From gregory.herrero at oracle.com Tue Jul 16 20:57:25 2024 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Tue, 16 Jul 2024 20:57:25 +0000 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-6820-1) Message-ID: <4b253544a77398a6823350aa610cde4e.apache@ksplice.com> Synopsis: USN-6820-1 can now be patched using Ksplice CVEs: CVE-2023-52434 CVE-2023-52620 CVE-2023-52640 CVE-2023-52641 CVE-2024-0841 CVE-2024-26733 CVE-2024-26750 CVE-2024-26777 CVE-2024-26778 CVE-2024-26782 CVE-2024-26791 CVE-2024-26798 CVE-2024-26804 CVE-2024-26805 CVE-2024-26809 CVE-2024-26816 CVE-2024-26848 CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857 CVE-2024-26863 CVE-2024-26870 CVE-2024-26875 CVE-2024-26882 CVE-2024-26889 CVE-2024-26895 CVE-2024-26901 CVE-2024-27403 CVE-2024-27414 CVE-2024-27417 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-6820-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2023-52434: Remote memory corruption in SMB client. A missing check when receiving SMB server contexts could lead to an out- of-bounds memory write. A remote attacker could use this flaw to cause memory corruption. * CVE-2023-52620: Privilege escalation in the netfilter subsystem. An incorrect parameter validation in netfilter subsystem can lead to a change of data structures internal to the kernel. A local attacker could use this flaw to escalate privileges. * CVE-2023-52640: Memory corruption in NTFS Read-Write file system support. A missing check when using NTFS version 3 extended attributes could lead to an out-of-bounds memory write. A malicious image could use this flaw to cause memory corruption. * CVE-2023-52641: Denial-of-service in NTFS Read-Write file system support. A missing check when using NTFS Read-Write file system support could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-0841: Denial-of-service when configuring a HugeTLB file system. A logic error when configuring a HugeTLB file system using fsconfig syscall could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26733: Memory corruption in TCP/IP networking. Missing bounds check when using TCP/IP networking driver could lead to an out-of-bounds memory write. A local attacker could use this flaw to cause memory corruption. * CVE-2024-26750: Denial-of-service in AF_UNIX networking support. A logic error when garbage-collecting AF_UNIX sockets could lead to an infinite loop. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26777: Denial-of-service in SiS/XGI display support. Incorrect checks on parameters passed from userspace when using SiS/XGI display support could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26778: Denial-of-service in S3 Savage support. Incorrect checks on parameters passed from userspace when using S3 Savage support could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26782: Privilege escalation when creating Multipath TCP socket. A logic error when creating Multipath TCP socket could lead to a use- after-free. A local attacker could use this flaw to escalate privileges or facilitate an attack. * CVE-2024-26791: Out-of-bounds read in btrfs device name handling. Improper validation of device names in the btrfs driver can lead to an out-of-bounds kernel read. A local attacker could use this flaw to leak information about running kernel and facilitate an attack. * CVE-2024-26798: Denial-of-service when setting font in frame buffer based console driver. A logic error when setting font in frame buffer based console driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26804: Denial-of-service in IPv4 networking stack. A logical error in IPv4 networking stack can lead to the continuous increase of headroom size in socket buffer, eventually leading to a use-after-free. A local attacker can exploit this flaw to cause a denial-of-service. * CVE-2024-26805: Information leak in Netlink driver during packet creation. An incorrect buffer length calculation when creating new packets in the Netlink driver causes uninitialized memory to be copied into a packet buffer. This flaw could be exploited to leak sensitive information from the running kernel. * CVE-2024-26809: Denial-of-service when destroying pipapo socket. A logic error when destroying pipapo socket could lead to use-after-free. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26816: Information leak in /sys/kernel/notes for x86 systems. An unprivileged attacker can read /sys/kernel/notes which contains relocations of Xen variables. As System.map file is also readable by an unprivileged attacker, KASLR can be bypassed since the attacker can find out the relative offsets and combine that with the Xen relocation address to find the address of any kernel symbol, which can facilitate an attack, like privilege escalation. * CVE-2024-26848: Denial-of-service in Andrew File System support (AFS). A logic error when deleting files on the Andrew File System (AFS) could lead to an infinite loop. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-26851: Denial-of-service in Network packet filtering framework. A missing check when using Network packet filtering framework (Netfilter) could lead to an out-of-bounds access. A local attacker could use this flaw to cause a denial-of-service or facilitate an attack. * CVE-2024-26852: Privilege escalation when using IPV6 multipath routes. A logic error when using IPV6 multipath routes could lead to a use-after-free. A local attacker could use this flaw to escalate privilege. * CVE-2024-26855: Denial-of-service in Intel Ethernet Connection E800 Series driver. A logic error in Intel Ethernet Connection E800 Series driver could lead to a NULL pointer dereference A local attacker can exploit this flaw to cause a denial-of-service. * CVE-2024-26857: Information leak in Generic Network Virtualization Encapsulation driver. During reception of packets in GENEVE driver, uninitialised memory can be accessed due to incorrect handling of headers of the socket buffer. An attacker (local or remote) can exploit this flaw to access sensitive information from the kernel memory or facilitate an attack. * CVE-2024-26863: Information leak in HSR networking stack. Missing check for the HSR tag after the Ethernet header in the High-availability Seamless Redundancy networking stack can lead to accessing uninitialised memory. An attacker (local or remote) can exploit this flaw to extract sensitive information from the kernel memory or facilitate an attack. * CVE-2024-26870: Denial-of-service when listing xattr in NFS client driver. A logic error when listing xattr in NFS client driver could lead to a kernel assert. A local attacker could use this flaw to cause a denial- of-service. * CVE-2024-26875: Use-after-free in Hauppauge WinTV-PVR USB2 driver. A race can happen in the Hauppauge WinTV-PVR USB2 driver between context disconnect and check in another thread, leading to a use-after-free. A local attacker can exploit this flaw to cause a denial-of-service, privilege escalation, or run arbitrary code. * CVE-2024-26882: Information leak in IP tunneling stack. During reception of packets in IP tunneling stack, uninitialised memory can be accessed due to incorrect handling of headers of the socket buffer. An attacker (local or remote) can exploit this flaw to access sensitive information from the kernel memory or facilitate an attack. * CVE-2024-26889: Out-of-bounds write in core Bluetooth subsystem. When using the HCIGETDEVINFO ioctl command, a buffer overflow is possible if the device name is bigger than expected. A remote attacker can exploit this flaw to cause a denial-of-service or privilege escalation. * CVE-2024-26895: Memory corruption in Microchip devices. A logic error when using Microchip devices driver could lead to a use- after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-26901: Information leak in file handle syscalls. Incorrect initialisation in file handle code in core fs subsystem can lead to an information leak. A local attacker can exploit this flaw to extract sensitive information from the kernel memory or aid in other types of attacks. * CVE-2024-27403: Memory corruption in Network packet filtering framework (Netfilter). Incorrect reference counting when using Network packet filtering framework (Netfilter) driver could lead to a use-after-free. A local attacker could use this flaw to cause memory corruption. * CVE-2024-27414: Out-of-bounds write in core net subsystem. A logical error when handling rtnetlink RTM_SETLINK messages (which is about modifying link configuration by a user) in the core net subsystem can lead to an out-of-bounds write. A local attacker with necessary privileges can exploit this flaw to cause denial-of-service or privilege escalation. * CVE-2024-27417: Resource exhaustion in IPv6 networking stack. A logical error in the IPv6 networking stack when handling malformed arguments given by the userspace for RTM_GETADDR messages can lead to a resource leak. A local attacker can exploit this flaw to cause resource exhaustion and thus denial-of-service. * Denial-of-service in Atheros 802.11ac wireless cards support. A missing check when using Atheros 802.11ac wireless cards support could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From gregory.herrero at oracle.com Fri Jul 19 16:53:05 2024 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Fri, 19 Jul 2024 16:53:05 +0000 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-6869-1) Message-ID: <3ced7766756c73a8f6b18713ad220fca.apache@ksplice.com> Synopsis: USN-6869-1 can now be patched using Ksplice CVEs: CVE-2024-26643 CVE-2024-26924 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-6869-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-26643: Privilege escalation in netfilter subsystem. A logical error in the netfilter subsystem can cause a race between the netfilter garbage collector and freeing of anonymous sets with timeouts, leading to a use-after-free. A local attacker can exploit this flaw to escalate privileges or facilitate an attack. * CVE-2024-26924: Denial-of-service in Netfilter PIPAPO. A logic error when using Network packet filtering framework (Netfilter) Pile Packet Policies could lead to a kernel crash. A local attacker could use this flaw to cause a denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.