[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6831-1)

Oracle Ksplice gregory.herrero at oracle.com
Wed Jul 10 05:44:15 UTC 2024 

Synopsis: USN-6831-1 can now be patched using Ksplice
CVEs: CVE-2021-47063 CVE-2024-0841 CVE-2024-26688 CVE-2024-26712 CVE-2024-26733 CVE-2024-26736 CVE-2024-26751 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26790 CVE-2024-26791 CVE-2024-26804 CVE-2024-26805 CVE-2024-26848 CVE-2024-27414 CVE-2024-27417

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6831-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2021-47063: Use-after-free in DRM subsystem.

A logic error in DRM bridge/panel detach path could lead to a use-after-free
error. A local attacker can exploit this flaw to cause denial-of-service
or privilege escalation.


* CVE-2024-0841, CVE-2024-26688: Denial-of-service when configuring a HugeTLB file system.

A logic error when configuring a HugeTLB file system using fsconfig
syscall could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2024-26733: Out-of-bounds write in ARP's ioctl functionality.

A logical error when getting ARP mapping using ioctl in the IPV4
networking can lead to an out-of-bounds write. A local attacker with
necessary privileges can exploit this flaw to cause denial-of-service
or privilege escalation.


* CVE-2024-26736: Denial-of-service in Andrew File System (AFS).

A logic error when updating volume status in Andrew File System (AFS)
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-26777: Denial-of-service in SiS/XGI display driver.

A missing check on user input when using SiS/XGI display driver could
lead to a divide-by-zero error. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-26778: Denial-of-service when using S3 Savage framebuffer driver.

A missing check on user input when using S3 Savage framebuffer ioctl
could lead to a divide by zero error. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-26791: Information leak when using btrfs replace.

An invalid check on user input when using btrfs replace command could
lead to an out-of-bounds access. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.


* CVE-2024-26804: Denial-of-service in IPv4 networking stack.

A logical error in IPv4 networking stack can lead to the continuous
increase of headroom size in socket buffer, eventually leading to a
use-after-free. A local attacker can exploit this flaw to cause a
denial-of-service.


* CVE-2024-26805: Information leak in Netlink driver during packet creation.

An incorrect buffer length calculation when creating new packets in
the Netlink driver causes uninitialized memory to be copied into a
packet buffer. This flaw could be exploited to leak sensitive
information from the running kernel.


* CVE-2024-26848: Denial-of-service in Andrew File System (AFS).

A logic error when iterating through AFS directory entries could lead to
an infinite loop. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-27414: Out-of-bounds write in core net subsystem.

A logical error when handling rtnetlink RTM_SETLINK messages (which
is about modifying link configuration by a user) in the core net
subsystem can lead to an out-of-bounds write. A local attacker with
necessary privileges can exploit this flaw to cause denial-of-service
or privilege escalation.


* CVE-2024-27417: Resource exhaustion in IPv6 networking stack.

A logical error in the IPv6 networking stack when handling malformed
arguments given by the userspace for RTM_GETADDR messages can lead to
a resource leak. A local attacker can exploit this flaw to cause
resource exhaustion and thus denial-of-service.


* Note: Oracle has determined that CVE-2024-26712 is not applicable.

This CVE addresses an issue in PowerPC KASAN support.  PowerPC is not supported
which is not included in this kernel.


* Note: Oracle has determined that CVE-2024-26751 is not applicable.

The kernel is not affected by CVE-2024-26751
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26788 is not applicable.

The kernel is not affected by CVE-2024-26788
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26790 is not applicable.

The kernel is not affected by CVE-2024-26790
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list