[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4163-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Oct 24 01:58:58 PDT 2019 

Synopsis: USN-4163-1 can now be patched using Ksplice
CVEs: CVE-2017-18232 CVE-2018-21008 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-15117 CVE-2019-15118 CVE-2019-15505 CVE-2019-15902

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4163-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel crash in MEGARAID SAS firmware crashdump loading.

Missing bounds checks when loading firmware crashdump could result in an
out-of-bounds access and kernel panic.


* Note: Oracle will not provide a zero-downtime update for CVE-2017-18232.




* CVE-2019-15118: Stack overflow when checking input source type in ALSA USB driver.

A logic error when checking input source type in ALSA USB driver could
lead to a stack overflow. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2019-15117: Out-of-bounds access when parsing USB descriptor in ALSA USB driver.

A missing check when parsing USB descriptor in ALSA USB driver could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.


* Use-after-free in sound sequencer driver when deleting pools.

A missing locking when deleting pools in sound sequencer driver from
user space could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free when disconnecting USB Wireless device.

A race condition when disconnecting USB Wireless device while transfers
are on-going could lead to a use-after-free. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* Memory leak when adding a station in mac80211 stack fails.

A logic error when adding a station in mac80211 stack fails could lead
to a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* CVE-2019-15902: Bounds-check bypass in sys_ptrace().

An error when backporting original Spectre v1 fix for ptrace in stable
kernels makes it vulnerable to Spectre v1. A local attacker could
exploit this flaw to gain information about the running system.


* Memory leak when creating resources in Mellanox ConnectX HCA driver.

A missing free of resources in error path when creating resources in
Mellanox ConnectX HCA driver could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Use-after-free when dropping packets in netpoll.

A logic error when dropping packets in netpoll could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-14821: Denial-of-service in KVM MMIO coalesced writes.

An out-of-bounds access to the coalesced MMIO ring buffer could result
in a kernel crash.  A malicious guest could use this flaw to crash the
hypervisor or potentially, escalate privileges.


* Out-of-bounds access in CAPI2.0 driver.

A logic error when writing to CAPI2.0 device could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when removing publication info in TIPC driver.

A logic error when removing publication info in TIPC driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service during fsync on btrfs filesystem.

A reference count error during fsync on btrfs filesystem could lead to a
use-after-free or a kernel assert. A local attacker could use this flaw
to cause a denial-of-service.


* Information leak when emulating VMPTRST in KVM.

A missing zeroing of on-stack data on host side when emulating VMPTRST
in KVM could lead to an information leak. A local attacker from a guest
could use this flaw to leak information about the host an facilitate an
attack.


* Out-of-bounds access during USB device reset.

A logic error during USB device reset could lead to an out-of-bounds
access. A local attacker could use this flaw to cause a
denial-of-service.


* Double free when disconnecting TV Master TM5600/6000/6010 USB device.

A logic error when disconnecting TV Master TM5600/6000/6010 USB device
while transfers are on-going could lead to a double free. A local
attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference in Xen network device error handling.

Incorrect error handling when filling fragments for a Xen network device
could result in a NULL pointer dereference and kernel crash.


* CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Denial-of-service when parsing access point settings in Marvell WiFi-Ex driver.

Logic errors when parsing access point settings in Marvell WiFi-Ex
driver could lead to buffer overflows. A local attacker could use this
flaw to cause a denial-of-service.


* NULL pointer dereference when accessing a revoked key.

A missing check when accessing a revoked key could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Invalid memory access in floppy disk driver.

A logic error when copying data to userspace from floppy disk driver
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-15505: Out-of-bounds access in Technisat DVB-S/S2 USB2.0 driver.

A logic error when receiving data over Technisat DVB-S/S2 USB2.0 driver
could lead to an out-of-bounds access. A remote attacker could use this
flaw to cause a denial-of-service.


* CVE-2018-21008: Use-after-free when de-initializing mac80211 stack in Redpine Signals Inc 91x WLAN driver.

A logic error when de-initializing mac80211 stack in Redpine Signals Inc
91x WLAN driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service when removing a Yurex USB device.

Incorrect reference counting when removing a Yurex device could lead to
a use-after-free. An attacker could exploit this vulnerability to cause
a denial-of-service.


* Information leak when initializing PCAN-USB device.

When loading a PCAN-USB driver, kernel passes an uninitialized buffer
to the device. This could leak privileged kernel memory to the device
and allow a malicious device to escalate privilege.


* Denial-of-service when reconnecting to a SMBv3 server.

A deadlock in the SMB / CIFS subsystem could lead to the kernel thread
hanging indefinitely. An attacker could exploit this bug to cause a
denial-of-service.


* Improved fix for denial-of-service in non-hierarchical memory cgroup iteration.

A logic error in the memory cgroup code could lead to kernel memory
corruption and a kernel crash when iterating over cgroups.  This could
be exploited to cause a denial-of-service.


* Denial-of-service when processing input from HID device.

A null pointer dereference when processing input event from Holtek
gaming controller could lead to a kernel crash. A malicious device could
exploit this to cause a denial-of-service.


* Improved fix for Spectre v1: Bounds-check bypass in Infiniband subsystem.

Speculative execution when registering agent in core Infiniband
subsystem allows bounds-check bypass. A local user could exploit
this vulnerability to escalate privileged.


* Denial-of-service in sendmsg when using TX_RING.

A null pointer dereference in the sendmsg system call path when TX_RING
is used could lead to a GPF. An attacker could exploit this to cause a
denial-of-service.


* Denial-of-service when handling page fault in userspace.

A double-free bug in the userfaultfd subsystem could lead to kernel
crash. An attacker with privilege to perform userfaultfd could exploit
this to cause a denial-of-service and possibly escalate privilege.


* Memory leak when registering a sound device fails.

A logic error when registering a sound device fails could lead to a
memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* Use-after-free when closing PEAK PCAN-USB connection.

A logic error when closing PEAK PCAN-USB connection when transfers are
on-going could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* Denial-of-service when receiving packets over tcp sockets.

A logic error when receiving packets over tcp sockets could lead to a
kernel assert. A local attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-16.04-updates mailing list