[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-6339-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Fri Oct 13 21:23:52 UTC 2023


Synopsis: USN-6339-1 can now be patched using Ksplice
CVEs: CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-48425 CVE-2023-21255 CVE-2023-2898 CVE-2023-31084 CVE-2023-3212 CVE-2023-34256 CVE-2023-38426 CVE-2023-38428 CVE-2023-38429

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6339-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-31084: Potential deadlock during DVB driver event processing.

An incorrect use of a semaphore can potentially cause a deadlock in the
DVB core driver.  This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.


* CVE-2023-34256: Out-of-bounds read in ext4 checksum handling.

An arithmetic error in a checksum generation routine in the ext4 driver
can lead to an out-of-bounds read.  This flaw could be exploited by a
malicious local user to leak sensitive information or to aid in another
type of attack.


* CVE-2023-3212: NULL dereference in GFS2 file system.

On corrupt gfs2 file systems, the evict logic can dereference the journal
descriptor after it has been freed, leading to a NULL pointer dereference. A
local user with privileges can use this flaw to cause denial-of-service.


* CVE-2022-45887: Memory leak in Technotrend/Hauppauge USB DEC driver.

A memory leak in the Technotrend/Hauppauge USB DEC driver can occur
when a device is disconnected. A local attacker can use this flaw
to cause a denial-of-service.


* Data race in ext4 extents status.

Data race exists in the ext4 cached extent stored in the extent status tree.
This can lead to data corruption or data loss.


* CVE-2023-2898: Race condition in f2fs filesystem causes DoS.

A race condition when resizing an f2fs filesystem can result in a
NULL-pointer dereference. A malicious filesystem image might exploit
this to cause a denial-of-service when mounted.


* CVE-2023-38426: Array out-of-bounds in KSMBD context structures.

Object buffer sizes for various SMB contexts are not properly validated
by KSMBD, potentially leading to out-of-bound-accesses based on remotely
received data. A malicious remote attacker might exploit this to cause a
denial-of-service or execute privileged code.


* CVE-2023-38428: Array out-of-bounds in KSMBD SMB2 UserName field.

KSMBD fails to properly validate the length of the UserName field of an
SMB2 PDU, potentially allowing a remote attacker to cause an
out-of-bounds memory access. This might result in a denial-of-service
or remote code execution.


* CVE-2022-48425: Missing validation of NTFS3 MFT flags.

The kernel implementation of the NTFS3 filesystem fails to validate MFT
flags properly in certain situations. A malicious filesystem image might
exploit this to cause a denial-of-service when mounted.


* CVE-2022-45886: Use-after-free in DVB Core driver.

A race condition in the network component of the DVB Core driver can
lead to a use-after-free when a device is disconnected. A local user
can exploit this flaw to cause a denial-of-service or potentially
escalate their privileges.


* CVE-2022-45919: Use-after-free in DVB EN50221 driver.

A race condition in the network compoenent of the DVB EN50221 driver can
lead to a use-after-free when the device is disconnected. A local user
might exploit this flaw to cause a denial-of-service or potentially
escalate their privileges.


* CVE-2023-38429: Off-by-one error in KSMBD when allocating PDU.

An off-by-one error when calculating the size of an SMB PDU could result
in an out-of-bounds access. A malicious remote user might exploit this
to cause a denial-of-service or execute arbitrary code.


* Note: Oracle is still investigating potential zero-downtime mitigations for CVE-2023-21255.

Fixes for this CVE are still undergoing analysis and testing. A
zero-downtime udpate may be provided at a later date.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the Ksplice-Ubuntu-22.04-updates mailing list