From gregory.herrero at oracle.com Wed Jul 10 05:44:15 2024 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Wed, 10 Jul 2024 05:44:15 +0000 Subject: [Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6831-1) Message-ID: <7b4a1584354fe6836f266d0a96d3401c.apache@ksplice.com> Synopsis: USN-6831-1 can now be patched using Ksplice CVEs: CVE-2021-47063 CVE-2024-0841 CVE-2024-26688 CVE-2024-26712 CVE-2024-26733 CVE-2024-26736 CVE-2024-26751 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26790 CVE-2024-26791 CVE-2024-26804 CVE-2024-26805 CVE-2024-26848 CVE-2024-27414 CVE-2024-27417 Systems running Ubuntu 20.04 Focal can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-6831-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 20.04 Focal install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2021-47063: Use-after-free in DRM subsystem. A logic error in DRM bridge/panel detach path could lead to a use-after-free error. A local attacker can exploit this flaw to cause denial-of-service or privilege escalation. * CVE-2024-0841, CVE-2024-26688: Denial-of-service when configuring a HugeTLB file system. A logic error when configuring a HugeTLB file system using fsconfig syscall could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26733: Out-of-bounds write in ARP's ioctl functionality. A logical error when getting ARP mapping using ioctl in the IPV4 networking can lead to an out-of-bounds write. A local attacker with necessary privileges can exploit this flaw to cause denial-of-service or privilege escalation. * CVE-2024-26736: Denial-of-service in Andrew File System (AFS). A logic error when updating volume status in Andrew File System (AFS) could lead to a buffer overflow. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26777: Denial-of-service in SiS/XGI display driver. A missing check on user input when using SiS/XGI display driver could lead to a divide-by-zero error. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26778: Denial-of-service when using S3 Savage framebuffer driver. A missing check on user input when using S3 Savage framebuffer ioctl could lead to a divide by zero error. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26791: Information leak when using btrfs replace. An invalid check on user input when using btrfs replace command could lead to an out-of-bounds access. A local attacker could use this flaw to leak information about running kernel and facilitate an attack. * CVE-2024-26804: Denial-of-service in IPv4 networking stack. A logical error in IPv4 networking stack can lead to the continuous increase of headroom size in socket buffer, eventually leading to a use-after-free. A local attacker can exploit this flaw to cause a denial-of-service. * CVE-2024-26805: Information leak in Netlink driver during packet creation. An incorrect buffer length calculation when creating new packets in the Netlink driver causes uninitialized memory to be copied into a packet buffer. This flaw could be exploited to leak sensitive information from the running kernel. * CVE-2024-26848: Denial-of-service in Andrew File System (AFS). A logic error when iterating through AFS directory entries could lead to an infinite loop. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-27414: Out-of-bounds write in core net subsystem. A logical error when handling rtnetlink RTM_SETLINK messages (which is about modifying link configuration by a user) in the core net subsystem can lead to an out-of-bounds write. A local attacker with necessary privileges can exploit this flaw to cause denial-of-service or privilege escalation. * CVE-2024-27417: Resource exhaustion in IPv6 networking stack. A logical error in the IPv6 networking stack when handling malformed arguments given by the userspace for RTM_GETADDR messages can lead to a resource leak. A local attacker can exploit this flaw to cause resource exhaustion and thus denial-of-service. * Note: Oracle has determined that CVE-2024-26712 is not applicable. This CVE addresses an issue in PowerPC KASAN support. PowerPC is not supported which is not included in this kernel. * Note: Oracle has determined that CVE-2024-26751 is not applicable. The kernel is not affected by CVE-2024-26751 since the code under consideration is not compiled. * Note: Oracle has determined that CVE-2024-26788 is not applicable. The kernel is not affected by CVE-2024-26788 since the code under consideration is not compiled. * Note: Oracle has determined that CVE-2024-26790 is not applicable. The kernel is not affected by CVE-2024-26790 since the code under consideration is not compiled. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From gregory.herrero at oracle.com Wed Jul 24 11:53:04 2024 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Wed, 24 Jul 2024 11:53:04 +0000 Subject: [Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6868-1) Message-ID: Synopsis: USN-6868-1 can now be patched using Ksplice CVEs: CVE-2024-26642 CVE-2024-26643 CVE-2024-26925 Systems running Ubuntu 20.04 Focal can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-6868-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 20.04 Focal install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-26642, CVE-2024-26643: Privilege escalation in netfilter subsystem. A logical error in the netfilter subsystem can cause a race between the netfilter garbage collector and freeing of anonymous sets with timeouts (wrongly allowed to create from userspace), leading to a use-after-free. A local attacker can exploit this flaw to escalate privileges or facilitate an attack. * CVE-2024-26925: Privilege escalation in Network packet filtering framework. A race condition when using Network packet filtering framework (Netfilter) with garbage collector could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From gregory.herrero at oracle.com Mon Jul 29 14:08:26 2024 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Mon, 29 Jul 2024 14:08:26 +0000 Subject: [Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6896-1) Message-ID: Synopsis: USN-6896-1 can now be patched using Ksplice CVEs: CVE-2022-0001 CVE-2022-0002 CVE-2022-48627 CVE-2023-52620 CVE-2023-52880 CVE-2023-6270 CVE-2024-25739 CVE-2024-26586 CVE-2024-26642 CVE-2024-26643 CVE-2024-26816 CVE-2024-26828 CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857 CVE-2024-26863 CVE-2024-26882 CVE-2024-26889 CVE-2024-26898 CVE-2024-26901 CVE-2024-26923 CVE-2024-26973 CVE-2024-26993 CVE-2024-35823 CVE-2024-35897 CVE-2024-35900 CVE-2024-35910 CVE-2024-35950 CVE-2024-35973 Systems running Ubuntu 20.04 Focal can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-6896-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 20.04 Focal install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-48627, CVE-2024-35823: Data corruption in virtual terminal driver. Optimisation of a function call in virtual terminal driver can lead to data corruption due to copying between overlapping buffers. A local attacker can exploit this flaw to cause a denial-of-service, corrupt data, or aid in other types of attacks. * CVE-2023-52620, CVE-2024-26642, CVE-2024-26643: Privilege escalation in netfilter subsystem. A logical error in the netfilter subsystem can cause a race between the netfilter garbage collector and freeing of anonymous sets with timeouts (wrongly allowed to create from userspace), leading to a use-after-free. A local attacker can exploit this flaw to escalate privileges or facilitate an attack. * CVE-2023-52880: Privilege escalation in GSM 07.10 tty multiplexor. An unprivileged user can attach to the line discipline of GSM 07.10 tty multiplexor driver even though CAP_NET_ADMIN is needed to create a GSM network. A local attacker can exploit this flaw to extract sensitive information from kernel memory, execute arbitrary code, and eventually escalate privileges or facilitate an attack. * CVE-2023-6270, CVE-2024-26898: Use-after-free in ATA-over-Ethernet driver. Due to incorrect handling of device refcount in the ATA-over-Ethernet (AoE) driver, a race is possible between freeing of an AoE device and access through associated socket buffers, leading to a use-after-free. A local attacker can exploit this flaw to cause a denial-of-service or execute arbitrary code. * CVE-2024-25739: Denial-of-service in Unsorted block images (UBI). Incorrect validation of logical eraseblock sizes in UBI support could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of- service. * CVE-2024-26586: Denial-of-service in Mellanox Technologies Spectrum driver. A logic error in Mellanox Technologies Spectrum driver could lead to a kernel stack corruption. A local attacker could use this to cause a denial-of-service. * CVE-2024-26816: Information leak in /sys/kernel/notes for x86 systems. An unprivileged attacker can read /sys/kernel/notes which contains relocations of Xen variables. As System.map file is also readable by an unprivileged attacker, KASLR can be bypassed since the attacker can find out the relative offsets and combine that with the Xen relocation address to find the address of any kernel symbol, which can facilitate an attack, like privilege escalation. * CVE-2024-26828: Remote privilege escalation in SMB3 and CIFS driver. An invalid check when using SMB3 and CIFS driver could lead to an out-of-bounds memory access. A remote attacker could use this flaw to escalate privileges. * CVE-2024-26851: Denial-of-service in Network packet filtering framework. A missing check when using Network packet filtering framework (Netfilter) could lead to an out-of-bounds access. A local attacker could use this flaw to cause a denial-of-service or facilitate an attack. * CVE-2024-26852: Privilege escalation when using IPV6 multipath routes. A logic error when using IPV6 multipath routes could lead to a use-after-free. A local attacker could use this flaw to escalate privilege. * CVE-2024-26855: Denial-of-service in Intel Ethernet Connection E800 Series driver. A logic error in Intel Ethernet Connection E800 Series driver could lead to a NULL pointer dereference. A local attacker can exploit this flaw to cause a denial-of-service. * CVE-2024-26857: Information leak in Generic Network Virtualization Encapsulation driver. During reception of packets in GENEVE driver, uninitialised memory can be accessed due to incorrect handling of headers of the socket buffer. An attacker (local or remote) can exploit this flaw to access sensitive information from the kernel memory or facilitate an attack. * CVE-2024-26863: Information leak in HSR networking stack. Missing check for the HSR tag after the Ethernet header in the High-availability Seamless Redundancy networking stack can lead to accessing uninitialised memory. An attacker (local or remote) can exploit this flaw to extract sensitive information from the kernel memory or facilitate an attack. * CVE-2024-26882: Information leak in IP tunneling stack. During reception of packets in IP tunneling stack, uninitialised memory can be accessed due to incorrect handling of headers of the socket buffer. An attacker (local or remote) can exploit this flaw to access sensitive information from the kernel memory or facilitate an attack. * CVE-2024-26889: Out-of-bounds write in core Bluetooth subsystem. When using the HCIGETDEVINFO ioctl command, a buffer overflow is possible if the device name is bigger than expected. A remote attacker can exploit this flaw to cause a denial-of-service or privilege escalation. * CVE-2024-26901: Information leak in file handle syscalls. Incorrect initialisation in file handle code in core fs subsystem can lead to information leak. A local attacker can exploit this flaw to extract sensitive information from the kernel memory or aid in other types of attacks. * CVE-2024-26923: Privilege escalation in Unix domain sockets. A race condition when using Unix domain sockets could lead to garbage collector racing with the connect() syscall. A local attacker could use this flaw to escalate privileges. * CVE-2024-26973: Information leak in FAT filesystem. Uninitialised field in FAT filesystem can eventually lead to memory leak. A local attacker can exploit this flaw to extract sensitive information from the kernel memory or facilitate an attack. * CVE-2024-26993: Resource leak in SysFS filesystem. A logic error in the SysFS filesystem can lead to a resource leak. An attacker can exploit this flaw to cause a denial-of-service or aid in other types of attacks. * CVE-2024-35897, CVE-2024-35900: Privilege escalation in netfilter subsystem. A logical error in the netfilter subsystem in handling asynchronous garbage collection and table updates can lead to a double free. A local attacker can exploit this flaw to escalate privileges or aid in other types of attacks. * CVE-2024-35910: Denial-of-service in IPv4 TCP networking stack. A logical error in IPv4 TCP networking stack when handling timers upon a kernel socket release can lead to a null-pointer dereference. A local attacker can exploit this flaw to cause a denial-of-service. * CVE-2024-35950: Memory corruption in Direct Rendering Manager. A locking error when using Direct Rendering Manager driver could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-35973: Denial-of-service in Generic Network Virtualization Encapsulation. A logic error when using Generic Network Virtualization Encapsulation driver could lead to use of uninitialized memory. A local attacker could use this flaw to cause a denial-of-service. * Note: Oracle will no provide a zero-downtime update for CVE-2022-0001, CVE-2022-0002. Oracle has determined that applying the kernel mitigation for this vulnerability on a running system would not be safe and recommends rebooting. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.