[Ksplice][Ubuntu-20.04-Updates] New Ksplice updates for Ubuntu 20.04 Focal (USN-7234-1)

Oracle Ksplice gregory.herrero at oracle.com
Thu Feb 13 22:48:05 UTC 2025 

Synopsis: USN-7234-1 can now be patched using Ksplice
CVEs: CVE-2023-21400 CVE-2024-53103 CVE-2024-53141 CVE-2024-53164

Systems running Ubuntu 20.04 Focal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-7234-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 20.04
Focal install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-53103: Privilege escalation in Virtual Socket protocol driver.

A missing variable initialization when destroying socket in the Virtual
Socket protocol driver could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.


* CVE-2024-53141: Privilege escalation in netfilter (IP set) subsystem.

A missing check when updating the bitmap for IP addresses in the
netfilter (IP set) subsystem could lead to an out-of-bounds memory
access. A local attacker could use this flaw to escalate privileges.


* CVE-2024-53164: Privilege escalation in CAKE network scheduler.

A logic error when using the Common Applications Kept Enhanced (CAKE)
network scheduler could lead to a use-after-free. A local attacker could
use this flaw to escalate privileges.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-21400.

A locking error in the IO uring subsystem can lead to kernel memory
corruption. A local attacker can potentially use this flaw to cause
a denial-of-service or escalate privileges.

Oracle has determined that patching CVE-2023-21400 on a running system
would not be safe and recommends a reboot if IO uring is enabled. Note
that IO uring can be disabled using the sysctl interface.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-20.04-updates mailing list