[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6726-1)

Oracle Ksplice gregory.herrero at oracle.com
Mon Apr 22 22:54:30 UTC 2024 

Synopsis: USN-6726-1 can now be patched using Ksplice
CVEs: CVE-2023-46838 CVE-2023-52340 CVE-2023-52429 CVE-2023-52436 CVE-2023-52438 CVE-2023-52439 CVE-2023-52443 CVE-2023-52444 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454 CVE-2023-52457 CVE-2023-52464 CVE-2023-52469 CVE-2023-52470 CVE-2023-52609 CVE-2023-52612 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2024-0607 CVE-2024-23851 CVE-2024-26597 CVE-2024-26633

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6726-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-0607: Denial-of-service in the netfilter subsystem.

A logical error in the netfilter subsystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* XSA-448, CVE-2023-46838: Denial-of-service in Xen virtual networking stack.

Zero-length transmission requests can lead to NULL pointer dereference
in the Xen hypervisor's virtual networking stack. A remote attacker
can exploit this flaw to cause denial-of-service.


* CVE-2023-52439: Use-after-free and double-free in Userspace IO.

A race between open and unregister functions will lead to a
use-after-free and a double-free. A local attacker can exploit this
flaw to cause denial-of-service or aid in other type of attacks.


* CVE-2023-52449: Denial-of-service in Memory Technology Device layer.

Incorrect handling of unsorted block images after creating
a partition in the memory technology device layer can lead
to a null-pointer dereference. A local attacker can exploit
this flaw to cause denial-of-service.


* CVE-2023-52448: Denial-of-service in GFS2 filesystem.

Printing a resource group from the GFS2 filesystem can lead to a
null-pointer dereference. A local attacker can exploit this flaw
to cause denial-of-service.


* CVE-2023-52445: Use-after-free in Hauppauge WinTV-PVR USB2 driver.

Disconnecting a context in pvrusb2 driver can lead to a use-after-free
error. A local attacker can exploit this flaw to cause a privilege
escalation or denial-of-service.


* CVE-2023-52470: Denial-of-service in AMD Radeon display driver.

Allocation of scanout buffers for AMD Radeon GPUs can lead to a
null-pointer dereference. A local attacker can exploit this flaw
to cause denial-of-service.


* Note: Oracle has determined that CVE-2023-52457 is not applicable.

Removal of an 8250 UART device will cause a memory leak and a potential
use-after-free. A local attack can exploit this flaw to access
sensitive information from kernel memory or cause denial-of-service.

The kernel is not affected by CVE-2023-52457 since the code under
consideration is not compiled.


* CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-52454: Denial-of-service when using NVMe over TCP.

Incorrect handling of lengths and offsets in fields of TCP packets
by the NVMe driver could lead to a NULL pointer dereference. A remote
attacker could exploit this flaw to cause a denial-of-service by
sending specially-crafted malicious packets.


* CVE-2024-26633: Denial-of-service when using IP-in-IPv6 tunnel driver.

A logic error when using IP-in-IPv6 tunnel driver could lead to an
uninitialized memory access. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2023-52340: Uncontrolled resource consumption in IPv6 stack.

ICMPv6 "Package Too Big" response from the remote receiver causes the
the routing table being cloned for each such packet transmission, which
can increase the table size to more than a set low threshold for the
garbage collector. Continuous reception of messages will starve the CPU
such that a remote attacker can exploit this to cause denial-of-service.


* Note: Oracle has determined that CVE-2023-52451 is not applicable.

While doing a memory lookup for the powerpc pseries platform, an
out-of-bounds access is possible. A local attacker could exploit
this flaw to extract sensitive information from the kernel memory
or cause denial-of-service.

The kernel is not affected by CVE-2023-52451 since the code under
consideration is not compiled.


* CVE-2023-52612: Out-of-bounds write when performing cryptographic compression.

A logic error when using cryptographic synchronous compression
operations could lead to a buffer overflow. A local attacker could use
this flaw to cause a denial-of-service or escalate privileges.


* CVE-2023-52436: Denial-of-service in F2FS xattr.

In F2FS filesystem, the xattr list was not null-terminated explicitly,
leading to a possible out-of-bounds access. A local attacker can exploit
this flaw to extract sensitive information from the kernel memory, or
cause denial-of-service.


* CVE-2023-52469: Use-after-free in AMDGPU power management.

A race in the power management code of the AMDGPU driver for CIK ASICs
can lead to a use-after-free error. A local attacker can exploit this
flaw to cause denial-of-service or aid in other types of attacks.


* CVE-2023-52438: Use-after-free in Android Binder subsystem.

A race in the binder module present in the Android IPC subsystem
could lead to a use-after-free error. A local attacker can exploit
this flaw to cause denial-of-service or privilege escalation.


* CVE-2023-52609: Deadlock in Android binder with pinned mem pages.

A logic error when using Android binder could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2023-52443: NULL-pointer dereference in AppArmor profile name.

An empty profile name for an AppArmor profile leads to a null-pointer
dereference. A local attacker may exploit this flaw to cause
denial-of-service.


* Note: Oracle has determined CVE-2023-52464 is not applicable.

An out of bounds access of a string in the Cavium ThunderX memory
controller driver could result in a potential exposure of sensitive
kernel memory.

Oracle has determined that CVE-2023-52464 is not applicable as the code
in question is not compiled.


* CVE-2023-52444: Filesystem corruption in renaming on f2fs.

The f2fs filesystem rename code contains a flaw in its handling of
inodes. A malicious user might exploit this to corrupt a filesystem or
cause other misbehavior.


* CVE-2024-23851, CVE-2023-52429: Missing validation in software RAID ioctl.

The kernel Multiple Device (or software RAID) subsystem has ioctls that
do not properly validate their inputs. A malicious user can exploit this
to cause the system to attempt to allocate more than INT_MAX memory,
which can cause a crash and denial-of-service.


* CVE-2024-26597: Out-of-bounds read when configuring RmNet MAP driver.

A bigger-than-expect value for maxtype when configuring the Qualcomm
RmNet MAP driver can lead to an out-of-bounds read. A local attacker
can exploit this flaw to read sensitive information from kernel memory
or cause denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list