[Ksplice][Ubuntu-21.04-Updates] New Ksplice updates for Ubuntu 21.04 Hirsute (USN-4950-1)

Tue Oct 12 00:34:32 PDT 2021

Synopsis: USN-4950-1 can now be patched using Ksplice
CVEs: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-22555 CVE-2021-23133 CVE-2021-29155 CVE-2021-33033 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 CVE-2021-3501

Systems running Ubuntu 21.04 Hirsute can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4950-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 21.04
Hirsute install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2021-3489: Denial-of-service in BPF due to lacking ring buffer validation.

A malicious BPF program could leverage flaws in the BPF ring buffer
implementation to cause a denial-of-service or potentially execute
arbitrary code.

* CVE-2021-3491: Denial-of-service due to limit enforcement issues in IO uring.

A local user could leverage inadequate enforcement of buffer size limits in
some IO uring code paths to cause a denial-of-service or potentially execute
arbitrary code.

* CVE-2021-3490: Denial-of-service in BPF verifier for some bitwise operations.

A malicious BPF program could leverage BPF verifier flaws related to some
bitwise operations to cause a denial-of-service or potentially execute
arbitrary code.

* CVE-2021-3501: Privilege escalation in the KVM VMX driver.

Use of untrusted user controlled data to index an array could lead to an
out of bounds write access.  A local user with the ability to start guests
VMs on a host with KVM VMX enabled can use this flaw to elevate its
privileges.

* CVE-2021-22555: Privilege escalation in Netfilter due to out-of-bounds memory write.

A heap out-of-bounds write in netfilter could allow an attacker to gain
privileges or cause a denial-of-service.

* CVE-2020-25670: Denial-of-service in socket binds of NFC LLCP protocol.

A reference counting error in sockets binds of the NFC LLCP protocol
implementation could lead to a system crash. A local attacker could use
this to cause a denial of service.

* CVE-2020-25671: Denial-of-service in the NFC LLCP protocol due to a refcount leak.

A flaw in socket connects of the NFC LLCP protocol implementation could
lead to a refcount leak in certain error situations.A local attacker
could use this flaw to cause a denial of service.

* CVE-2020-25672: Denial-of-service in socket connects of the NFC LLCP protocol.

A flaw in socket connects of the NFC LLCP protocol implementation could
lead to a failure to deallocate memory in certain error situations.
A local attacker could use this flaw to cause a denial of service.

* CVE-2020-25673: Denial-of-service in NFC subsystem due to improper error handling.

Improper error handling in LLC socket connects of NFC subsystem could
lead to an infinite loop. A local attacker could use this to cause
a denial of service.

* CVE-2021-33033: Denial-of-service in security key addition for Generic IEEE 802.15.4 Soft Networking Stack.

A flaw in link-layer security key addition for Generic IEEE 802.15.4 Soft
Networking Stack could lead to a system crash. A local attacker could
use this to cause a denial of service.

* CVE-2021-29155: Information disclosure in eBPF due to out of bounds pointer arithmetic.

Out of bounds pointer arithmetic flaw in the eBPF implementation could
allow an attacker to bypass the protection and execute speculatively
out-of-bounds loads from the kernel memory leading to extraction of
the kernel memory contents via a side-channel. A local, special user
privileged (CAP_SYS_ADMIN) BPF program could use this flaw for sensitive
information disclosure.

* CVE-2021-23133: Multiple vulnerabilities due to a race condition in SCTP.

A flaw in socket functionality of Stream Control Transmission Protocol
could lead to a race condition. A local user with network service
privileges could use this flaw for privilege escalation, information
disclosure or denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.