[Ksplice][Ubuntu-18.10-Updates] New Ksplice updates for Ubuntu 18.10 Cosmic (USN-3930-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Apr 8 14:49:01 PDT 2019
Synopsis: USN-3930-1 can now be patched using Ksplice
CVEs: CVE-2017-5753 CVE-2018-19824 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8956 CVE-2019-8980 CVE-2019-9003 CVE-2019-9162 CVE-2019-9213
Systems running Ubuntu 18.10 Cosmic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3930-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 18.10
Cosmic install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-8912: Use-after-free when releasing a socket.
A logic error when releasing a socket could lead to a use-after-free. A
local attacker could use this flaw to cause a denial-of-service.
* CVE-2019-8956: Use-after-free in SCTP message send to removed endpoint.
A race condition between sending SCTP messages and removal of endpoints can
result in accessing a freed list entry, leading to a use-after-free. A local
user could use this flaw to cause a kernel crash or potentially escalate
privileges.
* CVE-2019-6974: Use-after-free in KVM device creation.
A reference count manipulation error when creating a KVM device can result in
an early free, leading to a use-after-free. A local user with access to KVM
could use this flaw to cause a kernel crash or potentially escalate privileges.
* CVE-2019-7221: Use-after-free in nested KVM preemption timer.
A failure to cancel a nested KVM timer before freeing it can result in a
use-after-free. A guest VM could use this flaw to crash the host.
* CVE-2019-7222: Information disclosure in KVM VMX emulation.
Incorrectly handling a page fault exception while emulating VMX instructions
can result in leaking host stack information to a guest. A guest VM could use
this flaw to facilitate a further attack on the host.
* CVE-2019-3459: Information leak when processing L2CAP options controlled by an attacker.
Missing checks on options lengths when processing L2CAP options could lead
to an information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.
* CVE-2018-19824: Use-after-free when registering a malicious USB audio device.
A wrong error handling when registering a malicious USB audio device
exposing 0 interface could lead to a use-after-free. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2019-7308: Out-of-bounds speculation in BPF verifier.
The BPF verifier can attempt to perform out-of-bounds speculation on
pointer arithmetic, creating a potential vector for side-channel
attacks.
* CVE-2019-8980: Denial-of-service in kernel read file implementation.
A failure to free memory after a read error can result in a memory leak. A
local user could use this flaw to exhaust system memory, leading to a kernel
crash.
* CVE-2019-3460: Information leak when parsing L2CAP options received from userspace.
Missing checks when parsing L2CAP option received from userspace could
lead to an information leak. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.
* CVE-2019-9213: Bypass of mmap_min_addr restriction.
An incorrect capability check in the mmap memory expansion implementation can
result in applications being able to bypass the minimum mmap address
restriction. A local user on a system without SMAP enabled could use this flaw
to exploit kernel NULL pointer dereferences.
* CVE-2019-9162: Privilege escalation in SNMP NAT ASN.1 parsing.
Incorrect length checks in the ASN.1 decoder implementation for SNMP NAT can
result in an out-of-bounds read or write. A local user could use this flaw to
cause a kernel crash or potentially escalate privileges.
* CVE-2019-9003: Denial-of-service when restarting ipmievd.
A race condition in the IPMI message handler can result in a
use-after-free, causing a kernel crash. A malicious user could exploit
this to create a denial-of-service by restarting ipmievd in a tight
loop.
* Improved fix to CVE-2017-5753: Speculative execution in nested eBPF map.
When creating a nested eBPF map, the inner map's memory protection is
vulnerable to speculative execution. eBPF programs utilizing maps could
therefore be vulnerable to speculative execution attacks from malicious
users.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-18.10-updates
mailing list