[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-6300-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Tue Aug 22 20:44:50 UTC 2023


Synopsis: USN-6300-1 can now be patched using Ksplice
CVEs: CVE-2022-4269 CVE-2022-48502 CVE-2023-0597 CVE-2023-1611 CVE-2023-1855 CVE-2023-1990 CVE-2023-2002 CVE-2023-2124 CVE-2023-2156 CVE-2023-2163 CVE-2023-2194 CVE-2023-2235 CVE-2023-2269 CVE-2023-23004 CVE-2023-28466 CVE-2023-30772 CVE-2023-3141 CVE-2023-32248 CVE-2023-3268 CVE-2023-33203 CVE-2023-33288 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828 CVE-2023-35829

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6300-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Note: Oracle has determined that CVE-2023-23004 is not applicable.

Incorrect logic in the ARM Mali Display Processor driver may cause incorrect
error handling in its plane manipulation routines. This can lead to memory
corruption.

Oracle has determined that the code in question is not compiled.


* CVE-2023-2235: Use-after-free in Performance Events subsystem.

Incorrect logic in the kernel's Performance Events subsystem can lead to a
use-after-free. This can allow a local user to escalate privileges.


* CVE-2023-28466: Race condition in Transport Layer Security subsystem.

A race condition in the Transport Layer Security (TLS) subsystem between
getsockopt() and setsockopt() operations can lead to use-after-free or null
dereference. This can allow a local user to cause denial-of-service.


* CVE-2022-4269: Denial-of-service in Traffic Control subsystem.

A flaw in the Traffic Control subsystem when the transport protocol in
use (TCP or SCTP) does a retransmission could result in a deadlock.
A local unprivileged user could use this flaw for denial-of-service.


* Note: Oracle has determined that CVE-2023-2194 is not applicable.

Insufficient user input validation in the APM X-Gene SoC I2C SLIMpro device
driver could allow writing beyond the end of a buffer. This could allow a
local privileged user to crash the system or execute incorrect code.a

Oracle has determined that the code in question is not compiled.


* CVE-2023-1611: Use-after-free in the BTRFS filesystem.

A use-after-free is possible in the BTRFS file system when a quota assign ioctl
and quota disable ioctls run concurrently. A local user could use this flaw to
cause a denial-of-service or execute arbitrary code.


* CVE-2023-2124: Denial-of-service in XFS file system during image restoration.

Insufficient checks in XFS during image restoration after a failure
with a dirty log journal can lead to out-of-bounds memory access flaw.
A local attacker can use this flaw to cause denial-of-service or to
escalate their privileges.


* CVE-2023-3141: Use-after-free in the r592 driver's device removal path.

A race condition can occur when removing an r592 device that can lead to
a use-after-free.  This flaw could be exploited by a local attacker to
cause a denial-of-service, or to leak sensitive information from kernel
memory.


* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.

An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted.  This can allow
escalation of privileges, denial-of-service and information leak.


* CVE-2023-3268: Out-of-bounds memory access in kernel-userspace relay file support.

An out-of-bounds memory access error exists in the kernel->userspace relay
support. This could allow a local attacker to crash the system or leak
kernel internal information.


* CVE-2023-35824: Use-after-free during dm1105 device removal.

A race condition in the dm1105 driver's device removal path can result
in a use-after-free.  This flaw could be exploited by a local attacker
to cause a denial-of-service or other unexpected behavior.


* CVE-2023-35823: Use-after-free in video4linux driver for Philips SAA713x based TV cards.

Incorrect cleanup logic in the video4linux driver for Philips SAA713x based
TV cards can cause a use-after-free when a module or device is removed. This
can allow a local user to escalate privileges or cause undefined behavior.


* Note: Oracle has determined that CVE-2023-35828 is not applicable.

A race condition in the Linux kernel's Renesas USB3.0 controller when
removing the module before cleanup could lead to a use after free error.
A local privileged attacker could use this flaw to cause denial of
service.

The kernel is not affected by CVE-2023-35828 since the code under
consideration is not compiled.


* CVE-2023-2269: Denial-of-service in Device Mapper-Multipathing subsystem.

A possible recursive locking scenario in Linux Kernel Device Mapper
Multipathing subsystem can lead to a deadlock. A local user can use
this flaw to cause denial of service.


* CVE-2023-33288: Race condition in TI BQ24190 battery charger driver.

A race condition in the TI bq24190 battery charger driver can lead to a
user-after-free scenario. This flaw could be exploited by a malicious local
user to cause denial-of-service or other undefined behavior


* CVE-2022-48502: Out-of-bounds memory access in NTFS3.

Missing correctness checks in NTFS3 while reading from disk may lead to
an out-of-bounds memory read. An attacker with physical access to an
NTFS3 volume attached to the system may use this flaw for a
denial-of-service or disclosure of sensitive information.


* CVE-2023-2156: Denial-of-service in Routing Protocol for Low-Power and Lossy Networks.

Incorrect header size calculation in the RPL protocol can lead to an
assertion failure. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2023-2163: Out-of-bounds memory access in BPF program verifier.

A flaw in the BPF verifier may allow a BPF program path to be
prematurely marked as safe, potentially leading to an out-of-bounds
read or write access. An attacker could use this flaw for
denial-of-service or arbitrary code execution.


* CVE-2023-32248: Denial-of-service in SMB server support.

A missing sanity check in ksmbd when handling SMB2_TREE_CONNECT and
SMB2_QUERY_INFO commands may lead to a null pointer dereference. An
unauthenticated remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2023-1990: Use-after-free in STM NFC device driver causes crash.

A race condition in the STMicroelectronics NFC device driver could
result in a use-after-free. A malicious device might exploit this to
cause a denial-of-service.


* CVE-2023-1855: Use-after-free in APM X-Gene SoC hardware monitoring driver.

A logic error in the APM X-Gene SoC hardware monitoring driver leads to a
use-after-free. A local user can use this flaw to cause denial-of-service or
leak information.


* CVE-2023-30772: Use-after-free when disconnecting DA9150 power supply.

A race condition in the driver for the Dialog Semiconductor DA9150 power
supply could result in a crash when the device is disconnected. A
malicious device might exploit this to cause a denial-of-service.


* CVE-2023-33203: Use-after-free in Qualcomm EMAC Gigabit Ethernet Driver.

Incorrect cleanup logic in the Qualcomm Ethernet Media Access Controller
(EMAC) Driver can cause a use-after-free when an emac based device is
removed. This can allow a user with physical access to escalate privileges
or cause undefined behavior.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-0597.

The lack of address randomization for the kernel per-cpu entry area could
allow an unprivileged user to guess the location of the kernel's CPU
exception stacks or other important data structures to aid certain types
of attacks targeting the kernel which require address space layout
determinism.

Oracle has determined that enabling address randomization for per-cpu
entry area on a running system would not be safe and recommends
a reboot if such mitigation is required.


* Note: Oracle has determined that CVE-2023-35829 is not applicable.

Oracle has determined that a rebootless update will not be required for
CVE-2023-35829 as the code in question is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the Ksplice-Ubuntu-22.04-updates mailing list