[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-6766-1)

Oracle Ksplice gregory.herrero at oracle.com
Tue May 28 15:51:12 UTC 2024 

Synopsis: USN-6766-1 can now be patched using Ksplice
CVEs: CVE-2023-52435 CVE-2023-52486 CVE-2023-52491 CVE-2023-52493 CVE-2023-52494 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52601 CVE-2023-52602 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52615 CVE-2023-52616 CVE-2023-52622 CVE-2023-52623 CVE-2023-52633 CVE-2023-52642 CVE-2023-52669 CVE-2023-52672 CVE-2024-1151 CVE-2024-26592 CVE-2024-26593 CVE-2024-26594 CVE-2024-26600 CVE-2024-26602 CVE-2024-26610 CVE-2024-26614 CVE-2024-26615 CVE-2024-26625 CVE-2024-26635 CVE-2024-26636 CVE-2024-26640 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665 CVE-2024-26668 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26676 CVE-2024-26685 CVE-2024-26689 CVE-2024-26696 CVE-2024-26704 CVE-2024-26712 CVE-2024-26717 CVE-2024-26720 CVE-2024-26808 CVE-2024-26825 CVE-2024-26972 CVE-2024-35833 CVE-2024-35837

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6766-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-52435: Denial-of-service in net subsystem.

The core net subsystem is responsible for segmenting socket buffers for
various protocols. A missing bound check while doing that can lead to a
null-pointer dereference. A local attacker can exploit this flaw to
cause a denial-of-service.


* CVE-2023-52486: Denial-of-service in Direct Rendering Manager subsystem.

When replacing the scanned-out framebuffer with a new one, a deadlock
is possible leading to a use-after-free. A local attacker can exploit
this flaw to cause denial-of-service or aid in other types of attacks.


* CVE-2023-52493: Denial-of-service in the Modem Host Interface (MHI) protocol.

Incorrect synchronization logic in Modem Host Interface (MHI) protocol subsystem
when processing events from a client device can lead to a soft lockup. A user
with permissions on the client devices can use this flaw to cause
denial-of-service.


* CVE-2023-52494: Denial-of-service when using Modem Host Interface (MHI) bus.

A logic error when checking a user pointer when using Modem Host
Interface (MHI) bus could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service or cause
memory corruption.


* CVE-2023-52594: Information leak in Atheros HTC-based WiFi driver.

A missing bound-check in the transmit status operation after a config
request by an Atheros HTC-based WiFi card can lead to an out-of-bounds
read. A local attacker can exploit this flaw to extract sensitive
information from the kernel memory or cause denial-of-service.


* CVE-2023-52595: Denial-of-service in Ralink WiFi driver.

Hardware reset stops beacon transmission in hardware, but the Ralink
WiFi driver doesn't stop it in the mac80211 software stack, leading to
a deadlock resulting in non-transmission. A local attacker can exploit
this flaw to cause a denial-of-service.


* CVE-2023-52599, CVE-2023-52602, CVE-2023-52604, CVE-2023-52601: Out-of-bounds accesses in JFS filesystem.

Multiple logic errors when using JFS filesystem could lead to
out-of-bounds accesses. A local attacker could use this flaw to cause a
denial-of- service or facilitate an attack.


* CVE-2023-52615: Denial-of-service in Hardware Random Number Generator.

A read from /dev/hwrng into a memory mapped by another read can
lead to a deadlock. A local attacker can exploit this flaw to
cause a denial-of-service.


* CVE-2023-52616: Denial-of-service in multiprecision maths library.

A flaw in multiprecision maths library could lead to use of uninitialized memory. An 
attacker could use this to cause denial-of-service.


* CVE-2023-52622: Denial-of-service in ext4 filesystem.

Missing checks for block group size provided by a user to resize an
ext4 filesystem online can lead to an attempt to allocate an oversized
array, which would fail and thus the resize fails. A local attacker can
exploit this flaw to cause denial-of-service.


* CVE-2023-52623: Denial-of-service in SUNRPC networking stack.

A locking error when using SUNRPC subsystem could lead to a race
condition. A local attacker could use this flaw to cause a
denial-of-service or facilitate an attack.


* CVE-2023-52642: Permission bypass when attaching eBPF programs to lirc devices

A missing check when attaching eBPF programs to lirc devices could lead
to a permission bypass. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* CVE-2023-52672: Denial-of-service when using pipes.

A logic error when resizing pipes while reading it could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-1151: Denial-of-service in Open vSwitch.

Due to a lack of input validation in Open vSwitch, an attacker could cause 
denial-of-service.


* CVE-2024-26592: Remote code execution in SMB3 server subsystem.

A logic error when handling TCP connection inSMB3 server subsystem could
lead to a use- after-free. A remote attacker could use this flaw to
escalate privileges or facilitate an attack.


* CVE-2024-26593: Data corruption in Intel 82801 (ICH/PCH) I2C driver.

The i2c-i801 driver has a flawed implementation of the block-write
block-read process call transactions, leading to reading wrong data
and leaving residual data in the device FIFO buffer. An attacker can
exploit this flaw to cause data corruption, denial-of-service, or aid
in other types of attacks.


* CVE-2024-26594: Information leak in SMB3 server subsystem.

Invalid check on session token when using SMB3 server subsystem could
lead to an out-of-bounds access. A remote attacker could use this flaw
to leak information about running kernel and facilitate an attack.


* CVE-2024-26602: Denial-of-service using membarrier system call.

membarrier syscall can slowdown some systems entirely to saturation.
A local attacker can exploit this flaw to cause a denial-of-service.


* CVE-2024-26610: Memory corruption in Intel WiFi Link Next-Gen AGN driver.

A flaw in Intel Wireless WiFi Link Next-Gen AGN driver could lead to an
out-of-bounds memory write. An attacker could use this to cause memory
corruption.


* CVE-2024-26614: Denial-of-service during TCP handshake.

A locking error during TCP handshake could lead to a race condition. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26615: Denial-of-service when dumping information in SMC socket monitoring interface.

A missing check when dumping information in SMC socket monitoring
interface could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2024-26625: Privilege escalation when using ANSI/IEEE 802.2 LLC driver. 

A logic error when using ANSI/IEEE 802.2 LLC driver could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service or escalate privilege.


* CVE-2024-26635: Information leak when using ANSI/IEEE 802.2 LLC driver.

A logic error when using ANSI/IEEE 802.2 LLC driver could lead to usage
of an uninitialized data. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* CVE-2024-26636: Denial-of-service during bonding changes in ANSI/IEEE 802.2 LLC driver.

A logic error when doing bonding changes in ANSI/IEEE 802.2 LLC driver
could lead to a kernel assert. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-26640: Denial-of-service in TCP/IP networking.

A logic error in TCP/IP networking could lead to a kernel assert. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26663: Denial-of-service in TIPC networking stack.

Missing bearer type check while adding IP addresses in TIPC bearer can
lead to a null-pointer dereference. A local attacker can exploit this
flaw to cause denial-of-service.


* CVE-2024-26664: Out-of-bounds write in Intel CPU temperature sensor driver.

An out-of-bounds write can happen before an out-of-bounds check in the
Intel CPU temperature sensor driver. A local attacker can exploit this
flaw to cause privilege escalation or denial-of-service.


* CVE-2024-26665: Privilege escalation in TCP/IP networking.

A logic error in TCP/IP networking when building IPv6 PMTU error could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to escalate privilege.


* CVE-2024-26668: Denial-of-service when configuring Netfilter nf_tables limit.

A missing check on Netfilter nf_tables limit configuration could lead to
an integer overflow. A local attacker could use this flaw to cause a
denial-of-service or facilitate an attack.


* CVE-2024-26671: Denial-of-service in block subsystem.

Lack of a CPU barrier in block multiqueue core code can lead to
re-ordering of some calls which leads to IO hang due to a race.
A local attacker can exploit this flaw to cause denial-of-service.


* CVE-2024-26673: Missing validation in netfilter subsystem.

Custom expectations handling in the netfilter subsystem did not verify
or sanitize the given protocol. A local attacker can exploit this flaw
to facilitate an attack.


* CVE-2024-26675: Denial-of-service in PPP async serial channel driver.

Lack of maximum size check when setting Maximum Receive Unit using the
ppp_async ioctl can lead to an attempt to allocate an oversized sockets,
which would fail and thus the ioctl operation fails. A local attacker
can exploit this flaw to cause denial-of-service.


* CVE-2024-26676: Denial-of-service in Garbage Collector For AF_UNIX sockets.

A flaw in the Garbage Collector For AF_UNIX sockets could lead to a memory
leak. An attacker could use this to cause denial-of-service.


* CVE-2024-26685: Denial-of-service when using NILFS2 file system.

A logic error when writing data in NILFS2 file system could lead to a
kernel assert. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-26689: Privilege escalation in capabilities handling of Ceph distributed file system.

A reference count error in capabilities handling of Ceph distributed
file system could lead to a use-after-free. A local attacker could use
this flaw to escalate privileges.


* CVE-2024-26696: Denial-of-service when writing data in NILFS2 file system.

A missing wait after a write operation in NILFS2 file system could lead
to a deadlock. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-26704: Denial-of-service in ext4 filesystem.

When moving extents in ext4 filesystem, a failure to cope for an
unsuccessful loop exit when calculating the moved length can lead
to a double-free and divide-by-zero error. A local attacker can
exploit this flaw to cause denial-of-service or aid in other types
of attacks.


* CVE-2024-26720: Denial-of-service in kernel memory manager.

Incorrect cast of a divisor while setting dirty page writeback limits
can lead to a divide-by-zero error. A local privileged attacker can
exploit this flaw to cause denial-of-service.


* CVE-2024-26808: Stale reference in Netfilter nf_tables subsystem.

Incorrect cleanup in the Netfilter nftables subsystem during an
NETDEV_UNREGISTER event can leave a stale reference to netdevice. A
local user can use this to cause denial-of-service.


* CVE-2024-26825: Denial-of-service when using NCI protocol.

A missing free of resources when using NCI protocol could lead to memory
leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26972: Denial-of-service when encrypting UBIFS filesystem.

A missing free of resources in error path when encrypting UBIFS
filesystem could lead to a memory leak. A local attacker could use this
flaw to cause a denial-of-service.


* Note: Oracle has determined that CVE-2023-52597 is not applicable.

Racing of an IRQ and handling of floating point control register for a
KVM can lead to the corruption of said register on System/390 machines.
A local attacker can exploit this flaw to cause denial-of-service, data
corruption, or aid in other types of attacks.

The kernel is not affected by CVE-2023-52597 since the code under
consideration is not compiled (kernel is not built for System/390).


* Note: Oracle has determined that CVE-2023-52598 is not applicable.

Racing of an IRQ and handling of floating point control register on a
System/390 machine can lead to corruption of the register. A local
attacker can exploit this flaw to cause denial-of-service, data
corruption, or aid in other types of attacks.

The kernel is not affected by CVE-2023-52598 since the code under
consideration is not compiled (kernel is not built for System/390).


* Note: Oracle has determined that CVE-2023-52606 is not applicable.

Invalid maximum size assumption for emulation of vector instructions by
the PowerPC architecture core can lead to kernel stack corruption. A
local attacker can exploit this flaw to cause privilege escalation or
denial-of-service.

The kernel is not affected by CVE-2023-52606 since the code under
consideration is not compiled (kernel is not built for PowerPC).


* Note: Oracle has determined that CVE-2023-52607 is not applicable.

Failure to check memory allocation success can lead to a null-pointer
dereference in the PowerPC architecture's memory management code.

The kernel is not affected by CVE-2023-52607 since the code under
consideration is not compiled (kernel is not built for PowerPC).


* Note: Oracle has determined that CVE-2023-52491 is not applicable.

The kernel is not affected by CVE-2023-52491
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2023-52608 is not applicable.

The kernel is not affected by CVE-2023-52608
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2023-52633 is not applicable.

The kernel is not affected by CVE-2023-52633
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2023-52669 is not applicable.

The kernel is not affected by CVE-2023-52669
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26600 is not applicable.

The kernel is not affected by CVE-2024-26600
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26712 is not applicable.

The kernel is not affected by CVE-2024-26712
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26717 is not applicable.

The kernel is not affected by CVE-2024-26717
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35833 is not applicable.

The kernel is not affected by CVE-2024-35833
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35837 is not applicable.

The kernel is not affected by CVE-2024-35837
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-22.04-updates mailing list