[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-5518-1)

Wed Jan 25 16:33:28 UTC 2023

Synopsis: USN-5518-1 can now be patched using Ksplice
CVEs: CVE-2022-0500 CVE-2022-1734 CVE-2022-1789 CVE-2022-1974 CVE-2022-1975 CVE-2022-2639 CVE-2022-27666 CVE-2022-33981

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5518-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-1975: Denial-of-service in NFC firmware update.

Incorrect allocation flags when downloading new NFC firmware to a device
might result in the kernel sleeping in an atomic context, resulting in a
potential deadlock or denial-of-service.

* CVE-2022-1734: Use-after-free in Marvell NFC device driver.

A logic flaw in synchronization between firmware download and device
cleanup in the Marvell NFC device driver could lead to a use-after-free.
A local user could use this flaw to cause a denial-of-service or execute
arbitrary code.

* CVE-2022-1974: Race condition when disconnecting NFC device causes DoS.

Unregistering an NFC device is racey due to improper logic checking
whether device shutdown is in progress. A malicious local user might
exploit this to cause a denial-of-service.

* CVE-2022-1789: Denial-of-service in Kernel-based Virtual Machine.

A flaw in handling guest TLB mapping invalidation requests of
Kernel-based Virtual Machine could result in a NULL pointer dereference.
A local use could use this flaw for a denial-of-service.

* CVE-2022-33981: Denial-of-service in Floppy Disk support.

A logic flaw in ioctls of Floppy Disk support could result in
use-after-free. A local use could use this flaw for a denial-of-service.

* CVE-2022-2639: Out-of-bounds access in Open vSwitch Ethernet switch driver.

A logic flaw in the Open vSwitch driver code can lead to an out-of-bound
write. This can potentially be used to cause denial-of-service or
privilege escalation.

* CVE-2022-27666: Privilege escalation in IPsec ESP transformation.

A logic flaw in IPsec ESP transformation implementation could lead to
a heap buffer overflow. A local user could use this flaw to overwrite
kernel heap objects and cause privilege escalation.

* Note: Oracle is still investigating potential zero-downtime mitigations for CVE-2022-0500.

A flaw was found in the BPF verifier which could allow to bypass read-only
protections on some pointers accessible to a BPF program. A local user with
the ability to load BPF programs could use this flaw to escalate privileges.

Note that unprivileged eBPF is disabled on Ubuntu kernels and as such,
exploiting this vulnerability requires CAP_SYS_ADMIN or CAP_BPF on
unmodified Ubuntu kernels.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.