[Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-7007-1)

Oracle Ksplice gregory.herrero at oracle.com
Wed Sep 25 12:06:40 UTC 2024


Synopsis: USN-7007-1 can now be patched using Ksplice
CVEs: CVE-2024-36286 CVE-2024-36489 CVE-2024-36971 CVE-2024-36972 CVE-2024-36978 CVE-2024-37078 CVE-2024-38552 CVE-2024-38558 CVE-2024-38578 CVE-2024-38580 CVE-2024-38586 CVE-2024-38599 CVE-2024-38618 CVE-2024-38659 CVE-2024-39276 CVE-2024-39469 CVE-2024-39487 CVE-2024-39489 CVE-2024-39490 CVE-2024-39493 CVE-2024-39499 CVE-2024-39503 CVE-2024-40901 CVE-2024-40904 CVE-2024-40905 CVE-2024-40911 CVE-2024-40912 CVE-2024-40929 CVE-2024-40937 CVE-2024-40941 CVE-2024-40942 CVE-2024-40954 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40971 CVE-2024-40981 CVE-2024-40983 CVE-2024-40995 CVE-2024-41007 CVE-2024-41034 CVE-2024-41035 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41089 CVE-2024-41093 CVE-2024-41095 CVE-2024-42070 CVE-2024-42077 CVE-2024-42101 CVE-2024-42102 CVE-2024-42106 CVE-2024-42119 CVE-2024-42145 CVE-2024-42152 CVE-2024-42154 CVE-2024-42224 CVE-2024-42225 CVE-2024-42232

Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-7007-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.04
Jammy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-36286: Denial-of-service in netfilter subsystem.

Missing read lock in the netfilter subsystem when unbinding a program
from a specific queue could lead to flushing in an incorrect way. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-36489: Denial-of-service in Transport Layer Security support.

A race condition when initializing Upper Layer Protocols (ULPs) over TCP
sockets for Transport Layer Security support could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-36971: Remote code execution in TCP/IP networking stack.

A logic error when using TCP/IP networking stack could lead to a use-
after-free. A remote attacker could use this flaw to execute arbitrary
code in kernel mode.


* CVE-2024-36972: Denial-of-service in the Unix socket subsystem.

A locking error when using the Unix socket subsystem could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-36978: Privilege escalation in MULTIQ driver.

A logic error when using the MULTIQ driver could lead to an
out-of-bounds memory write. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-37078: Denial-of-service in NILFS2 file system driver.

A race condition when using the NILFS2 file system driver could lead to
a kernel oops. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-38552: Memory corruption in AMD display core driver.

A missing check when using AMD display core driver could lead to a
buffer overflow. A local attacker could use this flaw to cause memory
corruption.


* CVE-2024-38558: Denial-of-service in Open vSwitch driver.

A logic error when using Open vSwitch driver could lead to destination
address being partially zeroed out. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-38578: Information leak in Linux filesystem encryption layer.

A logic error when using Linux filesystem encryption layer could lead to
an out-of-bounds memory write. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-38580: Denial-of-service in epoll.

A race condition when using epoll could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-38586: Memory corruption in Realtek 8169/8168/8101/8125 ethernet driver.

A logic error when using Realtek 8169/8168/8101/8125 ethernet driver
could possibly lead to ring buffer corruption and NULL pointer
dereference. A local attacker could use this flaw to cause
denial-of-service.


* CVE-2024-38599: Disk corruption in JFFS2 filesystem.

A missing check when using JFFS2 filesystem could lead to an out-of-
bounds memory write. A local attacker could use this flaw to cause disk
corruption.


* CVE-2024-38618: Denial-of-service in the core sound subsystem (ALSA).

A missing check in the timer code of the core sound subsystem (ALSA)
could lead to tasks being stalled. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-38659: Information leak in Cisco VIC Ethernet driver.

A missing check when using Cisco VIC Ethernet driver could lead to an
out-of-bounds memory read. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-39276: Resource leak in ext4 filesystem.

Incorrect reference counting when using ext4 filesystem could lead to a
reference count leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39469: Data corruption in NILFS2 file system driver.

A logic error when using the NILFS2 file system driver could lead to
file system corruption. A local attacker could use this flaw to cause data
corruption.


* CVE-2024-39487: Information leak in bonding driver.

A missing check when using bonding driver could lead to an out-of-bounds
memory read. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-39489: Denial-of-service in IPv6: Segment Routing HMAC support.

A missing check when using IPv6: Segment Routing HMAC support could lead
to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39490: Denial-of-service in IPv6 Segment Routing.

A logic error when adding the Segment Routing Header to an IPv6 packet could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39493: Denial-of-service in Cryptographic API using Intel QAT.

A logic error in the Cryptographic API using Intel QuickAssist Technology could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39499: Information leak in VMware VMCI Driver.

A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-39503: Privilege escalation in netfilter (IP set) subsystem.

A race condition when using netfilter (IP set) subsystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-40901: Memory corruption in LSI Fusion-MPT SAS driver.

A logic error when using the LSI Fusion-MPT SAS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.


* CVE-2024-40904: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to soft
lockup due to excessive logging. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-40905: Denial-of-service in IPv6 networking stack.

A race condition when using IPv6 networking stack could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40911: Denial-of-service in Wireless driver.

A locking error when using the Wireless driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40912: Denial-of-service in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40929: Memory corruption in Intel Wireless WiFi MVM Firmware driver.

A missing check when using the Intel Wireless WiFi MVM Firmware driver
could lead to an out-of-bounds memory read. A local attacker could use
this flaw to cause memory corruption.


* CVE-2024-40937: Denial-of-service in Google Virtual NIC driver.

A missing check when using the Google Virtual NIC driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-40941: Memory corruption in Intel Wireless WiFi MVM Firmware driver.

A logic error when using the Intel Wireless WiFi MVM Firmware driver
could lead to an out-of-bounds memory read. A local attacker could use
this flaw to cause memory corruption.


* CVE-2024-40942: Resource leak in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a memory
leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-40954: Memory corruption in core net subsystem.

A missing check for a socket creation failure in the networking driver
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption or as a step in other kinds of attack.


* CVE-2024-40957: Denial-of-service in IPv6 Segment Routing Header encapsulation.

A logic error when using the IPv6 Segment Routing Header encapsulation
driver could lead to a NULL pointer dereference. An attacker could use
this flaw to cause a denial-of-service.


* CVE-2024-40958: Denial-of-service in core net subsystem.

A logic error when using the core net subsystem could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40959: Denial-of-service in IPv6 networking stack.

A missing check when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-40960, CVE-2024-40961: Denial-of-service in IPv6 networking stack.

A missing check when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-40971: Data corruption in F2FS filesystem driver.

A logic error when using the F2FS filesystem  driver could lead to
invalid mount options. A local attacker could use this flaw to cause
data corruption.


* CVE-2024-40981: Denial-of-service in BATMAN protocol stack.

A missing check when using the BATMAN protocol stack could lead to a
soft lockup. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40983: Denial-of-service in The TIPC Protocol driver.

Incorrect reference counting when using the The TIPC Protocol driver
could lead to a kernel crash. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-40995: Denial-of-service in networking traffic control actions stack.

A logic error when using the networking traffic control actions stack
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-41007: Remote denial-of-service in TCP/IP networking stack.

When using a TCP socket with TCP_USER_TIMEOUT, the peer can set its
window size as zero, causing the vulnerable kernel to superfluously
retransmit a packet for some minutes, leading to bandwidth hogging.
A remote attacker could use this flaw to cause a denial-of-service.


* CVE-2024-41034: Denial-of-service in NILFS2 file system driver.

A logic error when using the NILFS2 file system driver could lead to a
kernel assertion failure. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-41035: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-41040: Memory corruption in tc connection tracking action subsystem.

A logic error when using the tc connection tracking action subsystem
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption.


* CVE-2024-41041: Denial-of-service in TCP/IP networking stack.

A race condition when using the TCP/IP networking stack could lead to a
kernel oops. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-41044: Information leak in PPP (point-to-point protocol) networking stack.

A missing check when using the PPP networking stack could lead to use of
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-41089, CVE-2024-41095, CVE-2024-42101: Denial-of-service in nouveau driver.

A missing check when using the nouveau driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-41093: Denial-of-service in AMD GPU driver.

A missing check when using the AMD GPU driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-42070: Privilege escalation in netfilter subsystem.

A logic error when using the netfilter subsystem could lead to a memory
leak. A local attacker could use this flaw to escalate privileges.


* CVE-2024-42077: Denial-of-service in OCFS2 file system driver.

A logic error when using the OCFS2 file system  driver could lead to a
kernel panic. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-42102: Memory corruption in kernel memory manager.

Incorrect cast of a divisor when setting dirty page writeback limits in the
memory management subsystem could lead to divide-by-zero. A local attacker
could use this flaw to cause denial-of-service.


* CVE-2024-42106: Information leak in socket monitoring interface.

A missing variable initialization when using socket monitoring interface
could lead to use of uninitialized memory. A local attacker could use
this flaw to extract sensitive information.


* CVE-2024-42119: Information leak in AMD display core driver.

A missing check when using AMD display core driver could lead to an out-
of-bounds memory access. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-42145: Remote denial-of-service in InfiniBand driver.

A logic error when using InfiniBand driver could lead to resource 
exhaustion (uncontrolled resource consumption) when userspace does
not extract MAD packets at the same rate as the attacker is sending.
A remote attacker could use this flaw to cause a denial-of-service.


* CVE-2024-42152: Memory leak in nvmet subsystem.

A race condition when using the nvmet subsystem could lead to a memory
leak.


* CVE-2024-42154: Information leak in TCP/IP networking stack.

A missing check when using the TCP/IP networking stack could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-42224: Denial-of-service in Marvell 88E6xxx Ethernet Switch driver.

A logic error when using Marvell 88E6xxx Ethernet Switch driver could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-42225: Information leak in MediaTek MT7915E driver.

A missing variable initialization when using the MediaTek MT7915E driver
could lead to use of uninitialized memory. A local attacker could use
this flaw to extract sensitive information.


* CVE-2024-42232: Memory corruption in Ceph core library.

A logic error when using the Ceph core library could lead to a
use-after-free. A local attacker could use this flaw to cause memory
corruption.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-39488, CVE-2024-41004, CVE-2024-42148

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the Ksplice-Ubuntu-22.04-updates mailing list