[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (5.15.0-35.36)
Oracle Ksplice
quentin.casasnovas at oracle.com
Mon Aug 29 13:53:54 UTC 2022
Synopsis: 5.15.0-35.36 can now be patched using Ksplice
CVEs: CVE-2021-4034 CVE-2022-0854 CVE-2022-1048 CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1353 CVE-2022-1516 CVE-2022-1651 CVE-2022-1671 CVE-2022-21499 CVE-2022-2153 CVE-2022-2380 CVE-2022-24448 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29582
Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu kernel update, 5.15.0-35.36.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2022-1158: Use-after-free in the KVM subsystem.
A flaw in the KVM subsystem may allow a guest virtual machine to
trigger a use-after-free exception. This may lead to denial-of-service
and possible loss of system confidentiality.
* CVE-2022-2153: Denial-of-service in Kernel-based Virtual Machine.
A logic flaw in Kernel-based Virtual Machine in some cases when KVM
initializes a vCPU without creating APIC could result in NULL pointer
dereference. A local user could use this flaw for a denial-of-service.
* CVE-2022-28356: Denial-of-service in 802.2 LLC type 2 driver.
A reference counting flaw in socket binding of the 802.2 LLC type 2
driver could happen in some error conditions. A local user could use
this flaw to cause a denial-of-service.
* CVE-2022-28390: Code execution in EMS CPC-USB/ARM7 CAN/USB interface.
A double-free flaw in data transmission path of EMS CPC-USB/ARM7 CAN/USB
interface could result in memory leaks and data corruption. A local user
could use this flaw for a denial-of-service or code execution.
* Out-of-bounds memory accesses when using netlabel subsystem.
Logic errors when using netlabel subsystem could lead to out-of-bounds
memory accesses. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2022-28388: Code execution in 8devices USB2CAN interface.
A double-free in the USB2CAN interface from 8devices could result in
memory leaks and data corruption. A local user could use this flaw for
a denial-of-service or code execution.
* CVE-2022-1353: Information disclosure in PF_KEYv2 socket subsystem.
An incorrect initialization of Security Association data structures by the
PF_KEYv2 socket subsystem could leak previous values stored in that kernel
memory. A local, unprivileged user can use this to gain access to kernel memory
and cause a denial-of-service or leak kernel information.
* Out-of-bounds write access in Atheros 802.11abg PCI driver when parsing EEPROM data.
A missing sanity check in parsing EEPROM data of Atheros 802.11abg PCI
driver could lead to out-of-bounds write access. A local user could
use this flaw for a denial-of service or code execution.
* CVE-2022-29582: Use-after-free in asynchronous io_uring API.
A logic flaw in asynchronous io_uring API when flushing a queue could
lead to use-after-free. A local user could use this flaw for denial of
service or code execution.
* CVE-2022-2380: Out-of-bounds memory access in sm712fb driver.
A logic flaw in the sm712fb driver when reading the framebuffer from
userspace could result in out-of-bound memory access. A local attacker
could use the flaw to gain information about the running kernel or cause
a denial-of-service.
* CVE-2021-4034: Prevent empty argument list when executing processes.
Incorrect input validation in the pkexec program (part of Polkit) allows
any local user to become root.
* CVE-2022-1651: Memory leak in ACRN Hypervisor Service Module.
Improperly freed memory allocations in the ACRN Hypervisor Service
Module when validating user input could allow a local attacker to cause a
denial-of-service from memory exhaustion.
* Improved update to CVE-2022-0854: Information disclosure in DMA subsystem.
A flaw in the DMA subsystem when creating a mapping for a buffer could
result in a memory leak. A local user could use this flaw for
information disclosure.
* Improved update to CVE-2022-24448: Denial-of-service in NFSv4.
A flaw in parameter validation when opening files over an NFS mount
can result in a NULL pointer dereference. A local attacker could use this
flaw to cause a system crash.
* CVE-2022-1048: Code execution in Advanced Linux Sound Architecture framework.
A race condition due to a missing locking in the Advanced Linux Sound
Architecture framework could result in a use-after-free. A local user
could use this flaw to cause a denial-of-service or execute arbitrary
code.
* CVE-2022-21499: Kernel Lockdown bypass.
The kernel does not prevent use of the kernel debugger (kgdb) while in
lockdown mode. An attacker with access to a serial port during lockdown
could use this flaw to obtain read and write access to kernel memory,
thus rendering the lockdown feature ineffective.
* CVE-2022-28389: Double-free in Microchip CAN BUS Analyzer interface.
A flaw in error handling of Microchip CAN BUS Analyzer interface could
lead to a double-free. A local user could use this flaw to cause
a denial-of-service or code execution.
* CVE-2022-1671: Denial-of-service in RxRPC network protocol.
A flaw in the RxRPC network protocol when handling server keys could
result in a NULL pointer dereference. A local user could use this flaw
for a denial-of-service.
* CVE-2022-1516: Denial-of-service in X.25 network protocol.
A flaw in the X.25 network protocol when handling link layer events
could result in NULL pointer dereference. A local user could use this
flaw for a denial-of-service.
* CVE-2022-1198, CVE-2022-1195: Use-after-free in the hamradio 6pack driver.
A race condition in the hamradio 6pack driver could lead to a
use-after-free when a 6pack device is detached. A local attacker could
use this to cause a denial-of-service or execute arbitrary code.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-22.04-updates
mailing list