a configfs group.
A wrong error path when registering a configfs group could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when checking routes in Chelsio iSCSI driver.
A missing check when checking routes in Chelsio iSCSI driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2019-15807: Denial-of-service when discovering expander in SAS Domain fails.
A logic error when discovering expander in SAS Domain Transport
Attributes fails could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.
* Use-after-free in the VMWare para virtualized SCSI when locking a queue.
A race condition in the VMWare para virtualized SCSI driver when locking a
queue could lead to a use-after-free. A local user with the ability to
cause events in this driver could use this flaw to get read or write
primitives, facilitating an attack.
* Out-of-bounds access when unpacking apparmor policy.
A missing check on user input when unpacking apparmor policy could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* Memory leak when registering a parallel port fails.
A missing free of resources when registering a parallel port fails could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.
* Invalid memory access in Btrfs during readahead and device removal.
A race condition in the btrfs driver could lead to an invalid memory access
and possibly memory corruption or kernel panic. This could be exploited for
a denial-of-service.
* Memory leak when creating a new wiphy in cfg80211 driver.
A missing free of resources when creating a new wiphy for use with
cfg80211 driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.
* Information leak in 9p ACL access.
A failure to properly initialize data structures in the 9p acl code could leak
stack data during an acl access request.
* Denial-of-service in 9p directory entry read.
A failure to check bounds on a string could lead to a buffer overflow, possibly
leading to memory corruption or a kernel panic. This could be exploited for a
denial-of-service.
* Properly allow guests to use the Speculative Store Bypass Disable hardware mitigation.
A logic error when calculating the CPU features that the guest is allowed
to use prevented guests to use the Speculative Store Bypass Disable
hardware mitigation when the host had it disabled.
* Memory leak in the SCTP protocol when initializing an endpoint.
Incorrect ordering when initializing the fields of an SCTP endpoint could
lead to a memory leak on error. A local attacker could use this flaw to
cause a denial-of-service through memory starvation.
* Denial-of-service in the TIPC protocol netlink compat interface.
Type confusion in the TIPC protocol netlink compat interface could lead to
read uninitialized memory and potentially lead to an information leak. A
local attacker could use this flaw to gain information about a running
kernel further facilitating an attack.
* NULL pointer dereference in SPI device addition.
A failure to properly handle an error condition in the spi code could lead
to a NULL pointer dereference and possible memory corruption or kernel panic.
* Denial-of-service in USB FUSB300C device removal.
A failure to properly remove all elements during removal of the fusb300
device could leak memory. This could be used for a denial-of-service attack
via memory exhaustion.
* CVE-2019-13272: Privilege escalation via ptrace relationship tracking.
A logic error when recording the ptrace relationship between a privileged
parent and unprivileged child process can result in the ptrace relationship
being incorrectly recorded as privileged. A local user could use this flaw to
escalate privileges or cause a denial-of-service.
* Race condition in crypto initialization causes denial-of-service.
A race condition when running crypto algorithm tests can result in the
test algorithm being inappropriately freed, resulting in a kernel crash
and denial-of-service.
* Denial-of-service via invalid TSC values in KVM.
By setting Timestamp Counter-Scaling settings to invalid values, a
malicious user might be able to cause a denial-of-service by flooding
the system logs with kernel warnings of the form:
"user requested TSC rate below hardware speed"
and
"Invalid TSC scaling ratio".
* CVE-2019-1125: Information leak in kernel entry code when swapping GS.
A local attacker could speculatively access percpu data using a user
defined GS and leak information about running kernel to facilitate an
attack.
* CVE-2019-11599: Information leak in the coredump implementation.
A locking error in the coredump implementation could let an attacker
leak sensitive information or cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-16.04-updates
mailing list