[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-5982-1)
Oracle Ksplice
quentin.casasnovas at oracle.com
Mon Apr 3 12:39:25 UTC 2023
Synopsis: USN-5982-1 can now be patched using Ksplice
CVEs: CVE-2019-19082 CVE-2022-2196 CVE-2022-2873 CVE-2022-3424 CVE-2022-36280 CVE-2022-41218 CVE-2022-4382 CVE-2022-48423 CVE-2022-48424 CVE-2023-0045 CVE-2023-0210 CVE-2023-0266 CVE-2023-0615 CVE-2023-23454 CVE-2023-23455 CVE-2023-23559 CVE-2023-26606 CVE-2023-28328
Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5982-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2023-0045: Deficiency in existing speculative attack mitigation.
A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks. This flaw could be exploited to leak information
from a running system.
* CVE-2023-23559: Buffer overflow in driver for RNDIS-based wireless USB devices.
A buffer overflow exists in the driver code for wireless USB devices based on
Remote Network Driver Interface Specification (RNDIS). This could allow a local
user to cause denial-of-service.
* CVE-2023-0615: Out-of-bounds memory access in the Virtual Video Test Driver.
Lack of boundary checks when adjusting the composing height could lead to
an out-of-bounds memory access. A local user with the ability to send
IOCTL to the V4L2 VIVID driver could use this flaw to cause a
denial-of-service or elevate privileges.
* CVE-2022-3424: Denial-of-service in SGI GRU driver.
A logic error when using SGI GRU driver could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.
* Improved update to CVE-2022-2873: Out-of-bounds memory access in iSMT.
A missing sanity check for a user controlled value in the Intel's iSMT
SMBus host controller driver when processing an SMBus command may lead
to a memory corruption by writing past the end of a buffer. A local
user could use this flaw for denial-of-service or code execution.
* CVE-2019-19082: Memory leak when creating memory pool in AMD Display driver.
A missing free of resources when creating memory pools in AMD Display
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.
* CVE-2023-0266: Use-after-free in ALSA PCM IOCTL processing.
Missing locks around certain operations can lead to a use-after-free
in the ALSA PCM driver. This flaw could by exploited by a local
attacker to escalate their privileges.
* CVE-2022-41218: Use-after-free in dvb-core device release path.
Improper locking during device release operations can lead to a
use-after-free error in the dvb-core driver. This bug could be
exploited by a malicious local attack to cause a denial-of-service or to
escalate privileges.
* CVE-2022-36280: Out-of-bounds access in vmwgfs driver during cursor snoop.
A failure to validate cursor size data during a snoop operation can
lead to an out-of-bounds memory access. A malicious local user could
exploit this flaw to escalate their privileges, or to cause a
denial-of-service.
* CVE-2023-23455: Denial-of-service in ATM Virtual Circuit queue operation.
A logic error during a queue operation in the sch_atm driver can result
in an invalid pointer access. This flaw could be exploited by a local
attacker to cause a denial-of-service.
* CVE-2023-23454: Denial-of-service in CBQ packet scheduling.
When dropping a packet in Class-Based Queueing (CBQ) packet scheduling
algorithm, invalid data may be read. A local user can use this to cause
denial-of-service.
* CVE-2022-4382: Use-after-free in USB Gadget Filesystem driver.
A race condition in the gadgetfs driver when processes are concurrently
mounting and unmounting the gadgetfs filesystem may lead to a
use-after-free. A local user could use this flaw to cause a
denial-of-service or elevate privileges on the system.
* CVE-2023-0210: Out-of-bounds memory access in SMB3 server support.
Improper buffer size parameter validation in SMB3 when processing
NTLMv2 authentication requests may lead to a heap-based buffer overflow.
An unauthenticated remote user could use this flaw for a
denial-of-service.
* CVE-2022-2196: Information leak in Kernel-based Virtual Machine.
A flaw in KVM due to a missing flush of indirect branch predictors
at VM-exit time may result in a leak of information.
A nested guest VM (L2) may use this flaw to perform Spectre v2 attacks
on L1 guest VMs.
* CVE-2023-28328: Denial-of-service in Azurewave AZ6027 driver during ioctl processing.
A missing length check on a buffer passed in from userspace via an ioctl
can result in a NULL pointer dereference. This flaw could be exploited
by a remote attacker to cause a denial-of-service.
* CVE-2022-48424, CVE-2022-48423: Out-of-bounds memory access in NTFS3.
Missing sanity checks in NTFS3 while parsing the MFT or while
enumerating extended attributes from an NTFS3 volume may lead to an
out-of-bounds memory access. An attacker with physical access to an
NTFS3 volume attached to the system may use this flaw for a
denial-of-service or arbitrary code execution.
* CVE-2023-26606: Information disclosure in NTFS3.
An bad loop termination condition in NTFS3's ntfs_trim_fs may lead to an
out-of-bounds memory read. A local attacker could use this flaw to cause
a denial-of-service or expose sensitive information.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-22.04-updates
mailing list