[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-6686-1)
Oracle Ksplice
gregory.herrero at oracle.com
Thu Mar 21 04:48:37 UTC 2024
Synopsis: USN-6686-1 can now be patched using Ksplice
CVEs: CVE-2020-26555 CVE-2023-22995 CVE-2023-28464 CVE-2023-4134 CVE-2023-45898 CVE-2023-4623 CVE-2023-46343 CVE-2023-46862 CVE-2023-51779 CVE-2023-51782 CVE-2023-52483 CVE-2023-6121 CVE-2023-6531 CVE-2024-0340 CVE-2024-0607
Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6686-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Note: Oracle will not provide a zero-downtime update for CVE-2023-22995.
Oracle has determined that the vulnerability does not affect a running
system.
* CVE-2023-51779: Denial-of-service when receiving data over Bluetooth.
A locking issue when receiving data over Bluetooth could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.
* CVE-2023-51782: Denial-of-service in Amateur Radio X.25 PLP subsystem.
A locking error in Amateur Radio X.25 PLP (Rose) ioctl can lead to a
use-after-free. A local attacker can exploit this to cause a
denial-of-service or privilege escalation.
* CVE-2020-26555: Permission bypass from an unauthorized nearby Bluetooth device.
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification
1.0B through 5.2 may permit an unauthenticated nearby device to spoof
the BD_ADDR of the peer device to complete pairing without knowledge
of the PIN.
* CVE-2023-46343: Denial-of-service in NFC Controller Interface.
The NFC Controller Interface (NCI) implementation did not properly
handle certain memory allocation failure conditions, which could
lead to a null pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Improved update to CVE-2023-4623: Use-after-free in HFSC packet scheduler.
A missing check in Hierarchical Fair Service Curve packet scheduler could
lead to use-after-free. A local attacker could use this flaw to cause a
denial-of-service or escalate privilege.
* CVE-2023-46862: NULL pointer dereference in io_uring subsystem.
A missing check in the io_uring subsystem could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a denial-of-
service.
* CVE-2024-0607: Denial-of-service in the netfilter subsystem.
A logical error in the netfilter subsystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2023-6121: Out-of-bounds read in NVMe-oF/TCP subsystem.
NVMe Qualified Names (NQNs) used to identify the endpoints when setting
up connections are not NULL terminated, leading to out-of-bounds read.
An attacker can exploit this remotely by sending a malicious payload to
extract sensitive information from the kernel memory.
* CVE-2023-6531: Use-after-free in io_uring subsystem.
Garbage collection of io_uring files races with the operations of
Unix-domain sockets which use the files, leading to a use-after-free
error. A local attacker can exploit this to cause a denial-of-service
or privilege escalation.
* CVE-2024-0340: Information leak when using Vhost.
A missing zeroing of kernel memory when using Vhost could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.
* Note: Oracle has determined that CVE-2023-45898 is not applicable.
A use-after-free error was introduced in the ext4 filesystem after
an improvement was added which utilized pre-existing allocations.
A local attacker can exploit this to cause a denial-of-service or
privilege escalation.
The kernel is not affected by CVE-2023-45898 since the code introducing
the issue is not present.
* CVE-2023-28464: Use-after-free in Bluetooth subsystem.
A double free was found in the bluetooth subsystem when cleaning up a
connection, leading to a use-after-free error. A local attacker can
exploit this to cause denial-of-service or privilege escalation.
* Note: Oracle will not provide a zero-downtime update for CVE-2023-4134.
A race condition in the Cypress touchscreen driver can lead to a
use-after-free vulnerability during device removal. A physically
proximate attacker can use this to cause a denial-of-service or
potentially execute arbitrary code.
CVE-2023-4134 affects only the Cypress touchscreen driver and would
require physical access or privileges to remove the driver or unbind
devices in order to exploit the issue.
Oracle has determined that patching CVE-2023-4134 on a running system
would not be safe and therefore recommends rebooting affected hosts
into the newest kernel to mitigate the vulnerability.
* CVE-2023-52483: Use-after-free in MCTP implementation.
A locking issue in the Management Component Transport Protocol
implementation could lead to a use-after-free. A local attacker
could use this flaw to cause a denial-of-service or potentially
execute arbitrary code.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-22.04-updates
mailing list