[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6767-1)

Oracle Ksplice gregory.herrero at oracle.com
Sun May 12 18:24:25 UTC 2024 

Synopsis: USN-6767-1 can now be patched using Ksplice
CVEs: CVE-2023-52435 CVE-2023-52486 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52601 CVE-2023-52602 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607 CVE-2023-52615 CVE-2023-52619 CVE-2023-52622 CVE-2023-52623 CVE-2024-26593 CVE-2024-26598 CVE-2024-26600 CVE-2024-26602 CVE-2024-26615 CVE-2024-26625 CVE-2024-26635 CVE-2024-26636 CVE-2024-26645 CVE-2024-26663 CVE-2024-26664 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26679 CVE-2024-26685 CVE-2024-26696 CVE-2024-26704 CVE-2024-26720 CVE-2024-26825 CVE-2024-26917 CVE-2024-26972

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6767-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52615: Denial-of-service in Hardware Random Number Generator.

A read from /dev/hwrng into a memory mapped by another read can
lead to a deadlock. A local attacker can exploit this flaw to
cause a denial-of-service.


* CVE-2024-26972: Denial-of-service when encrypting UBIFS filesystem.

A missing free of resources in error path when encrypting UBIFS
filesystem could lead to a memory leak. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-26636: Denial-of-service during bonding changes in ANSI/IEEE 802.2 LLC driver.

A logic error when doing bonding changes in ANSI/IEEE 802.2 LLC driver
could lead to a kernel assert. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-26635: Information leak when using ANSI/IEEE 802.2 LLC driver.

A logic error when using ANSI/IEEE 802.2 LLC driver could lead to usage
of an uninitialized data. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* Note: Oracle has determined that CVE-2024-26645 is not applicable.

Due to ARM64 CPUs reordering the writes issued by the core kernel
tracing code, a duplicate key can be added in the tracing map. A
local attacker can exploit this flaw to cause denial-of-service or
facilitate an attack.

The kernel is not affected by CVE-2024-26645 since the code under
consideration is not compiled.


* CVE-2023-52486: Denial-of-service in Direct Rendering Manager subsystem.

When replacing the scanned-out framebuffer with a new one, a deadlock
is possible leading to a use-after-free. A local attacker can exploit
this flaw to cause denial-of-service or aid in other types of attacks.


* Note: Oracle has determined that CVE-2023-52607 is not applicable.

Failure to check memory allocation success can lead to a null-pointer
dereference in the PowerPC architecture's memory management code.

The kernel is not affected by CVE-2023-52607 since the code under
consideration is not compiled (kernel is not built for PowerPC).


* Note: Oracle has determined that CVE-2023-52606 is not applicable.

Invalid maximum size assumption for emulation of vector instructions by
the PowerPC architecture core can lead to kernel stack corruption. A
local attacker can exploit this flaw to cause privilege escalation or
denial-of-service.

The kernel is not affected by CVE-2023-52606 since the code under
consideration is not compiled (kernel is not built for PowerPC).


* CVE-2023-52599, CVE-2023-52602, CVE-2023-52604, CVE-2023-52601: Out-of-bounds accesses in JFS filesystem.

Multiple logic errors when using JFS filesystem could lead to
out-of-bounds accesses. A local attacker could use this flaw to cause a
denial-of-service or facilitate an attack.


* CVE-2023-52619: Denial-of-service in generic Persistent Storage filesystem layer.

RAM Oops/Panic Logger of the Persistent Storage layer can set the
number of CPU cores to an odd number, leading to a crash. A local
attacker can exploit this flaw to cause denial-of-service.


* Note: Oracle has determined that CVE-2023-52598 is not applicable.

Racing of an IRQ and handling of floating point control register on a
System/390 machine can lead to corruption of the register. A local
attacker can exploit this flaw to cause denial-of-service, data
corruption, or aid in other types of attacks.

The kernel is not affected by CVE-2023-52598 since the code under
consideration is not compiled (kernel is not built for System/390).


* Note: Oracle has determined that CVE-2023-52597 is not applicable.

Racing of an IRQ and handling of floating point control register for a
KVM can lead to the corruption of said register on System/390 machines.
A local attacker can exploit this flaw to cause denial-of-service, data
corruption, or aid in other types of attacks.

The kernel is not affected by CVE-2023-52597 since the code under
consideration is not compiled (kernel is not built for System/390).


* CVE-2023-52623: Denial-of-service in SUNRPC networking stack.

A locking error when using SUNRPC subsystem could lead to a race
condition. A local attacker could use this flaw to cause a
denial-of-service or facilitate an attack.


* CVE-2023-52622: Denial-of-service in ext4 filesystem.

Missing checks for block group size provided by a user to resize an
ext4 filesystem online can lead to an attempt to allocate an oversized
array, which would fail and thus the resize fails. A local attacker can
exploit this flaw to cause denial-of-service.


* CVE-2023-52595: Denial-of-service in Ralink WiFi driver.

Hardware reset stops beacon transmission in hardware, but the Ralink
WiFi driver doesn't stop it in the mac80211 software stack, leading to
a deadlock resulting in non-transmission. A local attacker can exploit
this flaw to cause a denial-of-service.


* CVE-2023-52594: Information leak in Atheros HTC-based WiFi driver.

A missing bound-check in the transmit status operation after a config
request by an Atheros HTC-based WiFi card can lead to an out-of-bounds
read. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or cause denial-of-service.


* CVE-2023-52587: Deadlock in ipoib multicast mode.

Incorrect locking when iterating the multicast list for an IP-over-IB
connection could result in an infinite loop. A malicious user able to
create IP-over-IB connections might be able to exploit this to cause a
denial-of-service on the system.


* CVE-2024-26671: Denial-of-service in block subsystem.

Lack of a CPU barrier in block multiqueue core code can lead to
re-ordering of some calls which leads to IO hang due to a race.
A local attacker can exploit this flaw to cause denial-of-service.


* CVE-2023-52583: Denial-of-service in Ceph distributed filesystem.

Incorrect locking order between parent and child directory entries
during an operation in Ceph filesystem can lead to a deadlock. A
local attacker can exploit this flaw to cause a denial-of-service.


* CVE-2024-26625: Privilege escalation when using ANSI/IEEE 802.2 LLC driver. 

A logic error when using ANSI/IEEE 802.2 LLC driver could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service or escalate privilege.


* CVE-2024-26673: Missing validation in netfilter subsystem.

Custom expectations handling in the netfilter subsystem did not verify
or sanitize the given protocol. A local attacker can exploit this flaw
to facilitate an attack.


* Note: Oracle has determined that CVE-2024-26600 is not applicable.

The kernel is not affected by CVE-2024-26600
since the code under consideration is not compiled.


* CVE-2024-26664: Out-of-bounds write in Intel CPU temperature sensor driver.

An out-of-bounds write can happen before an out-of-bounds check in the
Intel CPU temperature sensor driver. A local attacker can exploit this
flaw to cause privilege escalation or denial-of-service.


* CVE-2024-26679: Denial-of-service in IP networking stack.

Reception of error can race with socket mutating from IPv6 to IPv4,
leading to no reception. A local attacker can exploit this flaw to
cause denial-of-service.


* CVE-2024-26663: Denial-of-service in TIPC networking stack.

Missing bearer type check while adding IP addresses in TIPC bearer can
lead to a null-pointer dereference. A local attacker can exploit this
flaw to cause denial-of-service.


* CVE-2024-26675: Denial-of-service in PPP async serial channel driver.

Lack of maximum size check when setting Maximum Receive Unit using the
ppp_async ioctl can lead to an attempt to allocate an oversized sockets,
which would fail and thus the ioctl operation fails. A local attacker
can exploit this flaw to cause denial-of-service.


* CVE-2024-26720: Denial-of-service in kernel memory manager.

Incorrect cast of a divisor while setting dirty page writeback limits
can lead to a divide-by-zero error. A local privileged attacker can
exploit this flaw to cause denial-of-service.


* CVE-2024-26593: Data corruption in Intel 82801 (ICH/PCH) I2C driver.

The i2c-i801 driver has a flawed implementation of the block-write
block-read process call transactions, leading to reading wrong data
and leaving residual data in the device FIFO buffer. An attacker can
exploit this flaw to cause data corruption, denial-of-service, or aid
in other types of attacks.


* CVE-2024-26917: Denial-of-service in Fibre Channel over Ethernet module.

Incorrect type of locking when handling controllers in FCoE module
results in interrupts by the FCoE devices being missed. A local
attacker can exploit this flaw to cause a denial-of-service.


* CVE-2024-26704: Denial-of-service in ext4 filesystem.

When moving extents in ext4 filesystem, a failure to cope for an
unsuccessful loop exit when calculating the moved length can lead
to a double-free and divide-by-zero error. A local attacker can
exploit this flaw to cause denial-of-service or aid in other types
of attacks.


* Note: Oracle has determined that CVE-2024-26598 is not applicable.

During peripheral interrupt translation, incorrect refcounting by the
KVM Virtual Generic Interrupt Controller (VGIC) for ARM machines can
lead to a use-after-free. A local attacker can exploit this flaw to
cause denial-of-service or privilege escalation.

The kernel is not affected by CVE-2024-26598 since the code under
consideration is not compiled.


* CVE-2023-52435: Denial-of-service in net subsystem.

The core net subsystem is responsible for segmenting socket buffers for
various protocols. A missing bound check while doing that can lead to a
null-pointer dereference. A local attacker can exploit this flaw to
cause a denial-of-service.


* CVE-2024-26602: Denial-of-service using membarrier system call.

membarrier syscall can slowdown some systems entirely to saturation.
A local attacker can exploit this flaw to cause a denial-of-service.


* CVE-2024-26615: Denial-of-service when dumping information in SMC socket monitoring interface.

A missing check when dumping information in SMC socket monitoring
interface could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2024-26825: Denial-of-service when using NCI protocol.

A missing free of resources when using NCI protocol could lead to memory
leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26696: Denial-of-service when writing data in NILFS2 file system.

A missing wait after a write operation in NILFS2 file system could lead
to a deadlock. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-26685: Denial-of-service when using NILFS2 file system.

A logic error when writing data in NILFS2 file system could lead to a
kernel assert. A local attacker could use this flaw to cause a denial-
of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list