[Ksplice][Ubuntu-16.10-Updates] New Ksplice updates for Ubuntu 16.10 Yakkety (4.8.0-38.41)

[Oracle Ksplice]

Synopsis: 4.8.0-38.41 can now be patched using Ksplice
CVEs: CVE-2016-9588

Systems running Ubuntu 16.10 Yakkety can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.8.0-38.41.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.10
Yakkety install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Missing mutex lock in Hyper-V channel free causes denial of service.

Missing synchronization surrounding the removal of channels from a
hyper-v bus could cause memory corruption and a denial-of-service.


* Double-closing block device while listing devices causes denial-of-service.

If a block device is closed while other block devices are being
enumerated with iterate_bdevs(), a NULL data member can be dereferenced,
causing a crash and denial-of-service.


* Memory leak in system trace module open path.

A missing free in the error path of stm_char_open() would leak memory,
causing performance degradation and an eventual denial-of-service.


* CVE-2016-9588: Denial-of-service in Intel nested VMX exception handling.

Failure to handle exceptions thrown by an L2 guest could result in
kernel crash.  A malicious guest could use this flaw to crash the
virtualization host.


* Denial-of-service caused by use-after-free in fsnotify.

When iterating through a list of inodes to unmount, fsnotify could
potentially free a node while iterating through the list. This could
cause a kernel crash, but usually manifests as an infinite loop, causing
a denial-of-service.


* Memory leak in Infiniband RDMA-over-Ethernet driver.

A missing free in rqe_qp_cleanup leaks a socket and associated memory,
potentially causing performance degradation and an eventual
denial-of-service.


* Memory corruption in Infiniband RDMA-over-ethernet driver.

Missing synchronization code allowed possible memory corruption when
using Infiniband RDMA, potentially causing a crash and
denial-of-service.


* Denial-of-service in DRV260x haptic input driver.

Incorrectly specifying the parent device on a DRV260x haptic device
could cause a kernel crash and denial-of-service.


* Bad copy exposes memory in Intel iWARP driver statistics reporting.

A bad memory copy operation in the Intel iWARP driver copies stack memory
onto the stats reporting structure, potentially exposing kernel memory via
the stats interface.


* Connection spoofing in Ceph filesystem connect.

When establishing a Ceph connection, the authorizer reply is not
actually verified as authentic, potentially allowing an attacker to
spoof another connection.


* Denial-of-service due to deadlock in pNFS read resend and layout return.

Incorrect lock ordering could cause a deadlock and denial-of-service
when using pNFS with layouts and replaying failed file reads.


* Denial-of-service when using GPADL as Hyper-V guest.

A logic error when using GPADL (Guest Physical Address Descriptor List)
could lead to a memory leak. A local attacker could use this flaw to
exhaust memory and cause a denial-of-service.


* Denial-of-service when writing to huge pages of another process.

A missing check when writing to read-only regions of memory backed by
transparent huge pages cause an infinite loop. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service when opening Hyper-V channel.

A too short timeout when waiting for message completion on channel
opening could lead to an infinite loop. An attacker could use this flaw
to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.