[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4904-1)

[Oracle Ksplice]

Synopsis: USN-4904-1 can now be patched using Ksplice
CVEs: CVE-2015-1350 CVE-2017-16644 CVE-2017-5967 CVE-2018-13095 CVE-2019-16231 CVE-2019-16232 CVE-2019-19061 CVE-2021-20261 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-28038 CVE-2021-28660 CVE-2021-29265 CVE-2021-30002 CVE-2021-3347

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4904-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2021-26931, CVE-2021-28038: Mishandling of errors causes DoS of Xen backend.

Several error conditions in the scsi, block, and net Xen backend drivers
incorrectly cause kernel assertion failures. A malicious or buggy Xen
frontend might trigger these conditions, causing a denial-of-service in the
host.


* CVE-2019-19061: Memory leak in Analog Devices ADIS* driver.

A missing free of resources on allocation failure in Analog Devices
ADIS* driver when scanning devices in burst mode could lead to a memory
leak. A local attacker could use this flaw to exhaust kernel memory and
cause a denial-of-service.


* CVE-2019-16231: NULL pointer dereference when registering FUJITSU Extended Socket Network Device driver.

A missing check when registering FUJITSU Extended Socket Network Device
driver fails could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2021-26932, XSA-361: Denial-of-host-service by malicious Xen frontend.

Batched mapping operations can be potentially mishandled by the Linux
Xen backend, resulting in incorrectly reported success or failure of the
operation. Running a malicious or buggy frontend could result in a
denial-of-service on the host.


* CVE-2018-13095: Denial-of-service on xfs inode with outsize extent count.

The xfs filesystem fails to properly handle an inode with more extents
than fit in the inode fork. Encountering such a file could cause the xfs
verification code to corrupt memory or cause a denial-of-service.


* CVE-2021-26930, XSA-365: Bad error handing of blkback grant references.

The Xen blkback driver can incorrectly ignore errors when mapping grant
references, potentially reporting a false success, and causing unmapped
memory to be accessed. Hosting a malicious or buggy frontend driver
might result in a denial-of-service on the host.


* CVE-2019-16232: NULL pointer dereference when registering Marvell Libertas 8385/8686/8688 SDIO 802.11b/g cards.

A missing check when registering Marvell Libertas 8385/8686/8688 SDIO
802.11b/g cards could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2021-20261: Denial-of-service in Floppy Disk Drive Controller driver.

A missing error handling in the Floppy Disk Drive Controller driver
could lead to a race condition and memory corruption. A local,
privileged user could use this flaw for a denial-of-service.


* CVE-2017-16644: Denial-of-service in Hauppauge HD PVR driver.

Incorrect error handling during device probe for a Hauppauge HD PVR
device could result in a kernel crash.  A user with physical access to
the system and a malicious device could use this flaw to crash the
system.


* CVE-2021-28660: Out-of-bounds writes in Realtek RTL8188EU Wireless LAN NIC driver.

A missing error handling check in Realtek RTL8188EU Wireless LAN NIC
driver could lead to out-of-bounds writes. A local user could use this
flaw for a denial-of-service or code execution.


* CVE-2021-29265: Denial-of-service in usbip driver due to race conditions.

Race conditions in the stub-up sequence of the usbip driver during
an update of the local and shared status could lead to a system crash.
A local attacker could use this flaw to cause a Denial-of-service.


* CVE-2021-30002: Denial-of-service in V4L2 driver due to memory leaks.

A flaw in the exit code sequence of V4L2 driver could lead to memory
leaks. A local user could use this flaw to cause a denial-of-service.


* CVE-2017-5967: Information leak in the time subsystem through proc filesystem.

A process information leak across namespaces in the time subsystem
allows local users to discover real PID values by reading
the /proc/timer_list file. A local user could use this flaw to get
access to this sensitive information about the running system in
order to facilitate a further attack.


* CVE-2015-1350: Denial-of-service in VFS subsystem.

An incomplete set of requirements for setattr operations in VFS
subsystem could result in a denial of elevated permissions from valid
users, services, or applications. A local, non-privileged user could
use this flaw to cause a denial-of-service.


* CVE-2021-3347: Privilege escalation in the Fast Userspace Mutexes.

A flaw in the Fast Userspace Mutexes implementation could lead to
a use-after-free. A local user could use this flaw to crash the system
or escalate their privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.