[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4254-1)

Tue Mar 10 18:09:45 PDT 2020

Synopsis: USN-4254-1 can now be patched using Ksplice
CVEs: CVE-2019-10220 CVE-2019-15291 CVE-2019-18885 CVE-2019-19056 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19227 CVE-2019-19332 CVE-2020-8832

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4254-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-19062: Denial-of-service in the crypto subsystem.

Incomplete error handling while reporting statistics through procfs
in the crypto subsystem leads to memory leak. An unprivileged local
user could exploit this to exhaust kernel memory and cause a
denial-of-service.

* CVE-2019-19063: Denial-of-service in the rtlwifi driver.

A bug in the error path during initialization in rtlwifi USB driver leads
to memory leak. An attacker with physical access may possibly exploit
this bug to cause a denial-of-service.

* CVE-2019-19056, CVE-2019-19057: Denial-of-service in the Marvell mwifiex PCIe driver.

Failure to handle error during initialization of Marvell mwifiex PCIe
driver leads to memory leak. An attacker could exploit this to exhaust
kernel memory that eventually may cause a denial-of-service.

* CVE-2019-19227: Denial-of-service during AppleTalk protocol registration.

A failure to correctly handle memory allocation failures can result in a
NULL pointer dereference, leading to a kernel crash. A local user with
the ability to trigger a load of the AppleTalk protocol could use this
flaw to cause a denial-of-service.

* CVE-2019-18885: Denial-of-service in BTRFS extent verification.

A logic error when verifying extents during mount of a BTRFS filesystem
can result in a NULL pointer dereference, leading to a kernel crash. A
local user with the ability to mount a crafted BTRFS image could use
this flaw to cause a denial-of-service.

* CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting.

A failure to correctly validate a request for KVM cpuid emulation
information can lead to an out-of-bounds memory access, leading to a
kernel crash. A local user with the ability to use KVM could use this
flaw to cause a denial-of-service.

* CVE-2019-15291: Denial-of-service in B2C2 FlexCop driver probing.

Incorrect device validation when probing a B2C2 FlexCop driver could
result in a NULL pointer dereference and kernel crash.  A local user
with the ability to insert USB devices could use this flaw to crash the
system.

* Race condition in SunRPC auth cache causes NULL-pointer dereference.

A race condition exists in the SunRPC generic auth cache implementation
that could result in an uninitialized cache entry being loaded. This
invalid entry might then be dereferenced, resulting in a kernel crash
and denial-of-service.

* CVE-2019-10220: Privilege escalation when parsing directory from a bad SMB server.

A logic error in the way paths are parsed in the SMB client could let an
attacker running an SMB server manipulate files outside of a shared
mount point on the client side.

* Out-of-bounds read in netfilter ebtables validation.

When parsing netfilter ebtables entries, structure padding is not
properly computed, potentially allowing an entry to trigger an
out-of-bounds read.

* Sending TCP packet with empty skb might cause denial-of-service.

A race condition when sending TCP packets might cause sendmsg() to
dispatch a packet backed by an empty kernel memory buffer, resulting
in a kernel crash and denial-of-service.

* CVE-2020-8832: Information leak in Intel i915 generation 9 devices.

Missing pipeline flushing when switching i915 contexts could lead to
information leaks between unrelated GPU contexts. A malicious user
could potentially use this to obtain sensitive information.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.