[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-5982-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Mon Apr 3 12:39:25 UTC 2023


Synopsis: USN-5982-1 can now be patched using Ksplice
CVEs: CVE-2019-19082 CVE-2022-2196 CVE-2022-2873 CVE-2022-3424 CVE-2022-36280 CVE-2022-41218 CVE-2022-4382 CVE-2022-48423 CVE-2022-48424 CVE-2023-0045 CVE-2023-0210 CVE-2023-0266 CVE-2023-0615 CVE-2023-23454 CVE-2023-23455 CVE-2023-23559 CVE-2023-26606 CVE-2023-28328

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5982-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-0045: Deficiency in existing speculative attack mitigation.

A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks.  This flaw could be exploited to leak information
from a running system.


* CVE-2023-23559: Buffer overflow in driver for RNDIS-based wireless USB devices.

A buffer overflow exists in the driver code for wireless USB devices based on
Remote Network Driver Interface Specification (RNDIS). This could allow a local
user to cause denial-of-service.


* CVE-2023-0615: Out-of-bounds memory access in the Virtual Video Test Driver.

Lack of boundary checks when adjusting the composing height could lead to
an out-of-bounds memory access.  A local user with the ability to send
IOCTL to the V4L2 VIVID driver could use this flaw to cause a
denial-of-service or elevate privileges.


* CVE-2022-3424: Denial-of-service in SGI GRU driver.

A logic error when using SGI GRU driver could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.


* Improved update to CVE-2022-2873: Out-of-bounds memory access in iSMT.

A missing sanity check for a user controlled value in the Intel's iSMT
SMBus host controller driver when processing an SMBus command may lead
to a memory corruption by writing past the end of a buffer. A local
user could use this flaw for denial-of-service or code execution.


* CVE-2019-19082: Memory leak when creating memory pool in AMD Display driver.

A missing free of resources when creating memory pools in AMD Display
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2023-0266: Use-after-free in ALSA PCM IOCTL processing.

Missing locks around certain operations can lead to a use-after-free
in the ALSA PCM driver.  This flaw could by exploited by a local
attacker to escalate their privileges.


* CVE-2022-41218: Use-after-free in dvb-core device release path.

Improper locking during device release operations can lead to a
use-after-free error in the dvb-core driver.  This bug could be
exploited by a malicious local attack to cause a denial-of-service or to
escalate privileges.


* CVE-2022-36280: Out-of-bounds access in vmwgfs driver during cursor snoop.

A failure to validate cursor size data during a snoop operation can
lead to an out-of-bounds memory access.  A malicious local user could
exploit this flaw to escalate their privileges, or to cause a
denial-of-service.


* CVE-2023-23455: Denial-of-service in ATM Virtual Circuit queue operation.

A logic error during a queue operation in the sch_atm driver can result
in an invalid pointer access.  This flaw could be exploited by a local
attacker to cause a denial-of-service.


* CVE-2023-23454: Denial-of-service in CBQ packet scheduling.

When dropping a packet in Class-Based Queueing (CBQ) packet scheduling
algorithm, invalid data may be read. A local user can use this to cause
denial-of-service.


* CVE-2022-4382: Use-after-free in USB Gadget Filesystem driver.

A race condition in the gadgetfs driver when processes are concurrently
mounting and unmounting the gadgetfs filesystem may lead to a
use-after-free. A local user could use this flaw to cause a
denial-of-service or elevate privileges on the system.


* CVE-2023-0210: Out-of-bounds memory access in SMB3 server support.

Improper buffer size parameter validation in SMB3 when processing
NTLMv2 authentication requests may lead to a heap-based buffer overflow.
An unauthenticated remote user could use this flaw for a
denial-of-service.


* CVE-2022-2196: Information leak in Kernel-based Virtual Machine.

A flaw in KVM due to a missing flush of indirect branch predictors
at VM-exit time may result in a leak of information.
A nested guest VM (L2) may use this flaw to perform Spectre v2 attacks
on L1 guest VMs.


* CVE-2023-28328: Denial-of-service in Azurewave AZ6027 driver during ioctl processing.

A missing length check on a buffer passed in from userspace via an ioctl
can result in a NULL pointer dereference.  This flaw could be exploited
by a remote attacker to cause a denial-of-service.


* CVE-2022-48424, CVE-2022-48423: Out-of-bounds memory access in NTFS3.

Missing sanity checks in NTFS3 while parsing the MFT or while
enumerating extended attributes from an NTFS3 volume may lead to an
out-of-bounds memory access. An attacker with physical access to an
NTFS3 volume attached to the system may use this flaw for a
denial-of-service or arbitrary code execution.


* CVE-2023-26606: Information disclosure in NTFS3.

An bad loop termination condition in NTFS3's ntfs_trim_fs may lead to an
out-of-bounds memory read. A local attacker could use this flaw to cause
a denial-of-service or expose sensitive information.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the Ksplice-Ubuntu-22.04-updates mailing list