[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (CVE-2022-47938 CVE-2022-47939 CVE-2022-47940 CVE-2022-47941 CVE-2022-47942 CVE-2022-47943)

Denis Efremov denis.e.efremov at oracle.com
Fri Dec 23 20:19:38 UTC 2022


Synopsis: CVE-2022-47938 CVE-2022-47939 CVE-2022-47940 CVE-2022-47941 CVE-2022-47942 CVE-2022-47943 can now be patched using Ksplice

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu kernel update, CVE-2022-47938 CVE-2022-47939
CVE-2022-47940 CVE-2022-47941 CVE-2022-47942 CVE-2022-47943.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-47941: Remote denial-of-service in SMB3 server support.

An incorrect resources handling in SMB3 server support may lead to a
memory leak. A remote attacker can use this flaw to cause
denial-of-service.


* CVE-2022-47938: Remote denial-of-service in SMB3 server support.

Lack of validation of user-supplied input may lead to a out-of-bounds
buffer read. An authenticated remote attacker can use this flaw to
cause denial-of-service.


* CVE-2022-47939: Remote code execution in SMB3 server support.

An incorrect resources cleanup in SMB3 server support driver may lead
to a user-after-free. A remote attacker can use this flaw for code
execution.


* CVE-2022-47940, CVE-2022-47943: Information Disclosure in SMB3 server support.

Lack of validation of user-supplied input may lead to a out-of-bounds
buffer read. An authenticated remote attacker can use this flaw to
cause denial-of-service or as a part of another attack.


* CVE-2022-47942: Remote code execution in SMB3 server support.

Lack of validation of user-supplied input may lead to a buffer
overflow. An authenticated remote attacker could use this flaw for code
execution.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.



More information about the Ksplice-Ubuntu-22.04-updates mailing list