[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4527-1)

[Oracle Ksplice]

Synopsis: USN-4527-1 can now be patched using Ksplice
CVEs: CVE-2019-19054 CVE-2019-19073 CVE-2019-19074 CVE-2019-19448 CVE-2019-20811 CVE-2019-9445 CVE-2019-9453 CVE-2020-0067 CVE-2020-14331 CVE-2020-16166 CVE-2020-25212

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4527-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory corruption when calculating nexthop of IPv6 tunnel.

A logic error when passing IPv4 traffic through an IPv6 tunnel can trigger an
out-of-bounds write and kernel memory corruption.


* CVE-2019-19073, CVE-2019-19074: Denial-of-service in the ath9k wireless driver.

A memory leak during driver initialization in the Atheros HTC-based
wireless subsystem could cause kernel memory exhaustion. An attacker
could exploit this flaw to cause a denial-of-service.


* CVE-2019-19054: Denial-of-service in the cx2388x tv card driver.

Failure to handle error during initial setup on in the cx2388x tv card
driver causes memory leak. An attacker could exploit this to cause a
denial-of-service.


* CVE-2019-20811: Denial-of-service in network device sysfs system.

An inability to correctly handle an error condition when adding certain objects
in the net sysfs code could lead to an invalid refcount and thus a memory leak.
This could be used for a denial-of-service attack.


* CVE-2019-9453: Out-of-bounds access when parsing extended attribute of F2FS filesystem.

A logic error when parsing extended attribute of a corrupted or
specially crafted F2FS filesystem could lead to an out-of-bounds access.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2020-0067: Out-of-bounds read due to no bounds check in F2FS filesystem support.

Missing bounds check in Extended attribute LIST operations of F2FS
filesystem support implementation could lead to local information
disclosure. A local user could use this flaw to cause the information
leak.


* Out-of-bounds access in writes of Simplified Mandatory Access Control Kernel Support.

A missing check on user input when using Simplified Mandatory Access
Control Kernel Support driver could lead to an out-of-bounds access.
A local attacker could use this flaw to cause a denial-of-service.


* Memory corruption in key material handling of Marvell WiFi-Ex Driver.

An out-of-bounds write could happen in 802.11 key material handling
of Marvell WiFi-Ex Driver when a badly formatted network packet arrives
on the network interface. A remote attacker could use this flaw to
cause a denial-of-service or code execution.


* Data corruption in receive data path of Internet Protocol.

A flaw in UDP receive data path of Internet Protocol implementation
could cause corrupted data to be delivered to a UDP application.
A remote attacker could use this flaw to cause a denial-of-service.


* Use-after-free in writes of Simplified Mandatory Access Control.

A missing synchronization mechanism in writes of Simplified Mandatory
Access Control Kernel Support driver could lead to a use-after-free
when multiple userspace tasks access the driver simultaneously.
A local attacker could use this flaw to cause a denial-of-service or
the execution of arbitrary code.


* Denial-of-service in Internet Protocol when converting IPv6 to IPv4 socket.

A flaw in Internet Protocol implementation can cause a memory leak when
performing an certain sequence of socket operations in userspace.
A local user could use this flaw to cause a denial-of-service.


* Information leak in ioctls of AMDGPU Graphics driver.

A flaw in ioctl implementation of AMDGPU Graphics driver could cause
a leak of kernel memory to userspace. An local attacker could use this
flaw to leak information.


* Information leak in receives of Reliable Datagram Sockets protocol.

A flaw in receives of Reliable Datagram Sockets protocol implementation
could cause kernel memory leak to userspace. An local attacker could
use this flaw to leak information from kernel memory.


* Denial-of-service in 802.11 mesh network join of Generic IEEE 802.11 Networking Stack.

A flaw in 802.11 mesh network join implementation of Generic IEEE
802.11 Networking Stack could cause a memory leak. A local user
could exploited this flaw by repeatedly joining and leaving 802.11
mesh network and cause a denial-of-service.


* CVE-2019-9445: Out-of-bounds access in directory reads of F2FS filesystem.

An Out-of-bounds access could happen in directory reads of F2FS
filesystem when passing an invalid directory name length value.
A local user could use this flaw to cause a denial-of-service.


* CVE-2020-14331: Out-of-bounds writes in ioctls of Console display driver.

Out-of-bounds writes in ioctls of Console display driver could happen
when calling an ioctl VT_RESIZE in order to resize the console. This
flaw could allow a local user with access to the VGA console to crash
the system or potentially escalating their privileges on the system.


* Use-after-free in ioctls of Advanced Linux Sound Architecture.

Use-after-free could happen in ioctls of Advanced Linux Sound
Architecture when multiple ioctl issued simultaneously. A local
attacker could use this flaw to cause a denial-of-service or
potentially escalate privileges.


* Use-after-free in ioctls of Direct Rendering Manager.

A flaw in ioctls implementation of Direct Rendering Manager could lead
to use-after-free. A local attacker could use this flaw to cause
a denial-of-service or potentially escalate privileges.


* CVE-2019-19448: Use-after-free in Btrfs filesystem with a crafted btrfs filesystem image.

Mounting a crafted btrfs filesystem image, performing some operations
and making syncfs system call could lead to a use-after-free in Btrfs
filesystem. A local user with physical access to the system and
a malicious device could use this flaw to cause a system crash or
execution of arbitrary code on the system.


* CVE-2020-25212: Out-of-bounds writes in RPC operations of Network File System.

Out-of-bounds writes in RPC operations of Network File System
could cause a system crash. This flaw could allow a local user
to crash the system and cause a denial-of-service or potentially
escalating their privileges on the system.


* Integer underflow in ioctl of frame buffer devices.

A logic error while computing user input in FBIOPUT_VSCREENINFO ioctl of
frame buffer devices could lead to an integer underflow. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2020-16166: Confidentiality vulnerability in the generation of the device ID.

A flaw in the generation of the device ID from the network RNG could
result in a potential issue allowing remote attackers to make
observations that help to obtain sensitive information about
the internal state of the network RNG and compromise the data
confidentiality.


* Use-after-free in Bluetooth subsystem due to missing synchronization.

A missing locking mechanism in Bluetooth subsystem implementation
could result in use-after-free. A local attacker could use this
flaw to cause a denial-of-service or the execution of arbitrary
code.


* Out-of-bounds access in Minix filesystem when mapping a large logical block number.

Out-of-bounds memory access could happen in Minix filesystem when
mapping a very large logical block number to its on-disk location.
A local user could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.