[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-6951-1)

Oracle Ksplice gregory.herrero at oracle.com
Mon Sep 23 15:46:10 UTC 2024 

Synopsis: USN-6951-1 can now be patched using Ksplice
CVEs: CVE-2023-52434 CVE-2024-26886 CVE-2024-27398 CVE-2024-33621 CVE-2024-36286 CVE-2024-36288 CVE-2024-36883 CVE-2024-36886 CVE-2024-36904 CVE-2024-36919 CVE-2024-36933 CVE-2024-36941 CVE-2024-36960 CVE-2024-36964 CVE-2024-36971 CVE-2024-38552 CVE-2024-38558 CVE-2024-38578 CVE-2024-38598 CVE-2024-38599 CVE-2024-38618 CVE-2024-38659 CVE-2024-39276 CVE-2024-39471 CVE-2024-39475 CVE-2024-39489

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6951-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52434: Remote memory corruption in SMB client.

A missing check when receiving SMB server contexts could lead to an out-
of-bounds memory write. A remote attacker could use this flaw to cause
memory corruption.


* CVE-2024-26886: Denial-of-service in Bluetooth subsystem.

A race condition when using af_bluetooth could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-27398: Denial-of-service in Bluetooth Classic (BR/EDR) features.

A missing check when using Bluetooth Classic (BR/EDR) features could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-33621: Denial-of-service in IP-VLAN driver.

A logic error when using IP-VLAN driver could lead to a kernel oops. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-36286: Denial-of-service in netfilter subsystem.

Missing read lock in the netfilter subsystem when unbinding a program
from a specific queue could lead to flushing in an incorrect way. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-36288: Memory corruption in SUNRPC_GSS.

A missing check when using SUNRPC_GSS could lead to an out-of-bounds
memory access. A local attacker could use this flaw to cause memory
corruption.


* CVE-2024-36883: Denial-of-service in Networking namespace driver.

A race condition when using the Networking namespace driver could lead to
an out-of-bounds memory access. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-36886: Remote code execution in TIPC networking stack.

A logic error when using the TIPC networking stack could lead to a
use-after-free. A remote attacker could use this flaw to execute
arbitrary code in kernel mode, escalate privileges, cause a
denial-of-service, or aid in other types of attacks.


* CVE-2024-36904: Remote code execution in TCP/IP networking stack.

A race condition in TCP/IP networking stack can cause a data race
with a refcount value, leading to an underflow, which can cause a
use-after-free elsewhere in the kernel depending on the refcount.
A remote attacker could use this flaw to execute arbitrary code in
kernel mode, escalate privileges, cause a denial-of-service, or aid
in other types of attacks.


* CVE-2024-36919: Denial-of-service in QLogic Fibre-Channel-over-Ethernet offload driver.

Unnecessary locking when using the QLogic FCoE offload driver could
lead to a kernel panic. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-36933: Information leak in Network Service Header protocol stack.

A logic error when using the Network Service Header protocol stack could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to extract sensitive information.


* CVE-2024-36941: Denial-of-service in core WiFi subsystem.

A missing check when using the core WiFi subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-36960: Information leak in DRM driver for VMware Virtual GPU.

A logic error when using the DRM driver for VMware Virtual GPU could
lead to an out-of-bounds memory read. A local attacker could use this
flaw to extract sensitive information.


* CVE-2024-36964: Privilege escalation in Plan 9 Resource Sharing filesystem.

A logic error when using the Plan 9 Resource Sharing filesystem stack
could lead to garbage 9P mode bits setting the underlying Unix perm
bits, including the suid bit. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-36971: Remote code execution in TCP/IP networking stack.

A logic error when using TCP/IP networking stack could lead to a use-
after-free. A remote attacker could use this flaw to execute arbitrary
code in kernel mode.


* CVE-2024-38552: Memory corruption in AMD display core driver.

A missing check when using AMD display core driver could lead to a
buffer overflow. A local attacker could use this flaw to cause memory
corruption.


* CVE-2024-38558: Denial-of-service in Open vSwitch driver.

A logic error when using Open vSwitch driver could lead to destination
address being partially zeroed out. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-38578: Information leak in Linux filesystem encryption layer.

A logic error when using Linux filesystem encryption layer could lead to
an out-of-bounds memory write. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-38598: Denial-of-service in multiple block device driver.

A logic error when using multiple block device driver could lead to
soft-lockup. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-38599: Disk corruption in JFFS2 filesystem.

A missing check when using JFFS2 filesystem could lead to an out-of-
bounds memory write. A local attacker could use this flaw to cause disk
corruption.


* CVE-2024-38618: Denial-of-service in the core sound subsystem (ALSA).

A missing check in the timer code of the core sound subsystem (ALSA)
could lead to tasks being stalled. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-38659: Information leak in Cisco VIC Ethernet driver.

A missing check when using Cisco VIC Ethernet driver could lead to an
out-of-bounds memory read. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-39276: Resource leak in ext4 filesystem.

Incorrect reference counting when using ext4 filesystem could lead to a
reference count leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39471: Memory corruption in AMDGPU driver.

A missing check when using AMDGPU driver could lead to an out-of-bounds
memory access. A local attacker could use this flaw to cause memory
corruption.


* CVE-2024-39475: Denial-of-service in S3 Savage driver.

A logic error when using the S3 Savage driver could lead to a divide-by-
zero. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-39489: Denial-of-service in IPv6 HMAC Segment Routing.

A missing check when using IPv6 HMAC Segment Routing could lead to a
memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2023-52882, CVE-2024-39488

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list