[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-6898-1)

Wed Aug 7 13:20:56 UTC 2024

Synopsis: USN-6898-1 can now be patched using Ksplice
CVEs: CVE-2022-38096 CVE-2023-52880 CVE-2024-25739 CVE-2024-26642 CVE-2024-26643 CVE-2024-26828 CVE-2024-26923 CVE-2024-26925 CVE-2024-26958 CVE-2024-26973 CVE-2024-26993 CVE-2024-27016 CVE-2024-27393 CVE-2024-35791 CVE-2024-35823 CVE-2024-35884 CVE-2024-35896 CVE-2024-35897 CVE-2024-35900 CVE-2024-35910 CVE-2024-35962 CVE-2024-35973

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6898-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-38096: Denial-of-service in DRM driver for VMware Virtual GPU.

Incorrect return status checks when using improperly initialized
rendering contexts in vmwgfx could lead to a null pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.

* CVE-2023-52880: Privilege escalation in GSM 07.10 tty multiplexor.

An unprivileged user can attach to the line discipline of GSM 07.10 tty
multiplexor driver even though CAP_NET_ADMIN is needed to create a GSM
network. A local attacker can exploit this flaw to extract sensitive
information from kernel memory, execute arbitrary code, and eventually
escalate privileges or facilitate an attack.

* CVE-2024-25739: Denial-of-service in Unsorted block images (UBI).

Incorrect validation of logical eraseblock sizes in UBI support could lead to a
kernel crash. A local attacker could use this flaw to cause a denial-of-
service.

* CVE-2024-26642, CVE-2024-26643: Privilege escalation in netfilter subsystem.

A logical error in the netfilter subsystem can cause a race between the
netfilter garbage collector and freeing of anonymous sets with timeouts
(wrongly allowed to create from userspace), leading to a use-after-free.
A local attacker can exploit this flaw to escalate privileges or
facilitate an attack.

* CVE-2024-26828: Remote privilege escalation in SMB3 and CIFS driver.

An invalid check when using SMB3 and CIFS driver could lead to an
out-of-bounds memory access. A remote attacker could use this flaw to
escalate privileges.

* CVE-2024-26923: Privilege escalation in Unix domain sockets.

A race condition when using Unix domain sockets could lead to garbage
collector racing with the connect() syscall. A local attacker could use
this flaw to escalate privileges.

* CVE-2024-26925, CVE-2024-35897, CVE-2024-35900: Privilege escalation in netfilter subsystem.

A logical error in the netfilter subsystem in handling asynchronous
garbage collection and table updates can lead to a double free. A
local attacker can exploit this flaw to escalate privileges or aid
in other types of attacks.

* CVE-2024-26958: Denial-of-service in NFS client driver.

A race condition in NFS client driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.

* CVE-2024-26973: Information leak in FAT filesystem.

Uninitialised field in FAT filesystem can eventually lead to memory
leak. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or facilitate an attack.

* CVE-2024-26993: Resource leak in SysFS filesystem.

A logic error in the SysFS filesystem can lead to a resource leak.
An attacker can exploit this flaw to cause a denial-of-service or
aid in other types of attacks.

* CVE-2024-27016: Denial-of-service in Network packet filtering framework (Netfilter).

A missing check when handling Point-to-Point Protocol over Ethernet
(PPPoE) headers in Network packet filtering framework (Netfilter) could lead
to use of uninitialized memory. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2024-27393: Denial-of-service in Xen network device frontend driver.

A logic error when using Xen network device frontend driver driver could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2024-35791: Denial-of-service in AMD SVM-SEV.

A locking error when using AMD SVM-SEV driver could lead to a use-after-
free. A local attacker could use this flaw to cause a denial-of-service.

* CVE-2024-35823: Denial-of-service in virtual terminal driver.

Optimisation of a function call in virtual terminal driver can lead to
data corruption due to copying between overlapping buffers. A local
attacker can exploit this flaw to cause a denial-of-service, corrupt
data, or aid in other types of attacks.

* CVE-2024-35884: Denial-of-service in Generic Segmentation Offload driver.

An incorrect handling logic of packets in Generic Segmentation Offload
code in the Linux kernel networking stack can result in an internal
assertion triggering. An attacker can use this flaw to cause
denial-of-service.

* CVE-2024-35896, CVE-2024-35962: Memory corruption in Netfilter.

A missing check on user input when operating on socket options in Netfilter
driver could lead to an out-of-bounds memory access. A local attacker
could use this flaw to cause memory corruption.

* CVE-2024-35910: Denial-of-service in IPv4 TCP networking stack.

A logical error in IPv4 TCP networking stack when handling timers upon
a kernel socket release can lead to a NULL pointer dereference. A local
attacker can exploit this flaw to cause a denial-of-service.

* CVE-2024-35973: Denial-of-service in Generic Network Virtualization Encapsulation.

A logic error when using Generic Network Virtualization Encapsulation
driver could lead to use of uninitialized memory. A local attacker could
use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.